Read PFsense Configuration Data

  • Hi Everyone,

    we are currently trying to set up a CMDB for our Company and plan to document which ports are Open on our Servers.
    So far our Network scan gives me a list of all Open HTTPS and HTTP ports in our Company network, the Probem is that just because there is an open Port, does not mean the Port is reachable from outside the Company.
    So im looking for a way to export the Configuration/Information from our PFsense, but i really dont know where to start.
    I know there is a conf file on the Server that has all the Information i need, or at least thats what i think, but i dont know how to get this information with a process that can be automatized.

    The next problem will be the Version of our PFsense because its rather old, we are using 2.1-RELEASE (i386) on FreeBSD 8.3-RELEASE-p11.

    thanks in Advance

  • Netgate Administrator

    Config is stored in /conf/config.xml. You can automate extracting it by SSHing to the firewall to and pulling it or by pushing it from the firewall using a cron job.

    Is there any good reason you're running such an old version? Even if you're stuck on 32bit you should be running 2.3.X.


  • That's the reason ->

    i know FTP sucks but some of our old costumers still are using it.

  • So you're running an outdated firewall to use an outdated protocol. Wow, that's beyond stupid.

  • Don't tell me, I'm trying to convince them to update but so far no luck

  • @trexman said in Read PFsense Configuration Data:

    Don't tell me, I'm trying to convince them to update but so far no luck

    Well, there is always this potential huge advantage (for you) : maintain old software (like IE6 in the old days) tend to run into open budgets .... because you'll be dealing with the case after things go bad.
    So, more serious : they have to right to choose whatever they want. I'll advise you leave this boat - no need to sink with them ;)

  • Netgate Administrator

    So FTP servers behind the firewall that cannot be configured to pass an external IP or use a custom data port range?

    Apart from the already mentioned issues can you not persuade customers to at least use a half decent FTP server? 😖