- Docs »
- pfSense® software »
- Installing and Upgrading
- Give Feedback
Next
Upgrade Process Overview
Previous
Assign Interfaces
pfSense® software can be reliably upgraded from an older release to a currentrelease.
Netgate periodically release new versions that contain new features, updates,bug fixes, and various other changes. In most cases, updating an installation iseasy. If the firewall is updating to a new release that is a only a pointrelease (e.g 2.x.3 to 2.x.4), the update is typically minor and unlikely tocause problems.
Note
Only the most recent stable release of pfSense is officially supported, soupdating is also important to ensure that any problems encountered may beresolved as needed.
Upgrades use the same software edition that the firewall is currently running.For example, pfSense CE software installations will upgrade to the latestversion of pfSense CE software. pfSense Plus software will upgrade to the latestversion of pfSense Plus software. The only exception to this is when followingthe special procedure to Migrate from pfSense® CE software to Netgate pfSense Plus software.
The most common problems encountered during upgrades are hardware-specificregressions from one FreeBSD version to another, though those are rare. Updatedreleases fix more hardware than they break, but regressions are always possible.Larger jumps, such as from 2.3.x to 2.7.2-RELEASE must be handledwith care, and ideally tested on identical hardware in a test environment priorto use in production.
Warning
Firewalls must be connected to the Internet to update.
- Upgrade Process Overview
- Traditional Upgrade Process (CE, Plus with UFS)
- ZFS Boot Environments (First Generation, Plus 22.05-23.09.1)
- ZFS Boot Environments (Second Generation, Plus 24.03 and later)
- Pre-Upgrade Tasks
- Make a Backup … and a Backup Plan
- Check and Clean Up ZFS Boot Environments
- Low Memory Hardware and AWS/Azure Instances
- Remove / Dismount any Installation Media
- VM Snapshots
- Pre-Upgrade Reboot
- Packages
- Version-Specific Notes
- Upgrading from versions older than pfSense Plus 21.02.2 or pfSense CE 2.5.1
- Upgrading from versions older than pfSense 2.5.0
- Upgrading from versions older than pfSense 2.4.5-p1
- Upgrading from versions older than pfSense 2.4.4
- Upgrading from versions older than pfSense 2.4.0
- Older Version Upgrade Notes
- Perform the Upgrade
- Upgrading using the GUI
- Upgrading using the Console
- Reinstalling / Upgrading Configuration
- Upgrading High Availability Clusters
- XMLRPC Config Sync Considerations
- pfsync considerations
- CARP considerations
See also
Troubleshooting Upgrades
Update Settings¶
Branch / Tracking Snapshots¶
By default, the update check looks for officially released versions of pfSensesoftware, but this method can also be used to track development snapshots.
To change the branch used for updates:
Navigate to System > Update
Set the Branch to the desired type of updates
Wait for the page to refresh and perform a new update check
The branch list will vary depending on the current development cycle. Examplesof options that may be found in the list include:
- Latest Stable Version:
Stable versions are the best option, as they see the most testing and arereasonably safe and trouble-free. However, as with any upgrade, read thechangelog and update notes for that release.
- pfSense Plus Upgrade:
Upgrade a system from pfSense CE software to pfSense Plus software. Present onregistered systems with access to pfSense Plus software repositories.
See also
See Migrate from pfSense® CE software to Netgate pfSense Plus software for details on migrating to pfSense Plussoftware.
- Previous Stable Version (Deprecated):
A pointer to the previous release so that firewalls may pull packages andupdate files from the previous release while waiting for a maintenance windowor similar upgrade opportunity. May also be labeled “Legacy”.
- Latest Development Snapshots:
Tracks development snapshot builds. These may either be snapshots for the nextminor or major version depending on the status of the development cycle.
- Next Major Version:
Tracks snapshots for the next major update version. This is riskier, but insome cases may be required for newer hardware or new features that are not yetreleased. Consult the forum and test in a lab to see if these snapshots arestable in a particular environment.
Warning
Do not run development versions of pfSense software in productionenvironments.
Boot Environments¶
There are a handful of options related to ZFS Boot Environments which only appear on systems running pfSense Plussoftware installed using ZFS.
See also
How Boot Environments Work
Upgrade Process Overview
The available options are:
- Defer Automatic Reboot
When checked, the firewall will not automatically reboot after finishing theupgrade. Instead, it will wait for an administrator to reboot it manually.
- Boot Verification
These options control the boot time verification for a Boot Environment. Ifverification fails, the firewall will automatically roll back to a previousknown-good Boot Environment and reboot.
The firewall displays a prompt on the Dashboard to verify or fail the BootEnvironment.
- Manual Boot Verification
When set, the Boot Environment is not automatically verified and must beverified manually before the verification interval expires.
- Boot Verification Interval
This option defines the amount of time the administrator has to verify thatthe Boot Environment is in working order. If the timer expires, the firewallwill automatically roll back to a previous known-good Boot Environment andreboot.
The default value is
300
seconds (5 minutes).
See also
See ZFS Boot Environments (Plus Only) for more information.
Dashboard Check¶
The Dashboard Check checkbox on System > Update, Update Settings tabcontrols whether or not the System Information widget on the dashboardperforms an update check. On firewalls with low resources or slow disks,disabling this check will reduce the load caused by running the check each timean administrator views the dashboard.
GitSync¶
This section is for developers and should not be used by end users. Leavesettings in this area empty or disabled.