Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote autoconfiguration of new appliance?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 3 Posters 399 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IntegriSys
      last edited by

      Hello good people,

      I recently had a discussion regarding firewalls and setup in remote locations without a dedicated IT-technician.
      It was mentioned that Fortinet has a solution for autoconfiguration of new hardware appliances without any intervention or the need to be present to configure the new box. He said that in the case of a failure, he could just deliver a new box to the location and all that was needed was to connect the new box to the internet. The correct configuration would be automatically downloaded and applied, completely eliminating the need to travel to the location to perform setup.

      Are there any ways to do something similar using pfSense?

      -Øystein

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        First, do you like the idea to have any provider store a copy of your whole Firewall configuration, maybe including Certificates, Keys and so on?
        Second, thinking about send our cleaning lady to the server rack for swapping the Firewall is causing some sickness.... after that I probably have more damage than just the Firewall.

        Seriously, for me this is more like markeging/salesdude blahblah.....if I have a remote location with connectivity issues someone need to check what really is the problem.
        I like the idea to just sit in the HQ and wait for a location going down, instant order a new Fortinet as shot in the dark via UPS express and anything is smooth again....this just won't happen in 99% cases.

        No idea about Fortinet in general, maybe they have 50% failure quota for their hardware so yeah this feature is neat. :-)

        -Rico

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire
          last edited by

          I'm not familiar with that but I would think it's slightly more complicated, like perhaps someone attaches the device to the proper account online.

          If you had a backup of the pfSense config (https://docs.netgate.com/pfsense/en/latest/book/backup/using-the-autoconfigbackup-package.html) you could restore the backup and ship the router to the destination. Or if the backup was stored on site (as we usually do) and someone there was able, have them restore from backup.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • I
            IntegriSys
            last edited by

            Hello again,

            Thanks for the replies. You have some very valid concerns there Rico, and I totally agree.
            However this kind of feature sounded good to me as I was thinking in the lines of the MSSP business.
            Not for businessclients, but for customers at home that needs help to secure their own environment.
            The easier this is for the end-user the better in my opinion, but loading the correct config before shipping as teamits suggested solves this.
            That removes the complexity and risk of having a secure deploymentenvironment that also can fail :-)
            Thanks!

            -Øystein

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.