 Tom here from Lauren systems and we're gonna talk about some do's and don'ts for PF sense upgrades to have your upgrade process go smoothly You don't learn more about me or my company head over to Lauren systems.com If you want to hire short projectors a hires button up at the top if you're looking for deals and discounts and other ways to Support the channel. There's some affiliate links down below for products and services that we talk about He have cents 2.45 is what I want to talk about today though. There is the release. I covered this yesterday and then In Evidently, this is what happens People's want to issue caution notices because of their bad experience with it But I think a lot of these people have not taken the time and I'm hoping to save many of you some of the headache of following some pretty basic Update process steps. They have an upgrade guy now I think because PF sense doesn't have like constantly new releases coming out all the time Where you're constantly updating your firewall that people forget that this exists So hopefully this is a reminder and it's not too hard to update PF sense But if you don't follow the procedures, you're gonna have a bad time First I will cover my update experience with one of my home ones which took a longer than expected And I bring this up because the neck eight SG 11 hundreds a newer product And this is a pretty you know reasonable upgrade that they had here And it did take 18 minutes to load the update and everything now I thought this was kind of a long time But it is an arm processor and extracting all the files needed on an arm processor gonna take a little while And to show that I practice what I preach. This is Zabix monitoring my home system right here You see the little pre-upgrade reboot and before we actually did the update And there's the update 18 minutes and then we have some telemetry data missing here for the Zabix plug-in Where the Zabix plug-in was updated and this is what it looks like right now up to the minute as of right now it is 630 PM Eastern Standard Time. So that's 1830 right here. And this is where the update That's the gap because somebody asked about memory usage and I'm not really seeing a big change in memory usage matter of fact It seems to be used a little bit less these ups and downs are probably low down the system and Things like that but overall after running it for from 1130 till 1830 here You can see very minor amounts of memory upgrade uses and multiple just me VPNing back to my house to watch something anyways Back to the video here What happens is when there's an update was run through the process here pre-upgrade test make a backup already made a backup That's with this little file is down here already downloaded So we got that part done prepare a backup plan prior to Updating your firewall on the off chance because well, it's your firewall It doesn't go well already have the download ready have the ISO ready have it ready to be reloaded ahead of time That's something we usually do that way if it does break because well my firewall breaks I don't have internet and I like to get it ahead of time So I have that already have it on a thumb driver However, you're gonna reload a thumb drive probably the most practical way But you know that way you have this at the ready when you do it And it works really well Reinstalling a previous release now This is something of note if you have problems your backup file the XML file I downloaded you can't go backwards So if you have the backup file from a newer version and you load back an older version But you had already updated and downloaded the back off the newer version you can't revert So something to think about now we run it all on hardware, but if you are running it on a virtual machine Obviously this becomes a no-brainer. We are running my lab though inside of here So I have these two snapshots and what these snapshots are is ones before and after the upgrade that way I don't have to wait for the upgrade to go again, but it upgraded perfectly fine in our lab Snapshots in a VM obviously one of the easiest ways to do this if you are running it that way Definitely some advantage you have just click the snapshot and revert to snapshot the pre-upgrade reboot This is a really important step. They say it's optional I don't think it is for our processes and one of the reasons why is these firewalls have long uptimes between upgrades You don't know if the drive may have a problem and what happens is if you don't do a pre-reboot upgrade and the drive was failing but because PF sense had all the Necessary components already in memory. It was still routing traffic when you do reboot Maybe it was for an upgrade you find out the hard drive Inside it was failing and now you've now conflated two separate problems You're thinking the upgrade was the problem, but it wasn't you already had a failed hard drive It was like you're dead and you didn't know it and this is one of those easy ways you can test just reboot the fire Offal comes back up running great now You know that your hardware is good now You can load the upgrade because like I said if a hard drive fails and it pulls all that data into memory and it's not doing many rights so anything you may have some logging errors and The system will just keep on running because it just can't right to the hard drive anymore So keep that in mind that real pre-boot upgrade they say optional I say not optional, but yeah, that's my opinion. They have this is their opinion. These are people to write the software Performing the update and packages This is the one where people are having this little update caution problem It says it pretty clearly do not update packages before upgrading PF sense just read that first line and stop and I bring this up because you notice that these packages need updating But so does the operating system if the operating system needs update Don't update the packages because you can end up with conflicts They expect you the folks over at PF sense and that gate to be running the latest version before you do the package updates so When there's a new version out when you're ready to load the new version only then load the package updates So that's an important step because you can end up with some version conflicts and end up some other problems And that's what this entire discussion and this forum was and I believe this happens almost every update when People start updating packages prior thinking hey want to get this package update stuff out of the way before I load the whole thing You're doing it in reverse per the instructions from net gate. So pretty important step right there The last thing I will mention just have note because I've done some HA videos They do have instructions for the HA down here at the bottom So additional notes upgrading high availability deployments generally the recommended path for upgrading high ability cluster is to first upgrade the Secondary node and after it comes back up put the primary node into persistent carp maintenance mode under status carpet and run it So they have a process for that. I know it's more of an edge case But they do have procedures for that as well But that important piece of it is the backup the reboot and now we're going to go ahead and update it now for Brevity and to make this shorter. I'm just going to revert to the other snapshot So I don't have to wait the it took like I don't know 12 minutes update But now I don't have the pause video for 12 minutes. We'll just go ahead and revert snapshot here You know, I don't think I need I'll halt it. I'd still do a proper shutdown I guess I don't really need to but we'll halt this and go over here and I'll just revert to the snapshot real quick So I'll go ahead and revert the VM to this one fire it back up and log back in it'll be all up to date All right So now I'm running the latest and greatest version if I already medically updated the packages I will admit my home system did not and all they had to do is update the packages in post I kind of mentioned that when I was talking about the second gap for the plugin update I don't know why it didn't update the plugin But I updated it in post and it worked perfectly fine. So it wasn't really a big deal Something else I'll mention. This is some further troubleshooting sometimes services. Don't start those are issues You can deal with so this one right here didn't so we'll go here to the traffic totals Update graphs display advanced. It's just kind of stuck. I notice if you click enable It thinks for a minute and then fixes it so minor problem I ran into when setting this up, this is the Traffic totals one so it's thinking thinking thinking and then it starts working again. It did this before there we go So that did happen from the update So there are some things like that now finally one of the other ways you can deal with this when there's a few things That get goofed up and maybe the upgrade didn't go right and I've run into this problem one You can just reload the firewall. I have the version. I have the backup file I have the one beforehand and now I can even make another one afterwards and we'll go ahead and do that So this is the backup that's going to be after the upgrade So let me open the folder and rename it So this is the before upgrade and this is the newest version. So if we look in this config file It's gonna be the latest version. Let's call it latest Config and I'll get rid of all the extras because I just don't need it It's a file of nice and simple. So there's the latest config now from here It's actually pretty easy with PF sense one. I can just master reset the firewall I can download download or whatever, but what I want to do is we're gonna go ahead and just choose the file But it downloads latest config Restore are you sure you want to restore now what this will do is just go through and PF sense will reboot and Reapply all the settings again. I've had like quirkiness over the years and this sometimes just fixes it It's rare that I have this problem But if you do it's not a big deal You could also just reset this to factory defaults even from the command line and the same thing go back in there As long as you can get into the interface and if you do factory defaults It's gonna go to default interfaces I'll be careful doing that in case you break a lot of other things But it's just not that big of a deal because everything you need is in that file So doing it this way now it's gonna go grab that file And it'll go through and install everything back again as it was You only need the one config that xml file everything from your passwords to your certificates to your config settings for your different packages are all within that file And this will allow you just to restore the system. So I've seen you know, this happened a couple of years I think it was almost two years ago There was a php update that caused the weird bug if you had updated the package is the same problem as package out of order But it was like reload to firewall if you had to if it got that bad because you know the mismatching problem and Pop a USB drive in with the config file and a matter of fact if you do it over the top There's an option for doing a rescue install so you can do an install and pull the config file all at the same time So not that big of a deal to reload pf sense if this worst-case scenario happens Just as long as you have a backup Unfortunately many people that contact us for that level of support. Oh, I didn't make a backup That's why I need so much help But can you try to extract it from there and yes, there is a backup file if you can boot off of another bootable and get the Drive yes, there is a Location by which you can extract that file and I can show you real quick as it boots up I'll show you where that is And right here so most people will never need to know where the configuration resides unless you're most people It didn't follow the backup and it's CS as Conf as config Excel typically Conf as a simulink for CF Conf will also be accessible directly from Conf s config dot XML varies by platform and file system layout But yes, this is something you can get if you need to extract it from a completely broken system that you somehow Forgot to back up beforehand because you didn't know about these documents, but you can tell the system It's just all backup and running out From the reinstall and it should have a note here Package reinstallation process finished successfully This is one of the steps when it did the reinstall it also grabbed all the packages and reset them up if they needed to be Because we didn't delete and purge or break anything from the restore But you can tell that it's working perfectly fine now So this is another way to fix some of those quirky issues We just do the restore on there and away you go and because we had this backed up with this VN stat D already working even that came right back up and running So hopefully this helps do the reboot do the backup before even do the reboot By the way, if that's if I didn't say that first that make sure you do that first So do the backup do the reboot do the update and if any of the packages need to be updated Go ahead and update them afterwards They should be automatically updated but I have seen like I said my one system at home shows not to Do them automatically but it do this and if all those files just push the backup over the top of it And it'll reboot again and reapply the configuration and that can fix it. So hopefully this helps you hopefully it saves you some headaches and Happy upgrading time. All right, thanks And thank you for making it to the end of the video If you like this video, please give it a thumbs up If you'd like to see more content from the channel hit the subscribe button and hit the bell icon If you like YouTube to notify you when new videos come out If you'd like to hire us head over to laurance systems.com fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Or we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time