Making Backups in the GUI

Making a backup in the GUI is simple:

  • Navigate to Diagnostics > Backup & Restore

  • Set any desired options, or leave the options at their default values.

  • Click Download Configuration as XML (Figure GUI Backup).

../_images/backup-backup.png

GUI Backup

The web browser will then prompt to save the file somewhere on the PC being used to view the GUI. It will be named config-<hostname>-<timestamp>.xml, but that may be changed before saving the file.

Backup Options

When performing a backup, GUI options are available to control what is contained within the backup file.

Backup Area

Limits the backup contents to a single configuration area, rather than a complete configuration backup.

The default behavior is to inclue all areas in the backup.

Note

When restoring a configuration containing only a single area, the Restore area value must be set to match.

Skip Packages

Controls whether or not the backup will contain installation data and settings for packages. Omitting this data from a backup can be a useful way to quickly remove all traces of packages from a configuration when troubleshooting.

Warning

After restoring a configuration without package data all packages must be reinstalled and reconfigured.

The default is unchecked so that all package data is included in the backup.

Skip RRD Data

Controls whether or not the backup will contain an exported copy of data used to generate monitoring graphs. When restoring a backup containing RRD data, the graph data is also restored.

The default is checked which omits the RRD data from the backup as it significantly increases the size of backup files.

Include Extra Data

Controls whether or not the backup file will include additional optional data. This includes Captive Portal databases and DHCP lease databases. These databases are volatile. While the data can be useful for transferring to new hosts or for frequent backups, it is not as useful for long-term backups.

The default is unchecked which omits this extra data from the backup as it can significantly increase the size of backup files.

Backup SSH Keys

Controls whether or not the backup file will include a copy of the SSH host keys.

Clients use these keys to uniquely identify the firewall, so preserving the keys when restoring makes it easier for clients to recognize the firewall after reinstalling or restoring to new hardware. Additionally, AutoConfigBackup uses the SSH host keys to identify the firewall when creating and restoring backups, so preserving the keys allows the firewall to maintain a consistent backup history after a reinstallation.

Encryption

Controls whether or not the backup file is encrypted before download.

When set, the GUI presents Password and confirmation fields, the contents of which are used by pfSense® software to encrypt the backup file with AES-256.

The default behavior is unchecked which creates clear text XML backup files.