What information is Netgate collecting?
-
What about my configuration is being uploaded?
-
@notyouritmanager that looks like the auto backup, your config is uploaded (encrypted on your end)..
You can turn if off if you want..
-
@johnpoz Thank you so much, that makes sense now.
-
Yes, and there was an issue with the server yesterday which is probably why you're seeing that alert.
And just to be clear the config is all encrypted locally on the firewall before it's sent. We have no access to it.Steve
-
@stephenw10 Then why is it uploaded to Netgate in the first place?
-
@cool_corona Have you ever tried to recover from a system crash or a bad config change, and NOT had a recent "local" backup of your firewall (pfsense) config? It's a really bad experience...
Functionality and Benefits
When a change is made to the configuration on a firewall, AutoConfigBackup automatically encrypts the contents with the passphrase entered in the AutoConfigBackup settings and then uploads the backup over HTTPS to Netgate servers. This gives instant, secure offsite backups of a firewall with no user intervention.That last part is important - with no user intervention
https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html
-
Yep right here no recent backups,
been there and done that.
Function is a life saver for people who don't ever think about backups
-
Yeah, as long as you have a note of the backup password and device key (we can often recover the key if you don't) then you can re-install, enter those and recover the last config.
It is pulled from our server and decrypted locally on the firewall so, again, we never have access to the unencrypted config.Steve
-
@cool_corona said in What information is Netgate collecting?:
@stephenw10 Then why is it uploaded to Netgate in the first place?
It's doing that because the user told the firewall they wanted it to do that.
It's for secure remote backups, and it's off by default and completely opt-in. Maybe they forgot they enabled it, or another user enabled it, but it was done by choice not by Netgate.
