For a lot of network devices, their entire configuration amounts to only a few megabytes’ worth of data.

But what a pain if you lose those megabytes!  Firewall rules, NAT configurations, VPN setups, CARP/HA, and maybe other services such as DHCP, DNS, and others…all would have to be recreated from scratch.  Ugh.

Fortunately, if you’re using pfSense, backing up your configuration is dead simple.  As a bonus, you also get your backup stored off-site, encrypted, and it’s free!

I’m referring to pfSense’s Auto Config Backup.  This free service from Netgate allows you to backup your pfSense’s configurations to their cloud.  It’s encrypted and does not require any kind of subscription.

I know because I never bought pfSense, but it’s been on my home LAN for several years, running on a Protectli 8250U mini PC.  You can access this function by clicking Services->Auto Config Backup.  Here are the settings I recommend:

Let’s walk through those.

Backup Frequency is the most important one.  I choose “every configuration change” because that creates versioning for your changes.  I’m interested in either recovering from a disaster (in which case I’ll want the latest backup), or undoing some catastrophic change.  In the latter scenario, if I’m backing up every day, eventually the change before current will be overwritten.

In other words, if my config didn’t change last week, why back it up?  Backup based on when the config changes.  Note that Netgate only retains the last 100 backups.

Encryption Password: Obviously, you need to pick a strong one!  My hint is “look in my 1Password safe,” which is where I keep all my passwords.

Manual Backups to Keep: This is your choice.  You could set it to zero and rely solely on pfSense’s automatic backups.  Or you can set it higher and them as a separate stream of backups.  I keep it low because the only time I do this is when I’m upgrading pf and want to do a backup before doing the upgrade.

That’s really all there is to backing up your pfSense firewall.  If mine blew up tomorrow, I’d grab some new gear and restore from the Netgate cloud and be back up and running very quickly.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• What Does Your Road Warrior Kit Look Like?Here’s How I Setup to Go On the Road - May 1, 2024
• The Social Media Police Bodycam Video Industry: Where the Vids Come From May Surprise You - April 30, 2024
• Save Big on Yearly VPS Offers from Hudson Valley Host! - April 29, 2024