Restoring from AutoConfigBackup

Restoring a backup entry from the Automatic Configuration Backup Service is a straightforward process, but there are several other actions and techniques which may be useful as well.

The AutoConfigBackup Restore tab contains a list of backups and controls to act on those backups as well as showing backups for other devices.

../_images/acb-service.png

AutoConfigBackup Restore tab, with Device Key and backup list visible

Restoring an AutoConfigBackup Entry

This procedure is a brief overview of how to restore a remote configuration backup from the AutoConfigBackup service using the GUI:

  • Navigate to Services > Auto Config Backup

  • Click the Restore tab at the top

  • Locate the desired entry in the Backup List

  • Click fa-undo to the right of the configuration row

  • Click OK to confirm the restore action

AutoConfigBackup will download the configuration specified from the AutoConfigBackup service, decrypt it with the Encryption Password, and restore the configuration.

Warning

By default the restore process will not initiate a reboot. Depending on the configuration items restored, a reboot may not be necessary. For example, firewall and NAT rules are automatically reloaded after restoring a configuration, but interface configurations are not.

After restoring, the GUI presents a prompt offering to reboot. If the restored configuration changes anything other than the NAT and firewall rules, the device requires a reboot to fully activate the changes:

  • Click Yes in the save message, which navigates to the Reboot page

  • Click fa-wrench Submit to reboot the device

For more details about other capabilities of the Restore tab, continue reading this document.

Device Key

This section displays the Device Key AutoConfigBackup used to retrieve the backups on the page. This could be a randomized device key stored in the configuration or a legacy device key.

Tip

Click fa-download to save a copy of this device key.

To see backups stored using another key, paste the key into the Device Key field and click fa-search Search.

When viewing another key, use the fa-undo Reset button to return the page to the original device key.

The lower section contains a fa-search Check button to easily swap to another known key. This button behavior changes depending on the current view:

  • When viewing a current device key, if the device contains a legacy device key, this button will show backups stored under the legacy key.

  • When viewing backups from the legacy key, it changes to a button which displays backups from the current device key.

  • If there is no alternate key, the button does not display.

Backup List

The section of the page titled Automatic Configuration Backups displays a list of remote backup entries stored on the AutoConfigBackup service for a given Device Key.

The list contains the following columns for each backup entry:

Local Date/Time:

The date and time the backup was created, with the time zone adjusted to be local to this device.

Note

The AutoConfigBackup service stores entries with a UTC timestamp.

Configuration Change:

A brief description of the configuration change. This is typically an automatic string containing who made a change and what change they made, but may also contain a manual backup reason.

Actions:

A list of actions which can be taken on a backup entry:

At the bottom of the list are two lines:

  • A current count of hosted backups for this device key on the AutoConfigBackup service.

  • A count of configuration backups staged for upload which have not yet been processed. The page only includes this line when there are staged entries waiting. Staged configuration backup entries are uploaded once per minute. See How AutoConfigBackup Works for details.

../_images/acb-staged.png

Bottom of AutoConfigBackup Restore tab backup list showing backup count and number of backups staged waiting to upload.

Viewing AutoConfigBackup Entry Details

Clicking the fa-file-lines icon for an entry on the Backup List opens up the Revision tab for the AutoConfigBackup backup entry.

This page contains the following fields:

Service Date/Time:

The date and time in UTC when this backup revision was stored on the AutoConfigBackup service.

Local Date/Time:

The same timestamp converted to the local time zone of the device.

Revision Reason:

A brief description of the configuration change. This is typically an automatic string containing who made a change and what change they made, but may also contain a manual backup reason.

SHA256 Summary:

A SHA256 hash of the configuration data, used to confirm that the contents are correct.

Encrypted config.xml:

The encrypted blob containing the configuration data. This can be copied and pasted and decrypted manually as described in Encrypted Configuration files.

Decrypted config.xml:

The decrypted contents of the configuration. This can be copied and pasted to a file and saved, similar to downloading the entry.

Tip

The fa-cloud-arrow-down Download this revision button accomplishes this much easier, but some users may wish to copy/paste the contents for other purposes.

Restore Button:

Clicking the fa-undo Restore button restores this AutoConfigBackup backup entry. Prompts for confirmation. Read Restoring an AutoConfigBackup Entry for additional details and warnings.

Download this revision Button:

Clicking the fa-cloud-arrow-down Download this revision button Downloads the AutoConfigBackup backup entry as an XML file.

Bare Metal Restoration from AutoConfigBackup

If the disk in the firewall fails or if the device key changes, the AutoConfigBackup service can restore a backup from the previous installation as long as the Device Key and the Encryption Password of the previous installation are both known.

  • Install pfSense® software on the device

  • Connect to the GUI and login

  • Click the logo at the top left to skip the wizard

    If the WAN requires special configuration, use the wizard or configure it manually.

  • Navigate to Services > Auto Config Backup, Settings tab

  • Set the Encryption Password to match the previous installation

  • Navigate to the Restore tab

  • Paste the old device key into the Device Key field

  • Click the fa-search Search button

    This temporarily displays a list of backups for an alternate Device Key.

  • Locate the desired entry in the Backup List

  • Click fa-undo to the right of the configuration row

  • Click OK to confirm the restore action

  • Click Yes in the save message, which navigates to the Reboot page

  • Click fa-wrench Submit to reboot the device

When the device boots back up it will be running the restored configuration.