Upgrading



  • Just as a suggestion I don't know if anyone has metioned it before but it would be handy. On some firewalls they give you the option to take snapshots so that when you upgrade for instance if you don't login in a set time span it reverts to the last snapshot.

    Don't know what other people think but thought it might be worth a mention.



  • what do you mean with:

    On some firewalls they give you the option to take snapshots so that when you upgrade for instance if you don't login in a set time span it reverts to the last snapshot.

    do you want to backup your config?
    diagnostic –> Backup/Restore



  • Not really clear on what you mean, can you try to explain better what you want and why?



  • I think he means some way of having the box revert to previous firmware if the new version ended up breaking something. Say if you upgraded from 1.0.1 to a 1.2 beta and it broke something in your config. I haven't seen any firewalls that auto revert tho…



  • Sorry I should of made myself more clear. dotash got what I ment. Checkpoint NGX firewall has a function when you upgrade the firmware via the webby it has a function that you can type in a time scale and it you don't login in that time period it will automaticaly roll back to the previous setup.

    Just though that this would be a handy function for people were they may make big changes to firewall rules or firmware upgrades. I in the past have accidently put firewall rules that block me out of the box. Just thought it maybe worth a mention if other people may think it is a good idear.



  • there is the the webGUI anti-lockout rule (default on)
    System –> advanced

    Disable webGUI anti-lockout rule
    By default, access to the webGUI on the LAN interface is always permitted, regardless of the user-defined filter rule set. Enable this feature to control webGUI access (make sure to have a filter rule in place that allows you in, or you will lock yourself out!).
    Hint: the "set LAN IP address" option in the console menu resets this setting as well.

    I dont know, but if an update goes wrong you alway can just set up a new system with a new iso and then restore a back-up'ed config.



  • @Jonb:

    Sorry I should of made myself more clear. dotash got what I ment. Checkpoint NGX firewall has a function when you upgrade the firmware via the webby it has a function that you can type in a time scale and it you don't login in that time period it will automaticaly roll back to the previous setup.

    Just though that this would be a handy function for people were they may make big changes to firewall rules or firmware upgrades. I in the past have accidently put firewall rules that block me out of the box. Just thought it maybe worth a mention if other people may think it is a good idear.

    It would be a great feature when dealing with off-site pfSense installations.



  • I don't have keyboard. mouse nore monitor pluged in so reinstalling from a new iso is not easy. not olny that wail you are reinstalling that is all down time. A snapshot would revert far more quickly.



  • @Jonb:

    I don't have keyboard. mouse nore monitor pluged in so reinstalling from a new iso is not easy. not olny that wail you are reinstalling that is all down time. A snapshot would revert far more quickly.

    Save your config to a floppy or usb thumbdrive to /conf/config.xml. Insert the livecd in your pfSense machine and attach the usb thumbdrive or insert the floppy. Reboot your machine and it will come up with your old config right after booting the live cd. Now ssh in and install pfsense to the hdd using the shelloption. This way you will only have downtime for 2 reboots  ;)



  • true you could do that. well as mentioned before for doing remote update it would be handy



  • @hoba:

    Save your config to a floppy or usb thumbdrive to /conf/config.xml. Insert the livecd in your pfSense machine and attach the usb thumbdrive or insert the floppy. Reboot your machine and it will come up with your old config right after booting the live cd. Now ssh in and install pfsense to the hdd using the shelloption. This way you will only have downtime for 2 reboots  ;)

    But will you then need to re-install your packages?

    What Jonb is looking for would allow allow you to roll back from just about any major fat finger problem.  Certainly the snapshot functionality in FreeBSD would allow for this, and I've used this myself on full FreeBSD hosts to provide file recovery.



  • Yep very true I have that problem a lot. Would be useful to switch on for auto roll back on big firewall changes etc. But this was more of a suggestion rather than I really wanted it. Just wondered how meny people thought it would be useful.


Log in to reply