Unbricking the Netgate pfsense SG-3100

By jeltsch on Fri, 11/10/2023 - 23:48
You need a USB cable with a high profile micro-USB connector and an 8-GB USB stick to unbrick your Netgate SG-3100

The current process of restoring functionality on the Netgat pfsense SG-3100 router after an unsuccessful firmware upgrade is too difficult (although the device is magnificent otherwise). Today, I experienced the third failed upgrade within six years. Recovery worked every time without problems, but it should be MUCH easier if you want me to recommend this router to my less tech-savvy friends. To pull this off, you need an 8-GB USB stick and USB cable with a high-profile micro-USB connector at one end and a regular USB-A connector at the other. These are the steps that you need to do to unbrick the device:

  1. Request the firmware image via support.
  2. Downloading the image (it comes as a compressed .img.gz file)
  3. Writing the image to an 8 GB USB (who still uses USB sticks?). The software that Netgate recommends is Etcher. Etcher is available for Windows, macOS and Linux (https://etcher.balena.io/#download-etcher)
  4. Have the configuration backed up to an XML file. You need to do this before you brick your device. After writing the image to the USB stick, you should copy the configuration file as "config.xml" to the FAT partition of the USB stick.
  5. Finding the (not very common) USB Mini-B (5-pin) cable (see the image)
  6. Installing a terminal app on the computer and learning how to connect to the device console (https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/connect-to-...). I use Screen because it works and is installed on most Linux distros by default.
    sudo screen -U /dev/ttyUSB0 115200
  7. Now you need to plug in the USB stick to the USB port on the back of the device and unplug and replug the device to reboot. Immediately in the beginning, you need to stop the boot process by quickly pressing any key.
  8. You execute "run recovery" and follow the instructions. It will ask you where to install it, but I had only one option, so there was nothing to choose between. The restoration can take a while.
  9. After the installation, remove the USB stick and unplug/replug to power-cycle.
  10. Despite the config.xml file, my router reverted to the default password "admin"/"pfsense".