• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Auto Config backup.

Scheduled Pinned Locked Moved General pfSense Questions
12 Posts 5 Posters 2.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    Gertjan
    last edited by Dec 5, 2018, 9:02 AM

    Hi,

    Google drive == Cloud. So why asking for an option that doesn't make people happy ?

    You could use 'any' shell script on pfSense to copy the config file to a location that is accessible to you.
    Or use a tool like https://github.com/KoenZomers/pfSenseBackup

    No "help me" PM's please. Use the forum, the community will thank you.
    Edit : and where are the logs ??

    V 1 Reply Last reply Dec 5, 2018, 1:15 PM Reply Quote 0
    • V
      vallum @Gertjan
      last edited by Dec 5, 2018, 1:15 PM

      @gertjan said in Auto Config backup.:

      Hi,

      Google drive == Cloud. So why asking for an option that doesn't make people happy ?
      Some of the organizations use Google for email/drive.
      some have designed their own in-house solution.

      You could use 'any' shell script on pfSense to copy the config file to a location that is accessible to you.

      yes can be used, but this will be security loophole. config is gonna be in plain text at backup server. hence not complaint

      Or use a tool like https://github.com/KoenZomers/pfSenseBackup
      this is totally different approach, not quite good for security reasons.

      Manu

      G 1 Reply Last reply Dec 5, 2018, 1:31 PM Reply Quote 0
      • G
        Grimson Banned @vallum
        last edited by Dec 5, 2018, 1:31 PM

        @vallum said in Auto Config backup.:

        You could use 'any' shell script on pfSense to copy the config file to a location that is accessible to you.

        yes can be used, but this will be security loophole. config is gonna be in plain text at backup server. hence not complaint

        Then encrypt it in your shell script.

        V 1 Reply Last reply Dec 5, 2018, 1:36 PM Reply Quote 0
        • V
          vallum @Grimson
          last edited by Dec 5, 2018, 1:36 PM

          @grimson said in Auto Config backup.:

          @vallum said in Auto Config backup.:

          You could use 'any' shell script on pfSense to copy the config file to a location that is accessible to you.

          yes can be used, but this will be security loophole. config is gonna be in plain text at backup server. hence not complaint

          Then encrypt it in your shell script.

          Yeah can be done but quite messy, it would be nice if liberty to add our own drive or ftpes or sftp in auto config backup.

          Manu

          G G 2 Replies Last reply Dec 5, 2018, 1:39 PM Reply Quote 0
          • G
            Grimson Banned @vallum
            last edited by Dec 5, 2018, 1:39 PM

            @vallum said in Auto Config backup.:

            Yeah can be done but quite messy, it would be nice if liberty to add our own drive or ftpes or sftp in auto config backup.

            First you talk about security and then you would use ftpes? 🤦

            V 1 Reply Last reply Dec 5, 2018, 1:42 PM Reply Quote 0
            • V
              vallum @Grimson
              last edited by Dec 5, 2018, 1:42 PM

              @grimson said in Auto Config backup.:

              @vallum said in Auto Config backup.:

              Yeah can be done but quite messy, it would be nice if liberty to add our own drive or ftpes or sftp in auto config backup.

              First you talk about security and then you would use ftpes? 🤦

              Please read about FTPes .

              Manu

              1 Reply Last reply Reply Quote 0
              • G
                Gertjan @vallum
                last edited by Gertjan Dec 5, 2018, 1:49 PM Dec 5, 2018, 1:48 PM

                @vallum said in Auto Config backup.:

                to add our own drive or ftpes or sftp in auto config backup

                pfSEnse has a build in facility - using their disk space "some where".
                A facility they can control, thus support.

                All other solution : a "one liner" shells script to a remote smb/server/whatever - the script could encrypt on the fly. You control the access of the remote location.
                So, there it is : a one line command on a cron tab. Up to you to make something that fits your needs.
                Because billions of needs exist, pfSense couldn't implement (and support) them all.

                Google has already many possible answers about this question.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                V 1 Reply Last reply Dec 6, 2018, 8:22 AM Reply Quote 0
                • T
                  tim.mcmanus
                  last edited by Dec 5, 2018, 6:32 PM

                  So your compliance needs are for data to be encrypted while in transit and at rest? What are the additional compliance requirements for data at rest? Sounds a lot like HIPAA or SEC/OCC compliance.

                  You could simply get an Amazon CentOS server and put it on S3 storage to pass audits. S3 is encrypted at rest, but the data file itself would not be. Depends on your auditor and their mood.

                  If Netgate had regular audits and could produce/maintain an ISO 27001 document demonstrating compliance, with additional assurances of data encryption at rest, that should also comply with your audit requirements. This is something you will get from any data center provider if they are hosting your stuff.

                  But without knowing what your data at rest compliance requirements are, getting you an exact solution to your compliance needs may be elusive.

                  V 1 Reply Last reply Dec 6, 2018, 8:31 AM Reply Quote 0
                  • V
                    vallum @Gertjan
                    last edited by Dec 6, 2018, 8:22 AM

                    @gertjan said in Auto Config backup.:

                    @vallum said in Auto Config backup.:

                    to add our own drive or ftpes or sftp in auto config backup

                    pfSEnse has a build in facility - using their disk space "some where".
                    A facility they can control, thus support.

                    All other solution : a "one liner" shells script to a remote smb/server/whatever - the script could encrypt on the fly. You control the access of the remote location.
                    So, there it is : a one line command on a cron tab. Up to you to make something that fits your needs.
                    Because billions of needs exist, pfSense couldn't implement (and support) them all.

                    Google has already many possible answers about this question.

                    Firewall already has backup service as core component :
                    https://www.netgate.com/docs/pfsense/backup/autoconfigbackup.html , hardcoded netgate cloud storage . point which I wanna make is users should have the liberty to select storage of their choice.

                    Manu

                    1 Reply Last reply Reply Quote 0
                    • V
                      vallum @tim.mcmanus
                      last edited by Dec 6, 2018, 8:31 AM

                      @tim-mcmanus said in Auto Config backup.:

                      So your compliance needs are for data to be encrypted while in transit and at rest? What are the additional compliance requirements for data at rest? Sounds a lot like HIPAA or SEC/OCC compliance.

                      yes at rest and as well as in transit. Also methodology used to achieve backup.

                      You could simply get an Amazon CentOS server and put it on S3 storage to pass audits. S3 is encrypted at rest, but the data file itself would not be. Depends on your auditor and their mood.

                      If Netgate had regular audits and could produce/maintain an ISO 27001 document demonstrating compliance, with additional assurances of data encryption at rest, that should also comply with your audit requirements. This is something you will get from any data center provider if they are hosting your stuff.

                      But without knowing what your data at rest compliance requirements are, getting you an exact solution to your compliance needs may be elusive.

                      well I already have external server in place which used git-crypt to store config and generates email for every change done in firewall with source ip and username.
                      it took around 2 months to design this solution using dozens of open source modules. only problem is that keyless ssh is used which is not safe when firewall is in picture.

                      Manu

                      1 Reply Last reply Reply Quote 0
                      12 out of 12
                      • First post
                        12/12
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received