Firewalla Gold Tutorial: How to Flash Installer Image

Follow

Comments

26 comments

  • Avatar
    Brian Shimkus

    Will all of the settings and/or customizations be retained after flashing?  I assume yes, but wanted to make sure.

     

    bks

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You should have the option to restore your old configuration after flashing. 

    0
    Comment actions Permalink
  • Avatar
    Chris Holmes

    Only about 20 minutes into everything is back online, but so far so good.  The instructions were spot on.  It seemed to take my app and the box about 6-10 minutes to sync back up AFTER I was done following the instructions.  So probably about 30 minutes total from start to finish with downloading, flashing USB drive, flashing box, pairing app.  Simply well done to the team at Firewalla. 

    As far as keeping settings, be sure to choose "Quick Setup" once your box has been discovered and you scan it, it will restore your box but it seems to have deleted all of my rules.  It did keep all of my network information including DHCP reservations as I am using Router Mode.  Also, the DoH "False Positive" of being "on" (the radio button being blue on the main menu page) seems to be back for me.  I tried turning DoH on and off as well as closed the app and when I opened back up, the radio button was still blue.

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Thanks for the feedback. You can migrate the old rules from Settings -> Advanced -> Migrate from Other Box.

     

    We'll improve the quick setup to include rules and other settings.

     

    For the DoH bug, will check it.

     

    0
    Comment actions Permalink
  • Avatar
    Brian Shimkus

    After the update, what box version should be shown?

     

    I had to reset my Gold due to a bug and during the normal re-initialization process, updates were downloaded.

     

    I'm showing 1.970 (e97c31fa), with a last update dsate of 5/25/2020.

     

    Is that the latest or do I need to reimage it again?

     

    bks

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Brian

     

    There are two pieces of softwares. The Firewalla software and the OS image.

     

    Version 1.970 and hash (e97c31fa) are the latest. (as the Firewalla software)

     

    I think you may also receive the email on the latest base image (firestaller-0.128.img.gz). This is the OS image. You don't have to reimage the 0.128 base image, but we recommend to, because it will (very likely) be the final base image for customers. There are some bug fixes comparing with the previous OS image 0.127.img.gz.

     

    Melvin

    0
    Comment actions Permalink
  • Avatar
    Bob O'Hara

    Flashing the new image went well. Got two beeps from the box when paired and three beeps when I selected “Quick Setup”.

    The “Quick Setup” was still “Applying Network settings...” after 30 minutes. I abandoned this and paired with the Gold again.

    This time I selected to set up a new device, selected router, connected to the modem, selected DHCP and let it run. Still waiting for “Applying network settings...” to complete.

    After 20 minutes, nothing more happened. 
    I removed and reapplied power to the Gold. After pairing and selecting Quick Setup again, the Gold properly configured itself and started normal operation. 

    1
    Comment actions Permalink
  • Avatar
    Support Team

    @Bob,

     

    Can you share remote support to help@firewalla.com , so that we can check what's wrong?

     

    Melvin

    0
    Comment actions Permalink
  • Avatar
    Eli Kahan

    @Melvin,

     

    How can I check the OS base image version?

     

    Eli

     
    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Eli

     

    cat /etc/firewalla_release

    0
    Comment actions Permalink
  • Avatar
    Michael

    Windows instructions as well for those looking. I used Rufus (https://rufus.ie/) portable which was very straight forward. Simply download the img.gz file linked above, select your target USB device, select the image or boot selection within the tool, then hit start.

    0
    Comment actions Permalink
  • Avatar
    Alex

    Hi Firewalla Team,

    cat /etc/firewalla_release shows me following ..

    Model: Gold
    Version: 0.106.img
    Build Date: Sun May 24 18:03:30 UTC 2020
    HASH: 957c2aabd77bb55028b4763f471ce9f9

     

    Version 0.106.img? Is this correct?

    I have an beta gold unit. You mailed us on May 27 to update to 0.128. I did that, but why I have the old version string? Is maybe something not correct?

    Now is 0.132 available.  Is the OS base image also autoupdated? Is there a change log? What's the official recommendation, should we reflash our devices?

     

    Alex

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Please ignore the 0.132 version, it is the image builder.  The image is still the production one. 

    0
    Comment actions Permalink
  • Avatar
    mobius strip

    Please provide more secure hash sums (ideally SHA512) and ideally also GPG signatures for ensuring the security of the installer image.

    I don't pretend to be a security expert, though as I've understood it:

    • MD5 hashes have long been considered insecure for verifying the integrity of software downloads of any type, and SHA256 is the minimum standard that's considered secure.
    • Also, providing an optional/alternative GPG would be even better for users who want to use it.  Provides protection in the event the help website is hacked in order to substitute the download file with malware and the hashsum displayed is altered to trick the user that it is legitimate.

    Requesting this respectfully, of course...it's just that even if likelihood is low that the router image were compromised, the security of everything connected to the Firewalla's network seems like it would be a runaway train....

    0
    Comment actions Permalink
  • Avatar
    mobius strip

    Do the automatic firmware updates get verified by MD5 file hashsums as well?

    If so, can the security of this be upgraded as soon as possible, please?

    0
    Comment actions Permalink
  • Avatar
    Brian Shimkus

    I'm currently on the alpha release for FWG.  If I re-flash the FWG with fireupdate-3.0.0113.img.gz, will that take me back to the beta versions, or will FWG update to the alpha release automatically?

    The goal is to get to the 20.04 base image plus be on the alpha release cycles.

    Thank you!

    bks

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You will have to rejoin the alpha/beta you were on before with the previous image. 

    0
    Comment actions Permalink
  • Avatar
    Brian Shimkus

    That's what I needed to know!  Thank you!

    bks

    0
    Comment actions Permalink
  • Avatar
    prophetse7en

    If we have upgraded to 8 GB of ram, do we have to install the 4 GB stick before flashing this image?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Yes, the install script may check the hardware specs to confirm it's the right hardware to install.

    0
    Comment actions Permalink
  • Avatar
    prophetse7en

    Maybe for the future you could allow flashing with a 8gb module too since the CPU support's 8gb of ram 🙂

    0
    Comment actions Permalink
  • Avatar
    heath

    A few notes for those doing the upgrade.

    1) If you are using MSP, you have to add the “new” box in and remote the old one.

    2) If you are in Beta or Early Access/Alpha, you will have to manually put the box back into those programs (to get to EA, you have to first go to Beta).

    3) Migrating box settings over did NOT migrate VPN Client settings over.  I had both a PIA OpenVPN client configuration and a WireGuard S2S VPN configured that I had to recreate.  It would have been good to warn us that these were not migrated over (unless this is a bug in the migration code).

    4) For me, at least, the port lights did not flash on unused ports 3 or 1 (I’m only using 4 and 2 currently).  2 and 4 had flashing yellow lights and solid orange lights.

    5) The upgrade took about 6 minutes, the migration took another 5+ minutes and then the Beta+Alpha upgrades took another 5+ minutes.  All told, about 20 minutes not counting any time to flash the USB drive.

    6) I’m not sure why they don’t tell us to use the power button on the front of the Gold (Rev A, at least) vs. the hard power removal.  It seemed to work for the initial reboot to start the upgrade.

    7) Historical data is not copied over in the “migration” process, so you lose history on network performance, netflows, and any alarms

    heath 

    0
    Comment actions Permalink
  • Avatar
    Radagast82

    I see a new image based on Ubuntu 22. What's the difference between that and the one based on 20? Is it good for a daily use even if in beta?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Radagast82

    Not much difference. We provide this as an option if people really want to use the latest Ubuntu LTS. We have been using it for over a month, looks pretty stable.

    0
    Comment actions Permalink
  • Avatar
    w m

    is there any guidance if every link is failing md5sum?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @w m

    Which tool reported the "failing md5sum" error? Was it from a 3rdparty md5 tool or from Firewalla box when flashing it to the box? If it's the former, you may need to find a reliable way to download it again. The md5 listed in the page is correct (just double checked).

    0
    Comment actions Permalink

Please sign in to leave a comment.