Upgrade a cluster of fw

  • Hi !

    I have 2 cluster of 2 firewall pfSense 1.2.2 using CARP …

    I'm considering the upgrade of these firewall.
    The howto is perfect for a single firewall but doesn't describe the procedure for a CARP cluster.

    Which method is better (or only successfull) :

    • upgrade the master firewall then the slave firewall,
    • upgrade the slave firewall then the master firewall,
    • save the config, break the carp, upgrade the slave (without network), restore the config, plug the slave on network, upgrade the "master" and redefine carp.

    Do you have experiences on this ?

  • I always upgrade the slave first. Then after checking that everything looks good, I upgrade the master.

  • Thanks for this quick reply.

    Indeed, this seems the usual way IMHO, the usual first idea.

    The first step is obvious : upgrade the slave.
    But after the slave reboot and after synchronize from master, we need to test if slave could run alone (during the upgrade of the master).
    I suppose I can unplug the master and look if the slave become master ?
    It's easy to come back at this time if the slave doesn't run well (reinstall the previous 1.2.2 and resynchronise)

    So you consider :

    • backup config,
    • upgrade slave,
    • test unplug master (regression : reinstall 1.2.2 + resynchro from master),
    • when Ok, upgrade master, during slave act as "master",
    • after master reboot, test unplug slave (regression : reinstall 1.2.2 + restore config),
    • plug slave,
    • try unplug any and look,
    • then site B the same !

    Ok, I will try this plan on next saturday morning available (with nobody working !)

    • if Ok

  • You can just disable CARP on the master to force it to fail over. Or shut down the master. Normally I do what dotdash recommended.

Log in to reply