Re: [pfSense] Restoring at remote location before deployment
Mark, Thanks very much for the reply. We should be able to accomplish this using this method as well. Steve On 05/18/2017 08:26 AM, Mark Wiater wrote: > > > On 5/17/2017 3:44 PM, Steven Spencer wrote: >> All, >> >> When restoring a configuration for a site, we often do so from the home >> office and then deploy after we are sure hardware is working as >> expected. That means that we are restoring a backup and then on reboot, >> their is no active WAN (because the WAN IP is set for the remote >> location on restore) > > I do the same, build up the system in the home office for testing. > > I've created a separate environment within the home office that allows > for the unit under test to hit the internet after getting natted to > the home office's ip addr. > > > > > > > > > esses. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 1131 Mobile 402-765-8010 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Restoring at remote location before deployment
We did something similar when setting up our data center routers. Added a public subnet on the LAN side of our own pfSense, NATted to the Internet. It works because of the NAT so the public IPs don't leave our office. The data center routers had another public subnet on their LAN side (since we have a /25 block routed to us), so as I recall there were a few routing configuration changes to ensure traffic for those IPs was routed back inside our office and didn't go out to the Internet. But for just one public IP that isn't necessary. So I suppose a workaround would be to put the WAN gateway IP in your own pfSense and the new router would talk to it. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Mark Wiater Sent: Thursday, May 18, 2017 8:27 AM To: list@lists.pfsense.org Subject: Re: [pfSense] Restoring at remote location before deployment On 5/17/2017 3:44 PM, Steven Spencer wrote: > All, > > When restoring a configuration for a site, we often do so from the home > office and then deploy after we are sure hardware is working as > expected. That means that we are restoring a backup and then on reboot, > their is no active WAN (because the WAN IP is set for the remote > location on restore) I do the same, build up the system in the home office for testing. I've created a separate environment within the home office that allows for the unit under test to hit the internet after getting natted to the home office's ip addr. esses. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Restoring at remote location before deployment
On 5/17/2017 3:44 PM, Steven Spencer wrote: All, When restoring a configuration for a site, we often do so from the home office and then deploy after we are sure hardware is working as expected. That means that we are restoring a backup and then on reboot, their is no active WAN (because the WAN IP is set for the remote location on restore) I do the same, build up the system in the home office for testing. I've created a separate environment within the home office that allows for the unit under test to hit the internet after getting natted to the home office's ip addr. esses. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Restoring at remote location before deployment
All, When restoring a configuration for a site, we often do so from the home office and then deploy after we are sure hardware is working as expected. That means that we are restoring a backup and then on reboot, their is no active WAN (because the WAN IP is set for the remote location on restore) and therefore no way for the updates to complete. So, instead of booting up and allowing for testing first and then deploying to the location and doing the updates, what we end up with is a 30 minute wait while each update attempts to complete and then fails. I fully understand why you want those updates to occur as soon as possible. You want to be sure all needed packages are installed and all patches have been applied for functionality. It's all good. But there should be an option to perform these steps after the unit is deployed, a step in the CLI, perhaps, that says something like "Reboot with no active WAN." It would speed up configuration restores vastly for those of us who do so from a home office and then deploy to the field after the hardware is tested. (i.e., assigning something to the WAN IP block for ping tests, etc.). Because we searched the forums, we know this has come up in the past, but that it has been summarily shut down as functioning as expected and tickets closed. Any chance that something like this might be revisited? Thanks, -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 1131 Mobile 402-765-8010 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold