Save config on cf with full installation



  • Hi,

    Short question. Is it possible to save the configuration to a cf disk in the appliance? I know you can download the config, but that's not enough. Every change made to the firewall should be written directly to a cf disk. Or should we create a cronjob to do this??

    We're planning to use a full installation on a hard disk in an appliance we put together. Those machines will replace a bunch of commercial firewalls (netasq) at our custumers sites. Why you might think? Great features (multi wan, failover, etc) without any extra costs. If you search the same functionality with a commercial product…

    Thx.



  • Guess you are talking about something like that: http://www.pyramid.de/e/oem/zero-conf-technology.php (they sell platforms with an sdcardreader built in). I wouldn't use a cronjob for this or at least not if the config.xml is not checked for changes. Writing frequently to a cfmedia kills the media. It would be nicer to write or copy the config.xml every time it is changed. This way you don't lose changes of a crashed machine before the cronjob kicked in. Sounds like a nice feature.

    Another way to do this without a local media attached to backup to would be simply downloading the config.xml from some kind of "management machine" that has a cronjob to grab the config.xml frequently via sftp for example. That management machine could snapshot several pfSense configs and save them locally.



  • The hardware is VIA based and has IDE port and CF socket.
    A management station isn't a bad idea to keep revisions and so on. But having a local copy of the config is the fastest way to restore after a disk crash. It's easy to compare before you copy config.xml. I even think it's better for the media if you create a new file to spread the writes over the disk (and keep revisions too).



  • @prodius:

    Hi,

    Short question. Is it possible to save the configuration to a cf disk in the appliance? I know you can download the config, but that's not enough. Every change made to the firewall should be written directly to a cf disk. Or should we create a cronjob to do this??

    We're planning to use a full installation on a hard disk in an appliance we put together. Those machines will replace a bunch of commercial firewalls (netasq) at our custumers sites. Why you might think? Great features (multi wan, failover, etc) without any extra costs. If you search the same functionality with a commercial product…

    Thx.

    All you should need to do is disklabel, newfs, mount the CF over /cf and update /etc/fstab.  Some FreeBSD administration experience is helpful here of course ;)  You might be able to get away with the CF being FAT32 here and just mount that in /cf.

    –Bill


Locked