Back to Blog

Appliances, pfSense, Announcements, Releases, Networking, AWS, Azure

Netgate to Introduce Faster, Safer Updates in pfSense Plus Software Version 24.03

Netgate to Introduce Faster, Safer Updates in pfSense Plus Software Version 24.03

Netgate is pleased to announce that pfSense® Plus software version 24.03 will include enhancements to the software update process, using features of the ZFS file system to increase stability and reduce instance downtime during an update. These enhancements also offer powerful new tools to pfSense Plus admins who use system snapshots to create multiple pfSense Plus environments during testing and who value the ability to easily fall back into a known environment if necessary.

These faster, safer update features are included with the pfSense Plus version 24.03 for appliances/instances using ZFS for the file system. pfSense Plus ships by default on all Netgate security gateways (at no additional cost) and is also available via the $129 TAC-Lite subscription for non-Netgate appliances. 

Changes to the update process

One of the anxiety-inducing moments in previous updates is the time when the system is offline, rebuilding itself, and rebooting with the new software image. Unexpected problems can occur, which may be hard to debug, especially when updating software remotely. Initiating the new update process doesn’t look very different, but that’s deceptive.  A lot of thought has gone into reworking the process for speed, stability, and dealing with unexpected problems in a graceful way. 

The new update mechanism utilizes powerful features in ZFS to create a snapshot of the current running environment, then downloads and installs the software update onto that snapshot. If an error occurs during the update process, the admin will be notified, and the instance will not reboot but continue running the current version.

If no error is detected, the “one-time boot” value is changed to point to the newly updated snapshot, and the instance reboots.  This reboot is just as fast as a typical reboot. If an error occurs during the reboot after an update, it’s detected by a ‘watchdog’ timer that was started at the beginning of the reboot. (This is because most boot-time errors result in a “hang” of the system). In this case, the “next boot” value is changed back to the original boot environment, and the instance is rebooted. 

With version 24.03, it will also be possible to install updates to other saved snapshots manually. The updates will only impact the pfSense Plus environment in that snapshot while the pfSense Plus instance continues to run. 

The pfSense Plus Configuration History (Diagnostics / Backup & Restore / Config History) has also changed to be aware of boot environments, giving system managers greater visibility and more powerful tools when dealing with multiple boot environments.

Conclusion

By adding this functionality to pfSense Plus software version 24.03, we have created an update process that increases stability and reduces device downtime, especially if there is an unexpected issue during a software update, while giving admins more flexibility to create and manage multiple boot environments.

Netgate continues to listen to our customers, enhancing the pfSense Plus software experience to meet their needs while maintaining the industry’s best price/performance and the lowest TCO.