Newb Q: What to take into account when moving from pfSense

[horseradish]

Hello all, future OPNsense user here coming from /r/homelab and the things that went down there.

I would like to move to OPNsense from Pfsense. Although my setup is not very complicated in comparison to many others, I have put in quite a lot of time to get it working 'just right'. As such I am taking a cautious approach.
What should I expect when trying to move from pfSense?

Currently using the following not-too-complicated setup:

• PFsense 2.4.2-RELEASE-p1
• Running on an oldish SuperServer 5015A-EHF-D525
• 3 Wan connections, load balanced with weights (one wan is 50x faster than the other two)
• A few firewall aliases
• Nat rules with aliases
• Outbound rules to force certain devices to use a specific wan, again using aliases

It would be easiest if I could just reinstall and restore a config backup, but from what I have read here it seems to me that this might not work.
Would someone be kind enough to guide this newcomer?

EDIT: Added the use of aliases

[elektroinside]

Welcome to OPNsense!
I too migrated from pfsense a month ago and I am very happy I did.

My advice would be to print screen your pfsense settings (easier than reading an XML backup, although I would also do this) and manually recreate them on OPNsense. While you're at it, you could also review them.

But before deploying it for production use, I personally "played" with OPNsense first, see what it can do, brake/unbrake stuff so I could get used to it.

There are also plenty of really well-written tutorials here on forum and here: https://docs.opnsense.org/index.html

You will also find the community and devs being very friendly and responsive.

One more thing good to know, 18.1 is nearly released. It has several enhancements and bug fixes.

[fabian]

Most settings will probably work (interfaces, firewall related stuff, DHCP/DNS, ...) but some have been rewritten so a full import will not work (CaptivePortal, Proxy, IDS, the Plugins). This is the reason for the official statement (<= 2.1 - the time when the fork happened).

[horseradish]

Thanks a lot for the replies!
Recreating manually seems like the way to go. However I am also considering to start with a VM to see what happens when I straight restore a pfsense backup as my settings are mostly firewall related.

[chemlud]

...last time I moved, I could import some areas (aliases, some other...), had a chat recently with Franco, he suggested the same, iirc, step-by-step.

I save the config after each import and look, if something strange happened after the last import. :-)

[dcol]

It's always better to start fresh so you can weed out old issues and obsolete items.
NAT, Firewall rules, and aliases will work the same way and can just be copied over manually.

Then follow some of the guides in this forum for setting up IPS. Always take a logical approach and choose based on your requirements.