Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

If you're migrating from one Firewalla to another using local DNS services, change this first

Follow
Avatar
Jay

I recently migrated from a Firewalla Purple SE to a Firewalla Orange.  I used the migration feature in the app, but it kept failing after I told it to start the migration.  I kept having to hard reset the box, until I figured out what it needed.

My setup: 
- My network uses non-Firewalla ad-blocking DNS servers that are on my LAN.  Those DNS servers fetch and resolve for all devices on the network; no hosts should be going outside the network to get their own results.
- I also have some devices on the network that are 100% blocked from sending traffic outside the LAN.  (Some things just can't stop phoning home...)

My goals during migration:
- Migrate everything from the Purple SE to the Orange and do a one-for-one replacement
- Keep those blocked hosts from sneaking a message through to their mothership while the Orange is not migrated to the Purple SE's locked-down config

What I did:
- During migration I kept the LAN port disconnected while the Orange was importing the settings from the Purple SE (it was getting these settings from the Firewalla backup that gets made in the cloud whenever you make a settings change)

What I figured out:
- At some point during the migration the box still needs something from the Firewalla cloud, but it gets to a point where it needs DNS
- Because my Purple SE's DNS servers were configured to talk to DNS servers on the LAN, and the LAN was disconnected, the Orange was unable to reach its DNS resolvers once it ingested the migration configuration

What I did to fix it:
- I reconnected my Purple SE and went into the DNS settings, and configured one of the resolvers to be either 1.1.1.1 or 8.8.8.8.  This saved those settings in the cloud backup so that the migration would pull them in next time I attempted it.  That way even with the LAN disconnected, it could still find one of its configured DNS resolvers during migration.
- Change this setting back after the migration to only use the internal DNS servers

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post