Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Backing up a pfsense machine

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 7 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pftdm007
      last edited by

      I am wondering what would be the best way to back up a pfsense machine (router, dhcp server, etc) via network?  Of course, the machine needs to be on and functional because it is my network's dhcp server and router…

      I will be backing up TO a slackware server.  I am thinking about a rsync script via ssh tunnel to a NFS share on the slackware server.  The only concern I have is potential problems to copy files in use and other PID files....

      Has anybody tried to do that ?  I want to do this because pfsense is currently running on an older machine and I fear hard drive crash in the future...

      Please advise!

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        The only file you need to back up is the config.xml file.  From this one file, you can quickly put a freshly installed pfSense box into production.  There is a backup/restore feature in the webGUI for you to save a copy of the config to your local machine, which I recommend you use every time you make significant changes to your pfSense configuration.

        No reason for an automated system here unless you REALLY want one.

        1 Reply Last reply Reply Quote 0
        • P Offline
          pftdm007
          last edited by

          Thanks for your reply!

          I agree with you, in term of config, the XML file might be all I need to backup, but I was thinking about the binaries (pfSense itself) in case the HDD dies.  Having some kind of image would not reduce downtime?  That would not be faster than reinstalling pfsense?

          Maybe I'm pushing the limits…

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            Its much less complicated to have a spare HD with a fresh pfSense install.  Although if downtime is really that big a concern, consider running a CARP cluster so that a single hardware failure does not result in downtime.  Again, you can do all of what you're thinking, including creating a bitwise disk image of your current pfSense install, but probably not worth the effort involved.

            1 Reply Last reply Reply Quote 0
            • jimpJ Offline
              jimp Rebel Alliance Developer Netgate
              last edited by

              If you have a spare hdd of the same size, use gmirror:

              http://doc.pfsense.org/index.php/Create_a_Software_RAID1_%28gmirror%29

              Otherwise just grab the config.xml:

              http://doc.pfsense.org/index.php/Remote_Config_Backup

              Or even better, get a support subscription and use AutoConfigBackup ;)

              Seriously though, keep a CD handy, and a small USB key, and you can be back up from bare metal in probably less than 5 minutes with just a backup of config.xml:

              http://doc.pfsense.org/index.php/Automatically_Restore_During_Install

              There's really no reason to worry about backing up the system binaries unless you made custom changes to them that need to be reapplied after install or firmware update. It's not like a windows box where you have to install, configure it all, run updates, fiddle, run more updates, etc. You just install to hdd with the old config and bam, it's back to its old self.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • M Offline
                mhab12
                last edited by

                I think it's also worth pointing out that there is no need to reinstall packages after a restore either, as the system will (re)download and (re)install them at boot.  The whole process is, as others stated, very quick and easy.  I would second the support subscription option for AutoConfigBackup.

                1 Reply Last reply Reply Quote 0
                • E Offline
                  eirikz
                  last edited by

                  I do love my ESX-installation, and I enjoy having the snapshotfunctionality avaliable if I'm implementing larger changes on the system.

                  Five second recovery is the shizzle fo nizzle.

                  Running pfSense on :
                  DL380G4 with ESX Vsphere and DL360G4p bare metal

                  1 Reply Last reply Reply Quote 0
                  • K Offline
                    kycnotes
                    last edited by

                    I recently had a hardware failure on my pfSense box and had it installed and up and running within ten minutes by having the config.xml saved.  IMO it is worth keeping a second box around for failures like this. So Simple!

                    1 Reply Last reply Reply Quote 0
                    • K Offline
                      kronso
                      last edited by

                      The way I'm proceeding is:

                      Have a live CD burned with the ISO of pfSense.

                      Back up the config file via the web interface.

                      If the machine crashes and burns, reinstall from the live CD. Then restore the settings (config file) via web interface.

                      If you have added different NIC drivers than what is included at some point, maybe you back those up and document the steps to reinstall those.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.