LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

pfSense: Yes, You Should Use Auto Config Backup and Here's the Right Settings

pfSense LogoFor a lot of network devices, their entire configuration amounts to only a few megabytes’ worth of data.

But what a pain if you lose those megabytes!  Firewall rules, NAT configurations, VPN setups, CARP/HA, and maybe other services such as DHCP, DNS, and others…all would have to be recreated from scratch.  Ugh.

Fortunately, if you’re using pfSense, backing up your configuration is dead simple.  As a bonus, you also get your backup stored off-site, encrypted, and it’s free!

I’m referring to pfSense’s Auto Config Backup.  This free service from Netgate allows you to backup your pfSense’s configurations to their cloud.  It’s encrypted and does not require any kind of subscription.

I know because I never bought pfSense, but it’s been on my home LAN for several years, running on a Protectli 8250U mini PC.  You can access this function by clicking Services->Auto Config Backup.  Here are the settings I recommend:

pfSense Auto Config Backup

Let’s walk through those.

Backup Frequency is the most important one.  I choose “every configuration change” because that creates versioning for your changes.  I’m interested in either recovering from a disaster (in which case I’ll want the latest backup), or undoing some catastrophic change.  In the latter scenario, if I’m backing up every day, eventually the change before current will be overwritten.

In other words, if my config didn’t change last week, why back it up?  Backup based on when the config changes.  Note that Netgate only retains the last 100 backups.

Encryption Password: Obviously, you need to pick a strong one!  My hint is “look in my 1Password safe,” which is where I keep all my passwords.

Manual Backups to Keep: This is your choice.  You could set it to zero and rely solely on pfSense’s automatic backups.  Or you can set it higher and them as a separate stream of backups.  I keep it low because the only time I do this is when I’m upgrading pf and want to do a backup before doing the upgrade.

That’s really all there is to backing up your pfSense firewall.  If mine blew up tomorrow, I’d grab some new gear and restore from the Netgate cloud and be back up and running very quickly.




No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *