Restoring from AutoConfigBackup¶
Restoring a backup entry from the Automatic Configuration Backup Service is a straightforward process, but there are several other actions and techniques which may be useful as well.
The AutoConfigBackup Restore tab contains a list of backups and controls to act on those backups as well as showing backups for other devices.

AutoConfigBackup Restore tab, with Device Key and backup list visible¶
Restoring an AutoConfigBackup Entry¶
This procedure is a brief overview of how to restore a remote configuration backup from the AutoConfigBackup service using the GUI:
Navigate to Services > Auto Config Backup
Click the Restore tab at the top
Locate the desired entry in the Backup List
Click
to the right of the configuration row
Click OK to confirm the restore action
AutoConfigBackup will download the configuration specified from the AutoConfigBackup service, decrypt it with the Encryption Password, and restore the configuration.
Warning
By default the restore process will not initiate a reboot. Depending on the configuration items restored, a reboot may not be necessary. For example, firewall and NAT rules are automatically reloaded after restoring a configuration, but interface configurations are not.
After restoring, the GUI presents a prompt offering to reboot. If the restored configuration changes anything other than the NAT and firewall rules, the device requires a reboot to fully activate the changes:
Click Yes in the save message, which navigates to the Reboot page
Click
Submit to reboot the device
For more details about other capabilities of the Restore tab, continue reading this document.
Device Key¶
This section displays the Device Key AutoConfigBackup used to retrieve the backups on the page. This could be a randomized device key stored in the configuration or a legacy device key.
Tip
Click to save a copy of this device key.
To see backups stored using another key, paste the key into the Device Key
field and click Search.
When viewing another key, use the Reset button to return the page
to the original device key.
The lower section contains a Check button to easily swap to
another known key. This button behavior changes depending on the current view:
When viewing a current device key, if the device contains a legacy device key, this button will show backups stored under the legacy key.
When viewing backups from the legacy key, it changes to a button which displays backups from the current device key.
If there is no alternate key, the button does not display.
Backup List¶
The section of the page titled Automatic Configuration Backups displays a list of remote backup entries stored on the AutoConfigBackup service for a given Device Key.
The list contains the following columns for each backup entry:
- Local Date/Time:
The date and time the backup was created, with the time zone adjusted to be local to this device.
Note
The AutoConfigBackup service stores entries with a UTC timestamp.
- Configuration Change:
A brief description of the configuration change. This is typically an automatic string containing who made a change and what change they made, but may also contain a manual backup reason.
- Actions:
A list of actions which can be taken on a backup entry:
: Restore this AutoConfigBackup backup entry. Prompts for confirmation. Read Restoring an AutoConfigBackup Entry for additional details and warnings.
: Views the details of the AutoConfigBackup backup entry, including the configuration itself.
: Downloads the AutoConfigBackup backup entry as an XML file.
: Deletes the AutoConfigBackup backup entry. Prompts for confirmation.
At the bottom of the list are two lines:
A current count of hosted backups for this device key on the AutoConfigBackup service.
A count of configuration backups staged for upload which have not yet been processed. The page only includes this line when there are staged entries waiting. Staged configuration backup entries are uploaded once per minute. See How AutoConfigBackup Works for details.

Bottom of AutoConfigBackup Restore tab backup list showing backup count and number of backups staged waiting to upload.¶
Viewing AutoConfigBackup Entry Details¶
Clicking the icon for an entry on the Backup List
opens up the Revision tab for the AutoConfigBackup backup entry.
This page contains the following fields:
- Service Date/Time:
The date and time in UTC when this backup revision was stored on the AutoConfigBackup service.
- Local Date/Time:
The same timestamp converted to the local time zone of the device.
- Revision Reason:
A brief description of the configuration change. This is typically an automatic string containing who made a change and what change they made, but may also contain a manual backup reason.
- SHA256 Summary:
A SHA256 hash of the configuration data, used to confirm that the contents are correct.
- Encrypted config.xml:
The encrypted blob containing the configuration data. This can be copied and pasted and decrypted manually as described in Encrypted Configuration files.
- Decrypted config.xml:
The decrypted contents of the configuration. This can be copied and pasted to a file and saved, similar to downloading the entry.
Tip
The
Download this revision button accomplishes this much easier, but some users may wish to copy/paste the contents for other purposes.
- Restore Button:
Clicking the
Restore button restores this AutoConfigBackup backup entry. Prompts for confirmation. Read Restoring an AutoConfigBackup Entry for additional details and warnings.
- Download this revision Button:
Clicking the
Download this revision button Downloads the AutoConfigBackup backup entry as an XML file.
Bare Metal Restoration from AutoConfigBackup¶
If the disk in the firewall fails or if the device key changes, the AutoConfigBackup service can restore a backup from the previous installation as long as the Device Key and the Encryption Password of the previous installation are both known.
Install pfSense® software on the device
Connect to the GUI and login
Click the logo at the top left to skip the wizard
If the WAN requires special configuration, use the wizard or configure it manually.
Navigate to Services > Auto Config Backup, Settings tab
Set the Encryption Password to match the previous installation
Navigate to the Restore tab
Paste the old device key into the Device Key field
Click the
Search button
This temporarily displays a list of backups for an alternate Device Key.
Locate the desired entry in the Backup List
Click
to the right of the configuration row
Click OK to confirm the restore action
Click Yes in the save message, which navigates to the Reboot page
Click
Submit to reboot the device
When the device boots back up it will be running the restored configuration.