Remote upgrade pfSense



  • Hi ! I'm student for a french company and for my project I have to apply remote updates/upgrades on a pfSense system.

    I know that on Debian there is "cron-apt" system but : is there the same system on pfSense ? And if there isn't, how can I do ?

    thanks



  • Automatic upgrades? That is not a very good idea for a firewall.



  • I heard that before but I never ask : why ?



  • The reason is that if you perform a automatic updates and an update was accidentally released that breaks your config, you are remote so cannot access the firewall to correct the problem. If your update happens in the middle of the night, during a weekend, or any time where travel to the site is difficult, then you are looking at internet outage at that location for an extended time.

    Remote updates are iffy anyway for a similar reason, but with remote manual update, you can at least test the updates prior to installing then to increase your chances of success and keep you from having to go onsite saving time and money.



  • @podilarius:

    you can at least test the updates prior to installing then to increase your chances of success

    I will. Every update, I will test on a local machine, and if it works I would like to send a similar update on all the pfSense machine. That's why I'm searching a remote update system.



  • What is wrong with logging into the Web GUI and clicking the update button or via SSH and using the "Update from URL" option?



  • It's not impossible for me, but the company doesn't want to do that 50 times every update when I quit.

    I have to build a custom pfSense 2.0 which can be remotly update : 50 machines located all around France, used by non-informatic guys. That why the company wants me to search remote solution even if I'm not agree with that.

    Thanks a lot.



  • @plop777:

    used by non-informatic guys.

    ;D that is just the way how to get in troubles. allow non-informatic guys to mess with firewall.

    If i remember right core-team is building up a software what you can use to manage multiple firewalls. maybe they can add this update/upgrade option to it. but that wasn't coming to us free users.



  • @plop777:

    I have to build a custom pfSense 2.0 which can be remotely update : 50 machines located all around France, used by non-informatic guys. That why the company wants me to search remote solution even if I'm not agree with that.

    Thanks a lot.

    I would fire anyone who made this kind of decision at my company!   Upgrades may in fact cripple you and need to be tested before integration onto your infrastructure. If you truly have 50 machines around the country then you can afford an employee who's job it is to test and integrate upgrades. Upgrades do not have to happen every week. This is a once in a while project.

    but the company doesn't want to do that 50 times every update when I quit.

    Then they need to make you staying around worth it to you!



  • @Metu69salemi:

    ;D that is just the way how to get in troubles. allow non-informatic guys to mess with firewall.

    If i remember right core-team is building up a software what you can use to manage multiple firewalls. maybe they can add this update/upgrade option to it. but that wasn't coming to us free users.

    +1 for the mess.

    The core-team software can be really helpfull in my project. To bad it wasn't coming for free users.



  • make this company buy support time enough, so they are valid for this software.

    Better idea is having internal network guy, if the company has some 50 satellite places.

    EDIT: typo



  • Updates don't happen with pfSense but every so often any way. Usually on the order of a year plus between updates. Officially released updates anyway. You can pull from GIT, but I would only do that if it fixes a certain problem you are actively having.


Log in to reply