Configuration - Backing up and restoring to a backup unit
-
I created a backup firewall using PFSense. Both units are the same hardware and PFSense version. I have all my port rules setup and some other rules and also have SNORT installed and setup.
My question is if i backup the config on the primary unit, will it restore all my settings including SNORT if I install it on the backup unit and done set it up. If not i plan to setup the backup unit manually.
I also have OpenVPN setup
-
I like to do this also - have an offline backup system ready to go in places where I have spare hardware. (With CARP or any solution with multiple boxes powered up together, all the hardware can be killed by the 1 lightning strike…).
You can restore the config, then it is good to get it to load all the packages when it first boots, so it is ready to go when needed. In practice, I find I need to plug it in as the real pfSense during some after hours period, let it boot up, download the packages it wants and start up. Actually, you can then leave it in place as the production unit and keep the previous production unit as the disaster backup hardware.
If your WAN uses DHCP, then you can plug the backup unit into some other internet connection, and it will get DHCP on WAN and download packages... But if it has a static IP set on WAN in the config, then the only way to get it to download packages is to plug it in as the real production unit. (Otherwise you have to change the config to make it connect on some other WAN, and then make sure you correctly reverse the changes you made so that the backup unit really is an identical config to the production unit.)
