Periodically, you’ll have to update pfSense which can be a fairly stressful situation if you’re not following best practices. For the most part, firewall devices are the center of your entire network so if they’re down for an extended period, you’ll lose all internet access and potentially internal access issues.
Following best practices for updating pfSense does not guarantee that you won’t run into problems, but it can help you recover if you run into issues. Updates are generally released for new features and functionality, or bug fixes (with a recent vulnerability being found and fixed).
How to Update pfSense Using Best Practices
There are a few recommendations that the pfSense team suggests you perform before attempting to update your system.
- Take a backup of your entire pfSense configuration.
- (OPTIONAL): If you’re running pfSense as a VM, take a snapshot before proceeding.
- Reboot your pfSense firewall.
- Update pfSense to the latest version.
- Test and validate that the new version of pfSense is working as expected.
We’ll take a look at the entire process below. I’ll be performing these steps on pfSense CE, but they’re the exact same on pfSense+.
NOTE: Packages can potentially cause issues, and the pfSense team states that removing the packages before upgrading can help limit potential issues. I will be honest that I do not like doing this – mainly because I haven’t had issues in the past with packages, but you can choose to remove them if you’d like.
Step 1: Taking a Backup of pfSense
1. Select Diagnostics, then Backup & Restore.
2. The default settings are going to be fine for most, but if you want to modify anything or encrypt the backup, you can configure that here. Select Download Configuration as XML after modifying the settings.
Step 2: Rebooting pfSense
Reboot pfSense by selecting Diagnostics > Reboot. Select Submit to reboot pfSense, then wait for it to come back up (it will take a few minutes).
Step 3: Updating pfSense
After pfSense starts back up, follow the steps below to update pfSense.
1. Select System, then Update.
2. At the next step, select the latest version (or whatever version you’d like to install), then select Confirm.
NOTE: This will run the update process, so if you want to do anything before updating, you must do it before completing this step.
3. pfSense will now update and reboot! The process can take upwards of 5-10 minutes or so.
4. After pfSense finishes updating, you can log back in and if you select System > Update, you’ll see that the version has been updated.
Step 4: Testing & Validation
This step will be different for everyone since the pfSense configuration will be different from user to user. However, this step will be the same for everyone, as you must test and validate that all of your packages and configurations are all working as expected. Here are a few things to test:
- Confirm that you have internet access.
- Test any VPNs (WireGuard, OpenVPN, etc) that are configured.
- Check your pfSense packages and ensure that they’re running and don’t have any issues.
If you run into serious issues and you have to restore your configuration, select Diagnostics > Backup & Restore, then select the backup file we made earlier and restore the configuration. I’d recommend that you ensure that restoring the configuration will fix your problems before restoring it.
The steps on how to update pfSense are fairly straightforward, and using the steps above will ensure you’re following best practices. Depending on the features the update provides or the severity of the vulnerability (assuming one exists), that will determine how fast the update should be applied.
If it’s simply new features that you won’t use, updating isn’t something that must be done immediately. However, if it patches a vulnerability, you must assess how important the fix it, how exposed your current system is, etc, and then determine when you must upgrade. Always test and validate updates (in a test environment, if possible) before updating your system.
Thanks for checking out the tutorial on how to update pfSense. If you have any questions, please leave them in the comments!