Restoring config from earlier version of pfSense to new version



  • A quick query for anyone who has had the experience of upgrading their firewall without doing an in-place update. My personal preference would be to perform a fresh installation of the latest pfSense version and then restore from backup. I know from the available documentation that configs taken from newer releases can't be applied to firewalls running older releases, but is the reverse technically true? I've run some tests myself and can't see anything obvious that looks wrong from having applied, for instance, a config taken from a 2.1.5 release to a 2.2.4 release, but just wondered if there were any gotchas or issues which I should look out for. Anyone had any experience of this?



  • Yes, you can go ahead.

    This works:
    Export config.xml frol old pfsense version
    Reinstall on same hardware the new version 'from scratch' using CD or memstick or whatever.
    Assign interfaces …. and LAN+DHCP
    Login to GUI from LAN, and import config.xml.
    Normally, your done.

    If not: know that these config.xml are rather small and very readable (when opened in a text editor) - you can see and check if everything is setup all right.

    Always take extra care when including RRD info (and passing from 32 to 64 bits).

    Read relase notes.

    ... and you'll be fine.



  • Thanks for the confirmation. I pretty much thought that was the case but just wondered if there was anything I should be looking out for. I doubt I'll need to include the RRD data, so I guess it's all good. Cheers!



  • @Gertjan:

    Yes, you can go ahead.

    This works:
    Export config.xml frol old pfsense version
    Reinstall on same hardware the new version 'from scratch' using CD or memstick or whatever.
    Assign interfaces …. and LAN+DHCP
    Login to GUI from LAN, and import config.xml.
    Normally, your done.

    If not: know that these config.xml are rather small and very readable (when opened in a text editor) - you can see and check if everything is setup all right.

    Always take extra care when including RRD info (and passing from 32 to 64 bits).

    Read relase notes.

    ... and you'll be fine.

    Having now setup 2.2.4 on a spare firewall I have , identical to the service unit on 2.0.1 in hardware ( both Atom N270 boards) but the test setup still has the default 1 WAN , 1 LAN on two onboard Realtek NIC's whereas the 2.0.1 system has an additional Intel PCI NIC carrying all the OPT interfaces on VLAN. You are saying I have to re-configure the 2.2.4 chassis to be identical before restoring Configuration from 2.0.1 which will put back Firewall rules/DHCP configs etc ?



  • Rather than re-configure the chassis -as in, installing the previous unit's hardware - the suggestion was to edit the config file directly so that LAN, WAN and DMZ (if any) assignments would be correctly mapped to the corresponding network cards on the new unit.


Log in to reply