To update or not?



  • I have read all the posts on updating and the sticky at the top so doing the update is not really an issue. I am just questioning if I need to.

    My pfsense firewall has been 100% rock solid stable with no issues since deployment. it has not even been rebooted since I moved to to a new rack 295 days ago.

    I am running 1.2 release on a supermicro 1U box with dual G4 xeons, 3G of ram, and dual scsi drives. I have no packages installed and I am in transparent firewall mode. I average around 12M with heavy bursts running 25-48M and I am running the onboard (realtek?) nics with no issues.

    Should I take the chance or is it not really worth it for me?

    Opinions would be appreciated.

    Thanks

    Bob



  • In my limited experience with pfSense, but a lot of experience in other hardware related deployments, I would say no.  If you aren't using any packages, and using this box strictly to limit inbound connections (?), and the box seems to be very reliable and functional, then why change it?



  • There are a number of security fixes since 1.2 mostly in the underlying components. None that leave any huge holes that pose serious issues. There are a number of bug fixes as well, but they're edge cases that aren't applicable to most users. I would definitely upgrade, upgrades are pretty low risk. Most upgrade issues come from hardware-specific regressions from one FreeBSD version to another, though those are rare.



  • @kycnotes:

    In my limited experience with pfSense, but a lot of experience in other hardware related deployments, I would say no.  If you aren't using any packages, and using this box strictly to limit inbound connections (?), and the box seems to be very reliable and functional, then why change it?

    Thats exactly what I was thinking but I wans't sure. I prefer to leave things alone as anything I break requires a 2 hour trip to the co-lo.

    Thanks

    Bob



  • @cmb:

    There are a number of security fixes since 1.2 mostly in the underlying components. None that leave any huge holes that pose serious issues. There are a number of bug fixes as well, but they're edge cases that aren't applicable to most users. I would definitely upgrade, upgrades are pretty low risk. Most upgrade issues come from hardware-specific regressions from one FreeBSD version to another, though those are rare.

    I think I will hold off until the next scheduled co-lo trip. That will allow me to take the firewall out of circuit and mitigate any issues.

    Thanks

    Bob



  • @bob76535:

    I have read all the posts on updating and the sticky at the top so doing the update is not really an issue. I am just questioning if I need to.

    My pfsense firewall has been 100% rock solid stable with no issues since deployment. it has not even been rebooted since I moved to to a new rack 295 days ago.

    I am running 1.2 release on a supermicro 1U box with dual G4 xeons, 3G of ram, and dual scsi drives. I have no packages installed and I am in transparent firewall mode. I average around 12M with heavy bursts running 25-48M and I am running the onboard (realtek?) nics with no issues.

    Should I take the chance or is it not really worth it for me?

    Opinions would be appreciated.

    Thanks

    Bob

    This is a common dilemma, the unexpected usually happens during reboot especially if the machine has been up for a long time, most problems though are caused by hardware related problems and not by software updates. I've updated all 7 pfSense boxes that I manage and so far I did not encounter any problems.

    HTH



  • @madapaka:

    This is a common dilemma, the unexpected usually happens during reboot especially if the machine has been up for a long time, most problems though are caused by hardware related problems and not by software updates. I've updated all 7 pfSense boxes that I manage and so far I did not encounter any problems.

    Yeah, and other things you only hit when rebooting a box that hasn't been rebooted in months or years. The only problems I've seen with 1.2.3 upgrades thus far is boxes that didn't boot back up because of a missing keyboard, sitting at a "F1 to continue" BIOS prompt, and another where a different hardware problem and resulting BIOS prompt kept the box from booting back up. In both scenarios, obviously a reboot would have had the same effect as the upgrade.


Log in to reply