Usually I have customers ship me their pfsense box in the mail when they purchase it from Netgate to cut down on drive time. Recently I had a client of mine need a new firewall installed urgently to utilize the static IPs they received from their ISP. They paid for the quick setup and quick shipping so I figured I’d get it all setup in a VM and the thought I would simply import the config file from my VM to their new firewall when I received it in the mail.
The new firewall came in the mail and I booted it up, accessed the GUI and immediately went over to Diagnostics > Backup and Restore and restored the VMs configuration file. It booted up and then as you probably guessed I couldn’t access the firewall IP address on any of the ports. That’s when it dawned on me that I was going from Community Edition to Pfsense Plus and also that I was not working with standard physical ports but rather the pfsense appliance switch port configuration. I restored the system with a pfsense appliance image I got from Netgate using the console just to be sure I didn’t deploy a corrupted system as a result of my negligence. I then compared a stock backup of the Netgate appliance to my VMs backup config I tried importing and I found that there was some extra information about the switch port and also the interface names needed updated. I then tried as carefully as I could to tweak the appliance configuration backup to match the settings of my VM backup however no matter what I tried, after the appliance reboots I can no longer ping the interfaces. It’s like the switch configuration is being wiped clean.
(Yes I did try to do the import with and without the check box to preserve the switch port configuration)
To see if the appliance was getting any traffic at all I restored the system again and this time I set a port forward rule on the WAN side so I could get back into the system from another interface other than the switch ports. That worked, when the appliance rebooted after importing the tweaked config file I was able to access the pfsense dashboard via the WAN port. When I took a look at the traffic graphs and firewall rules there was absolutely no traffic making it to the interfaces I had assigned to for example LAN and LAN2.
Has anyone been successfully with importing Community Edition configuration files to a pfsense appliance? What settings did you find necessary to add or remove to accomplish this?