Copy Files to a USB Drive

On occasion it may be necessary to copy files to or from the firewall using a USB flash drive.


This procedure assumes the drive is formatted with FAT or FAT32 (Also known as “DOS”) partitions.

At this time it is not possible to use drives formatted as exFAT or NTFS.

This procedure assumes the user is connected to the firewall console or using SSH and connected using an SSH client.

Locate Drive and Partition Name

Mounting the drive requires knowing the device name of the USB flash drive and the name of the FAT partition.

There are a couple different methods to determine these values.

Using Device Labels

The most convenient way to mount a drive is by its device label, if it is known. This is the name given by the user in Windows when formatting the drive or by altering the drive properties.

With the drive connected, look at the list of available device labels for DOS partitions:

: ls -l /dev/msdosfs/
crw-r-----  1 root  operator  0x93 Jul  8 13:56 MYDRIVE
crw-r-----  1 root  operator  0x65 Jul  8 11:30 EFISYS

In this example, the drive is named MYDRIVE and when mounting the full name of /dev/msdosfs/MYDRIVE is valid for use by mount.


On UEFI systems the EFISYS label is the system EFI boot partition, do not mount or alter the content of that partition!

Using gpart

The most definitive way to locate the correct drive and partition is to use gpart and look for a fat32 entry.

This example system has two multiple disks, but only one of them is a USB thumb drive with a FAT32 partition:

: gpart list | egrep 'Name:| type:'
1. Name: mmcsd0p1
   type: efi
2. Name: mmcsd0p2
   type: freebsd-boot
3. Name: mmcsd0p3
   type: freebsd-swap
4. Name: mmcsd0p4
   type: freebsd-zfs
1. Name: mmcsd0
1. Name: da0s1
   type: fat32
1. Name: da0

In this example the target partition is da0s1 as it’s the name corresponding to the fat32 type entry.

This next example system has a USB drive containing multiple partitions, but only one of them is FAT32:

: gpart list | egrep 'Name:| type:'
1. Name: da0s1
   type: efi
2. Name: da0s2
   type: fat32
3. Name: da0s3
   type: freebsd
1. Name: da0
1. Name: da0s3a
   type: freebsd-zfs
1. Name: da0s3

Based on the above output the target partition is da0s2.

System Log and Device List

This method is not as accurate but may be good enough for the majority of use cases.

Monitor the console or watch the system log when inserting the USB drive (e.g. tail -F /var/log/system.log). This will contain output similar to the following:

ugen0.2: <USB Flash Disk> at usbus0
umass0 on uhub0
umass0: <USB Flash Disk, class 0/0, rev 2.00/11.00, addr 1> on usbus0
da0 at umass-sim0 bus 0 scbus0 target 0 lun 0
da0: <USB Flash Disk 1100> Removable Direct Access SPC-2 SCSI device
da0: Serial Number FBG1204030507369
da0: 40.000MB/s transfers
da0: 1912MB (3915776 512 byte sectors)
da0: quirks=0x2<NO_6_BYTE>

This output indicates the correct drive is da0 but it does not help determine the correct partition on that drive.

Next, look at the list of devices in /dev/ to see which partitions are present on the drive:

: ls -l /dev/da0*
crw-r-----  1 root  operator  0x91 Jul  8 13:56 /dev/da0
crw-r-----  1 root  operator  0x92 Jul  8 13:56 /dev/da0s1

For a USB drive containing only a single FAT32 partition, da0s1 is likely the correct partition.

Mount the Partition

Before mounting, create a directory to use as the mountpoint. The directory /mnt can be used for this purpose but a safer practice is to create a custom directory:

: mkdir -p /root/usb

The next step is to mount the drive using the full path to the label or partition and the mount point:

Label example:

: mount -t msdosfs /dev/msdosfs/MYDRIVE /root/usb

Partition device example:

: mount -t msdosfs /dev/da0s1 /root/usb


Remember to unmount the drive before removing it from USB!

Copy the Files

With the drive mounted, files can be copied to or from the drive using the mountpoint directory, /root/usb in this example.

Copy/Move files from the firewall to the USB drive:

: cp /conf/config.xml /root/usb/config-backup.xml
: mv /tmp/status_output.tgz /root/usb/

Copy files from the USB drive to the firewall:

: cp /root/usb/ /root/bin/

Unmount and Clean Up

After copying files, the drive must be unmounted:

: umount /root/usb/

With the drive unmounted it is now safe to remove the USB device from the firewall.


Failing to unmount the drive before removing the USB device can result in a kernel panic and reboot!

Next, remove the mountpoint directory if it is no longer necessary:

: rmdir /root/usb/


This is optional. The mountpoint directory may be left in place for future use.


Do not use rm -rf or similar on the mountpoint! If the device was still mounted, this would destroy files on the device. Using rmdir ensures the operation will only have an effect if the directory is empty.

Full Example

# Insert the USB drive

# Find the label
: ls -l /dev/msdosfs/
crw-r-----  1 root  operator  0x93 Jul  8 13:56 MYDRIVE

# Create the mountpoint
: mkdir /root/usb

# Mount the drive
: mount -t msdosfs /dev/msdosfs/MYDRIVE /root/usb

# Copy files
: cp /conf/config.xml /root/usb/config-backup.xml

# Unmount the drive
: umount /root/usb/

# Remove the mountpoint
: rmdir /root/usb/

# Remove the USB drive