The document discusses various methods for backing up and restoring the pfSense configuration file (config.xml) including:
1) Backing up config.xml from the GUI by downloading it as an XML file, which can optionally be encrypted.
2) Restoring config.xml from the GUI by uploading a backup file. Interface assignments may need to be adjusted during restore.
3) The configuration history in the GUI automatically backs up config.xml on changes and allows restoring previous versions.
4) Manually editing config.xml requires care to avoid breaking the XML format. Removing package information can prevent reinstalling unwanted packages.
in this GLC webinar, we are discussing about how to detect networking virus using mikrotik. the topics starts from what the virus is, how it works, and then what routerOS can do to deal with them.
in this GLC webinar, we are discussing about how to detect networking virus using mikrotik. the topics starts from what the virus is, how it works, and then what routerOS can do to deal with them.
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Webinar topic: Mikrotik Fastpath vs Fasttrack
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Mikrotik Fastpath vs Fasttrack
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/et6MwYY0dvo
Software Defined Datacenter with ProxmoxGLC Networks
Webinar topic: Software Defined Datacenter with Proxmox
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Software Defined Datacenter with Proxmox
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording available on Youtube
https://youtu.be/X9MZDSDdYMI
The Message Passing Interface (MPI) in Layman's TermsJeff Squyres
Introduction to the basic concepts of what the Message Passing Interface (MPI) is, and a brief overview of the Open MPI open source software implementation of the MPI specification.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNP nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
Webinar topic: VLAN vs VXLAN
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing VLAN vs VXLAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available on Youtube
https://youtu.be/HDo7XVLRd9E
a brief overview on link aggregation ieee 802.3adtanay_7even
This small presentation gives a very brief overview on link aggregation ieee 802.3ad protocol being used in networking by various organizations, its basics, limitations etc.
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Webinar topic: Mikrotik Fastpath vs Fasttrack
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Mikrotik Fastpath vs Fasttrack
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/et6MwYY0dvo
Software Defined Datacenter with ProxmoxGLC Networks
Webinar topic: Software Defined Datacenter with Proxmox
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Software Defined Datacenter with Proxmox
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording available on Youtube
https://youtu.be/X9MZDSDdYMI
The Message Passing Interface (MPI) in Layman's TermsJeff Squyres
Introduction to the basic concepts of what the Message Passing Interface (MPI) is, and a brief overview of the Open MPI open source software implementation of the MPI specification.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNP nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
Webinar topic: VLAN vs VXLAN
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing VLAN vs VXLAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available on Youtube
https://youtu.be/HDo7XVLRd9E
a brief overview on link aggregation ieee 802.3adtanay_7even
This small presentation gives a very brief overview on link aggregation ieee 802.3ad protocol being used in networking by various organizations, its basics, limitations etc.
Highly efficient backups with percona xtrabackupNilnandan Joshi
Percona XtraBackup is an open source, free MySQL hot backup software that performs non-blocking backups for InnoDB and XtraDB databases. In this talk we'll describe below things.
- How it works with MySQL/Percona Server and what are the features provided
- Difference between Xtrabackup and Innobackupex
- How to take full/increment/partial backup and restore
- How to use features like streaming, compression, remote and compact backups
- How to troubleshoot the issue with xtrabackup
RAC-Installing your First Cluster and DatabaseNikhil Kumar
RAC - Installing your First RAC
Abstract : Oracle Real Application Clusters have been one of the hottest technologies in the market since 2001 prior this is know OPS in 8i. Oracle has brought revolution in the field of database by enhancing RAC technologies in it each version. This presentation will give introduction of RAC and features introduced in each version of RAC. This presentation contains the demo of building Oracle clusterware from the scratch. Also we will discuss the new components and its features during installation. This presentation and demo will be done on version 11GR2. Which will be used as a base for our next presentation Viz. Upgradation of RAC 11GR2 to 12C RAC.
This presentation will give brief insight information of RAC infrastructure setup. Sometimes DBA doesn’t fully aware of prerequisite and verification steps that needs to perform before installing clusterware, So this session will cover thing to consider before installing clusterware and best practices followed during the whole process.
Agenda
Introduction of RAC
Installation of Clusterware.
Creating diskgroup / Adding disk to Diskgroup using ASMCA.
Creation of ACFS Volume.
Installation of RAC Database using DBCA.
PuppetConf 2016: An Introduction to Measuring and Tuning PE Performance – Cha...Puppet
Here are the slides from Charlie Sharpsteen's PuppetConf 2016 presentation called An Introduction to Measuring and Tuning PE Performance. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Presentation given at Config Management Camp 2018 in the Foreman track.
It gives brief introduction about Foreman Maintain tool which provides simplified upgrade process for foreman instance. Also, explains using this tool how you keep foreman up and running in healthy state.
A quick assortment of useful Group Policy concepts starting with a quick review of what Group Policies are, how they work, what they can do (in general).
Sections on the following concepts are included:
* Software Restriction Policies
* Group Policy Preferences
* Loopback Preferences
* Backing up your GPO's with PowerShell
I only had about 45 minutes to go through this, so the topics are glanced over, but it gives the viewer a decent idea of the various aspects of Group Policy.
Getting Started With Managed Backup - 2023.pptxMSP360
Are you new to MSP360 and looking to kickstart your journey towards becoming a proficient MSP or IT PRO? Join us for an informative webinar where we'll provide you with a step-by-step guide to getting started with MSP360, complete with essential configurations and best practices. Our goal is to set you up for success right from the start.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
2. About this Hangout
● Project News
● pfSense Configuration File
● When Reinstalling for 2.4
may be necessary
● Backup from the GUI
● Restore from the GUI
● How Restore Works
● Restoring to Different Hardware
● Using the Configuration History
● Using the 2.4 installer to
recover or restore
● Manually Editing config.xml
● AutoConfigBackup
● Other Backup Techniques
3. Project News
● 2.4.0-RC is out!
– http://www-dev.netgate.com/blog/pfsense-2-4-0-rc-now-available.html
– https://doc.pfsense.org/index.php/2.4_New_Features_and_Changes
– 2.4.0-RELEASE will be here soon, speed depends on what RC testing uncovers
– No 32-bit x86, no NanoBSD
– FreeBSD 11 base
– 2.4.1 will follow shortly after with a FreeBSD 11.1 base
– If tracking snapshots, make sure firewall is set to Stable on Update Settings, otherwise it won’t reach the RC or RELEASE
● pfSense Firewalls are now available on AWS GovCloud (US)
– Government agencies and customers, sensitive unclassified workloads, specific regulatory and compliance requirements (e.g. ITAR)
– https://www.netgate.com/press-releases/netgate-announces-pfsense-firewalls-on-aws-govcloud-us.html
● A free 30 day trial is now available for the pfSense 2.3.4 AMI on the AWS Marketplace
● Some more info on what will become pfSense 3.0
– https://www.reddit.com/r/networking/comments/6upchy/can_a_bsd_system_replicate_the_performance_of/dlvdq2e/
● FRR Package is now available on 2.4 for routing protocols (BGP, OSPF, OSPF6), replacement for Quagga and OpenBGPD
● 2.4 translation effort still ongoing
– Up to 13 languages total included in 2.4, more getting added as they cross the 75% barrier
– Over 300 translators signed up
● New “pfSense Supplementals 1” advanced topics course
– https://www.netgate.com/training/pfsense-supplementals-1.html
4. pfSense Configuration File
● All configuration data for pfSense and packages is held in one file, /cf/conf/config.xml
● The file contains an XML representation of the configuration data
● The file is plain text and can be read in many text editors, browsers, XML viewers, etc
● Using this file alone, a firewall can be restored back to a fully operational state
– No need for full disk or other filesystem backups
● There are several ways to backup this file and restore it, as we will discuss today
● This file contains sensitive data!
– Certificates, passwords, and other important information are contained in the config.xml file
– These must be stored clear or in an easily reversible format (e.g. base64) because the firewall needs to use the passwords in various ways
●
Placing them into configuration files for use by daemons or other parts of pfSense software
●
Using them to make outbound connections (e.g. PPP WANs or VPN clients)
– These items are not obscured to better drive home the point that the file contains sensitive data and needs protecting
● Secure config.xml backups appropriately according to your organization’s policies and security best practices
● Keep copies of the backup in safe places (on site, off site, offline, etc)
● Periodically test the backups – Few things are worse than an unusable backup!
● Does not backup any unsupported manual changes made outside of pfSense (e.g. edited files)
5. Reinstalling for 2.4
● Reinstalling 2.4 may be needed, or desired, for a variety of reasons
– Upgrading to 64-bit hardware
– Moving from 32-bit to 64-bit install on 64-bit hardware
– Moving from NanoBSD to a full install
– Switching from UFS to ZFS
– Upgrading to hardware with AES-NI to prepare for pfSense 2.5
– Getting a fresh start with a clean installation base or a new disk
● As a part of reinstalling, backing up and restoring the existing
configuration is key in getting back up and running quickly
6. Backing Up from the GUI
● To take a backup using the GUI, visit Diagnostics > Backup & Restore
● In most cases, clicking Download Configuration as XML is sufficient to get a good, usable backup of config.xml
● To back up only part of a configuration, choose that in the Backup Area
– Partial backups can be useful for transferring sections to another firewall or for restoring just part of the configuration later
– Partial backups CANNOT be restored to different versions of pfSense!
● Choosing to Skip Packages will omit packages and their settings from the backup
– This is useful for clearing out old/broken package data from a configuration, but it’s not a good way to migrate to a new setup because it
loses the package settings not just the installation records
– It’s better to uninstall the packages and then take a backup, or manually edit out the <package> tags (see later slides)
● By default the Skip RRD data box is checked, meaning that the RRD data is not included in the backup
– RRD data can consume large amounts of space, it will increase the size of the backup by several MB
– RRD data is backed up in an architecture-independent way, so backing up on 32-bit and restoring to 64-bit is possible
● Enabling Encryption for the configuration uses a Password to encrypt config.xml before downloading with AES-256
– Example: openssl enc -e -aes-256-cbc -in config.xml -out config.xml.enc -k mypassword
● Click Download Configuration as XML after all of the desired options are set
7. Restore from the GUI
● Make sure you have working console access before starting, just in case
● To restore using the GUI, visit Diagnostics > Backup & Restore
● When restoring a complete configuration backup it can be from the same version or any older pfSense version
– For example, a configuration from pfSense 2.3 can be restored to 2.4
– Restoring from an older version requires a complete configuration, partial configurations cannot be restored on different
versions
– Best practice is to make sure there are no installed packages in the backup when crossing versions
● When restoring a partial configuration, pick the appropriate Restore area
– A partial configuration is the XML section for the area wrapped in <pfsense></pfsense>
● Use the Browse… button to locate the config.xml backup
– Exact method varies by OS
● The Encryption option uses the supplied Password to decrypt an encrypted backup taken using the pfSense GUI
with the Encryption option
– Example: openssl enc -d -aes-256-cbc -in config.xml.enc -out config.xml -k mypassword
8. How Restore Works
●
Supplied config.xml is put into place as /cf/conf/config.xml and it replaces the running configuration
●
If the interfaces do not match, an assignment prompt is shown to reassign them as needed
– Navigate to the VLAN, PPP, and other tabs under Interfaces > Assignments to ensure the proper physical interfaces are picked
– On the Interface Assignments tab, Select appropriate interface assignments and click SAVE
– The interface settings are updated at that time, including IP address assignments, so the local client may need adjusted to reach the GUI again
– If contact with the firewall is lost, reboot it from the console or if all else fails, power cycle the firewall
– After saving, click Apply Changes from the GUI to complete the interface assignment process and reboot
●
Restoring RRD (GUI Restore only)
– The RRD data in the restored config.xml is read back into a native binary format and then the data is removed from the running config.xml
– If the graphs under Status > Monitoring contain no data and/or do not update after 15-20 minutes or so, reset the RRD data
●
Console changes
– Primary console, serial console speed, and password protected console are setup and will be active once the firewall reboots
●
Packages
– After the reboot, packages referenced in the restored config.xml will be fetched and reinstalled
●
Internet connectivity is required post-restore, even without installed packages, or else the firewall will be delayed waiting for queries to the
package server to timeout
9. Restoring to Different Hardware
● Check console settings to be sure they are correct
– Some hardware will force the serial console to be on and primary, but a specific speed is not forced!
●
Best practice is to remove packages before taking a backup, though if the same version of
pfSense is installed on both the old and new hardware it should be OK
●
Unless the new hardware is similar to the old hardware, disable any extra hardware-specific
options such as cryptographic hardware, temperature monitoring, and so on
● Reassign the interfaces after restoring, be careful to adjust VLANs, PPPs, etc
●
Watch for after effects of changing hardware after swapping it in
– New hardware means new NICs, which means new MAC addresses (unless spoofed)
– ARP caches in upstream/downstream gear may need cleared or devices rebooted
– Cable modems on WAN or other CPEs will likely need powered off/back on
10. Using the Configuration History
●
From the GUI, Diagnostics > Backup & Restore, Config History tab
●
Last 30 backups are kept by default, but that can be adjusted by clicking + and setting a different number
– Or enter 0 to disable the backups
●
List of backups shows the date, configuration revision, backup size, change description, and actions
●
Convenient, but hosted on the firewall so not a great source if the hardware has a problem
●
To see the difference between two configurations:
– Select the older configuration using the left column of radio buttons
– Select the newer configuration using the right column of radio buttons
– Click Diff to view the difference with lines removed in red and added in green
●
The three buttons in the Action column let you perform the following:
– Refresh arrow: Restores the older version of the configuration on this row
●
This does NOT reboot the firewall, so you must save/apply any affected area(s) or manually reboot
– Download button: Lets you download a copy of the previous configuration on this row
– Trash Can: Permanently removes the configuration file on this row
● Use to remove known-bad configurations
●
Configuration History is also available on the console! Option 15, then 1 to list backups, 2 to pick one to restore
11. Other Restore Methods
●
“Recover config.xml” in 2.4 installer
– Used for recovering configurations from a previous installation of pfSense on the same disk
– Lists existing UFS and ZFS partitions on the firewall
– Attempts to repair (if needed) and mount the paritition, then looks for an existing config.xml
– If a config.xml is found it is copied into the installation after the drive is wiped
●
Automatically restore from USB during install (FKA “PFI”)
– Requires a USB thumb drive that is DOS formatted (FAT16 or FAT32) separate from the installation media
– Configuration file must be named config.xml and it must be placed in the conf directory, e.g. J:confconfig.xml
– USB thumb drive must remain connected throughout the entire installation process
– At the end of the installation, remove both the installation media and this thumb drive
●
Caveats
– Console setting changes will take one additional reboot to fully apply
– Neither of these methods are currently capable of restoring RRD data or encrypted configuration files
– Interface mismatches must be handled manually at an assignment prompt on the console after the firewall reboots
●
Not usually a concern for Recover since it’s run on the same hardware
12. Manually Editing config.xml
● Best to avoid it if possible, but a few tasks are made easier by hand editing
– Interface assignment changes, especially those with numerous VLANs
● Example: Change from emX to igbX
– Trimming out package information
●
<package>...</package> blocks denote that a package is installed, removing those blocks will prevent a
restore from reinstalling the packages referenced by those <package> blocks
● Look for other related tags from dangling package installations, such as <menu>, <service>, <tab>, and
<plugin>
● File is in XML format, can be edited with many text editors (but not Notepad)
– Use an advanced/programming style editor such as Notepad++, UltraEdit, Kate, vi/vim/emacs, etc.
● Be very careful not to break XML format or leave mismatched tags
– Can run through xmllint to check for errors, if available
13. Manually Editing config.xml
● Do not perform an automatic search and replace!
– Carefully check each instance and approve each change manually
● Example edits of VLAN and PPP tags to change from emX NICs to igbX
14. AutoConfigBackup
● Available to all Gold Subscribers
● Automatically uploads an encrypted copy of config.xml to our servers
on each change
● Backups are keyed off of the firewall hostname, so ensure firewalls
have unique names
● Retains last 100 configurations per hostname, number of hostnames
depends on subscription status
● No “bare metal” restore method at this time, must be online and able to
access the AutoConfigBackup package
15. AutoConfigBackup
● Install the package from System > Package Manager if it is not already present
● Access via Diagnostics > AutoConfigBackup
● Enable AutoConfigBackup
● Fill in your Gold Subscription username (not e-mail address) and password
● Enter a strong Encryption Password, but one you can remember or recover!
– Without this Encryption Password, the backups cannot be decrypted!
– Use a password manager/vault/etc
– Keep a local unencrypted backup in a secure place, that backup will contain the
Encryption Password
16. AutoConfigBackup
● Restore Tab
– Hostname drop-down lists all hosts in your account with backups
● A host in your account can read backups for all other hosts on the same account, which can help if you have a firewall down and no handy backup!
– All backups for the selected host are listed
– Buttons work similar to those on the Configuration History GUI
– Download button goes to an information page which includes both the encrypted and decrypted config.xml copies
– Copy/paste the decrypted contents to a local file to save
● Backup Now tab
– Enter a custom description and force a backup entry
– Useful for significant milestones, for example “Before 2.4 upgrade”
● Stats Tab
– Shows a list of all hostnames on the account and how many backups have been stored for each
– Magnifying glass icon leads to the Restore tab for that hostname
– Trash can icon will remove all backups for that host
● Useful for removing defunct hosts so they do not count against your account host limit
17. Other Backup Methods
● Fetch using wget, cURL, or similar
– Requires special handling to submit the login and request with CSRF
tokens
– https://doc.pfsense.org/index.php/Remote_Config_Backup
● Push or pull via scp
– Copy from /cf/conf/config.xml
– Use SSH keys to automate
– Avoid using keys without a passphrase, use ssh-agent where possible