In case anything goes wrong and the "reset to factory default" does not work, here is how to recover:
- Do not delete or unpair the previous instance. You can restore configurations from it later.
- Download the Firewalla Gold installer image (Based on ubuntu 20.04 LTS)
Download link: fireupdater-3.0.0113.img.gz
MD5sum: eb64d196a7a9f9d80f6fd914334aea46
Or:
Download link: firestaller-0.132.img.gz (Ubuntu 18 LTS)
MD5sum: 22ecc3d8d41d874338597e620ca371f0 - Download a flash program, we use etcher.io
Note: if etcher doesn't work on macOS Catalina (10.15), please scroll down for a workaround. - Launch the etcher, select the image you've downloaded before.
- Plug a USB drive (with at least 16 GB disk space) into your computer, and select it as the flash target.
- Flash!
- After flashing, unplug the USB drive from your computer, plug it into the other USB slot on Firewalla Gold (please DO NOT remove the Red dongle).
- Power cycle the Gold box (Unplug the power cable and plug it back in).
- Wait for the lights on the ethernet ports to blink from Port 4 to Port 1. It will take about 6 minutes. When the light on port 1 starts to blink, it means the re-flashing is done.
NOTE: A display monitor can be connected via HDMI to watch the flashing process.
10. Unplug the USB drive, then power cycle the Gold box.
11. The box will be powered up as new, and ready for pairing.
Restoring Configuration
When installing the new version, the iOS app will use "Quick Setup" to restore the previous network configuration.
Then please use Settings -> Advanced -> Migrate from other boxes to restore rules and device names after installation. See the tutorial on how to migrate: https://help.firewalla.com/hc/en-us/articles/360015356093-How-to-migrate-data-from-one-Firewalla-Box-to-another-
Note: please do not unpair the old box before the migration. Just use the USB to flash, install, and migrate. After migration, you can tap and hold on the previous Firewalla Icon, and tap "unpair" to remove the previous pairing.
Known Issues:
Etcher prompts for user confirmation before flash on Windows 10
Start Etcher with administrative privilege
Etcher fails to start flashing in MacOS
Unmount auto-mounted partitions from USB drive by running the following commands in Terminal
x=$(diskutil list | awk '/external/ {print $1}')
sudo umount ${x}s1 ${x}s2
Etcher doesn't work on MacOS Catalina (10.15)
Here is an open issue on GitHub etcher project to track this: https://github.com/balena-io/etcher/issues/2833
Here is a workaround you can use before etcher fixes this issue.
- Open Terminal.app
- Run this command in the terminal:
- sudo /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher
- Type your MacOS login password when asked.
Comments
22 comments
Will all of the settings and/or customizations be retained after flashing? I assume yes, but wanted to make sure.
bks
You should have the option to restore your old configuration after flashing.
As far as keeping settings, be sure to choose "Quick Setup" once your box has been discovered and you scan it, it will restore your box but it seems to have deleted all of my rules. It did keep all of my network information including DHCP reservations as I am using Router Mode. Also, the DoH "False Positive" of being "on" (the radio button being blue on the main menu page) seems to be back for me. I tried turning DoH on and off as well as closed the app and when I opened back up, the radio button was still blue.
Thanks for the feedback. You can migrate the old rules from Settings -> Advanced -> Migrate from Other Box.
We'll improve the quick setup to include rules and other settings.
For the DoH bug, will check it.
After the update, what box version should be shown?
I had to reset my Gold due to a bug and during the normal re-initialization process, updates were downloaded.
I'm showing 1.970 (e97c31fa), with a last update dsate of 5/25/2020.
Is that the latest or do I need to reimage it again?
bks
@Brian
There are two pieces of softwares. The Firewalla software and the OS image.
Version 1.970 and hash (e97c31fa) are the latest. (as the Firewalla software)
I think you may also receive the email on the latest base image (firestaller-0.128.img.gz). This is the OS image. You don't have to reimage the 0.128 base image, but we recommend to, because it will (very likely) be the final base image for customers. There are some bug fixes comparing with the previous OS image 0.127.img.gz.
Melvin
Flashing the new image went well. Got two beeps from the box when paired and three beeps when I selected “Quick Setup”.
The “Quick Setup” was still “Applying Network settings...” after 30 minutes. I abandoned this and paired with the Gold again.
This time I selected to set up a new device, selected router, connected to the modem, selected DHCP and let it run. Still waiting for “Applying network settings...” to complete.
After 20 minutes, nothing more happened.
I removed and reapplied power to the Gold. After pairing and selecting Quick Setup again, the Gold properly configured itself and started normal operation.
@Bob,
Can you share remote support to help@firewalla.com , so that we can check what's wrong?
Melvin
@Melvin,
How can I check the OS base image version?
Eli
@Eli
cat /etc/firewalla_release
Windows instructions as well for those looking. I used Rufus (https://rufus.ie/) portable which was very straight forward. Simply download the img.gz file linked above, select your target USB device, select the image or boot selection within the tool, then hit start.
Hi Firewalla Team,
cat /etc/firewalla_release shows me following ..
Model: Gold
Version: 0.106.img
Build Date: Sun May 24 18:03:30 UTC 2020
HASH: 957c2aabd77bb55028b4763f471ce9f9
Version 0.106.img? Is this correct?
I have an beta gold unit. You mailed us on May 27 to update to 0.128. I did that, but why I have the old version string? Is maybe something not correct?
Now is 0.132 available. Is the OS base image also autoupdated? Is there a change log? What's the official recommendation, should we reflash our devices?
Alex
Please ignore the 0.132 version, it is the image builder. The image is still the production one.
Please provide more secure hash sums (ideally SHA512) and ideally also GPG signatures for ensuring the security of the installer image.
I don't pretend to be a security expert, though as I've understood it:
Requesting this respectfully, of course...it's just that even if likelihood is low that the router image were compromised, the security of everything connected to the Firewalla's network seems like it would be a runaway train....
Do the automatic firmware updates get verified by MD5 file hashsums as well?
If so, can the security of this be upgraded as soon as possible, please?
I'm currently on the alpha release for FWG. If I re-flash the FWG with fireupdate-3.0.0113.img.gz, will that take me back to the beta versions, or will FWG update to the alpha release automatically?
The goal is to get to the 20.04 base image plus be on the alpha release cycles.
Thank you!
bks
You will have to rejoin the alpha/beta you were on before with the previous image.
That's what I needed to know! Thank you!
bks
If we have upgraded to 8 GB of ram, do we have to install the 4 GB stick before flashing this image?
Yes, the install script may check the hardware specs to confirm it's the right hardware to install.
Maybe for the future you could allow flashing with a 8gb module too since the CPU support's 8gb of ram 🙂
A few notes for those doing the upgrade.
1) If you are using MSP, you have to add the “new” box in and remote the old one.
2) If you are in Beta or Early Access/Alpha, you will have to manually put the box back into those programs (to get to EA, you have to first go to Beta).
3) Migrating box settings over did NOT migrate VPN Client settings over. I had both a PIA OpenVPN client configuration and a WireGuard S2S VPN configured that I had to recreate. It would have been good to warn us that these were not migrated over (unless this is a bug in the migration code).
4) For me, at least, the port lights did not flash on unused ports 3 or 1 (I’m only using 4 and 2 currently). 2 and 4 had flashing yellow lights and solid orange lights.
5) The upgrade took about 6 minutes, the migration took another 5+ minutes and then the Beta+Alpha upgrades took another 5+ minutes. All told, about 20 minutes not counting any time to flash the USB drive.
6) I’m not sure why they don’t tell us to use the power button on the front of the Gold (Rev A, at least) vs. the hard power removal. It seemed to work for the initial reboot to start the upgrade.
7) Historical data is not copied over in the “migration” process, so you lose history on network performance, netflows, and any alarms
heath
Please sign in to leave a comment.