Backup pfSense Configuration Guide

In this guide, I will show you how backup your pfSense Configuration and why it is important to do so.

Especially if you experiment around a lot, it’s an easy way to restore back to a working configuration. I had to use this feature many times and I usually keep my backups of a few different states.

This is extremely important. I already put lots and lots of hours into configuring pfSense to have it where I want it to be. This is not only hours of configuration, but hours and hours of research.

Also, do a backup each and every time before upgrading to a newer version of your firewall. I learned this the hard way with my NAS just a few weeks ago. I will never run an upgrade without pulling a backup right before I run the upgrade.

Let me walk you through the process real quick.

2016-11-13-19_02_23

On your pfSense firewall navigate to Diagnostics -> Backup & Restore

You see, there aren’t too many options so you don’t need to be scared of this backup process 🙂

2016-11-13-19_14_18

Let’s go through the options real quick starting on the top:

  • Backup Area

Here you can choose to backup just certain settings isolated, you can backup:

  • All (the obvious choice for us)
  • DNS Resolver
  • DHCP Server
  • DHCPv6 Server
  • Interfaces
  • NAT
  • RRD Data
  • Scheduled Tasks
  • System
  • SNMP Server

I always simply do a Backup All, because I have no reason to specifically backup only single areas.

  • Skip packages

This allows you to Skip installed packages in your backup. If you have Squid Proxy installed, for example, it wouldn’t back that up. We do not want this, so we keep this box unticked.

  • Skip RRD data

RRD Data are your Graphs. Like the traffic Graph for example. I do not back them up in my home, I do not need them. In a corporate environment, you might want to back them up.

  • Encryption

This goes without thinking. Always encrypt your backups with a password.

You see? No magic here. Now, after we set everything up correctly, click on Download configuration as XML. That´s really it. Store the backup file on a storage of trust, you can use Dropbox or Google Drive for it, although you should use a very strong password for those services.

Now let us get into Restore Backup.

As you can see below, there is an option to restore your backup. This is really easy. You just choose the configuration file, tick the encryption box, enter your password and hit restore.

After a reboot, you are back to your old config.

You can even choose a Restore area to specifically just restore your DHCP server. You do not even have to run a full restore, isn’t this awesome?

Let´s switch over to the Config History tab.

2016-11-13-19_29_25

Now, this is a really convenient feature of pfSense. Every time you make a change in your configuration, pfSense automatically makes a backup. With this, even if shit hits the fan and you just did something very bad without pulling a backup before, you can still revert back to a still working state. The amount of configs saved here is limited, so don´t rely on it! It´s simply an emergency tool.

You can even see what changes were made between 2 different configuration states, to do so, just select two different configs on the buttons on the left and hit Diff.

2016-11-13-19_33_41

You get a more complicated looking output then, but you can actually see what was changed. I will not go deeper into this, maybe I cover it in a separate article.

This much for backing up guys, always do your backups religiously. Especially before updating to a newer version of your firewall. It’s a lifesaver!

Video:

https://www.youtube.com/watch?v=tJYHREVdHB0

You can get pre-installed pfSense hardware here:
I use a PC Engines APU.1D4 Bundle which is only available on the German Amazon, so you have to look how to get it in the US, but I assume the options above are of equal quality.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link
Powered by Social Snap