Personal tools

AutoConfigBackup

From PFSenseDocs

Jump to: navigation, search

pfSense Automatic Configuration Backup Service

Gold subscribers on portal.pfsense.org have access to our Automatic Configuration Backup Service, AutoConfigBackup.

Functionality and Benefits

When you make a change to your configuration, it is automatically encrypted with the passphrase entered in your configuration, and uploaded over HTTPS to our server. Only encrypted configurations are retained on our server. This gives you instant, secure offsite backup of your firewall with no user intervention.

pfSense Version Compatibility

This package will work with all pfSense 1.2.x and 2.x versions.

pfSense 1.2 Caveat

There is one caveat to using this package on pfSense 1.2 - the only way we could tie the automatic backup into 1.2 release is to trigger it upon every filter reload. Most page saves will trigger a filter reload, but not all. The pages that will not trigger an automatic backup include:

  • DNS forwarder
  • DHCP server
  • DHCP relay
  • General Setup

On 1.2 release, when making changes to areas other than firewall and NAT rules, you may want to use the "Backup now" button to ensure the configuration is backed up.

Backup Limits

The most recent 100 configurations for each host are retained.

Gold subscribers can backup a maximum of 10 systems. If you have more systems than that, get in touch with us for pricing information.

Installation and Configuration

Installing the AutoConfigBackup Package

To install the package, visit System -> Packages and click the + next to the AutoConfigBackup package. It will download and install the package. Then click on the pfSense logo at the top of the page, which will return you to the front page, and refresh your menus. You will then find AutoConfigBackup under the Diagnostics menu.

Setting your Hostname

Make sure you have a unique hostname and domain set on the System -> General Setup page. The configurations are stored by FQDN (hostname + domain), so you must make sure each firewall you are backing up has a unique FQDN, otherwise the system cannot differentiate between multiple installations.

Configuring AutoConfigBackup

The service is configured under Diagnostics -> AutoConfigBackup. On the Settings tab, fill in your portal.pfsense.org username and password, and enter an encryption password. The username is the login name created when purchasing your subscription, not the e-mail address. You should use a long, complex password to ensure your configuration is secure. It is very important to store this encryption key somewhere off of your firewall - if you lose it, it will be impossible to restore your configuration if you lose the hard drive in your firewall. We retain only encrypted configurations, which are useless without your encryption password.

Testing Backup Functionality

Make a change to force a configuration backup, such as editing and saving a firewall or NAT rule, then clicking Apply Changes. Visit the Diagnostics -> AutoConfigBackup screen, and you will be shown the Restore tab, which will list your available backups along with the page that made the change (where available).

Manually Backing Up

At times, you may want to force a backup of your configuration. You can do this on the Restore tab of the AutoConfigBackup page by clicking the "Backup now" button at the bottom. This will pop up a box where you can manually enter a description of your backup. You may wish to do this before making a series of significant changes, as it will leave you with a backup specifically showing the reason for the backup, which then makes it easy to revert to your configuration prior to initiating the changes. Since each configuration change triggers a backup, when you make a series of changes it can be difficult to know where you started if you should need to revert. Or you may wish to manually backup prior to upgrading to a new pfSense release, and name the backup so it's clear that is the reason you made the backup.

Restoring your Configuration

To restore a configuration, click the + button to the right of the configuration as shown on the Diagnostics -> AutoConfigBackup screen on the Restore tab. It will download the configuration specified from our server, decrypt it with your encryption password, and restore it. By default, it will not reboot. Depending on the configuration items restored, a reboot may not be necessary. For example, your firewall and NAT rules are automatically reloaded after restoring a configuration. After restoring, you are prompted if you want to reboot. If your restored configuration changes anything other than NAT and firewall rules, you should choose Yes.

Bare Metal Restoration

If you lose your hard drive, as of now you must do the following to recover on a new installation.

1. Install pfSense on the new hard drive 2. Bring up LAN and WAN, and assign the hostname and domain exactly the same as it was previously configured. 3. Install the AutoConfigBackup package 4. Configure the AutoConfigBackup package as described above, using your portal account and the same encryption password as used previously. 5. Visit the Restore tab and choose the configuration you wish to restore. 6. When prompted to reboot after the restoration, do so.

You will now be back to the state of your firewall as of the last configuration change.

FAQ

How do I know my backup was successful?

The list of backups shown on the Restore tab is pulled from our servers - if the backup is listed there, it was successfully created.

How will I know if a backup fails?

If a backup fails, an alert is logged, and you will see it scrolling across the top of the web interface.