feature request - firewall config backup and restore

Comments

52 comments

  • Avatar
    Sebastien Carpentier

    +1... Definitely a much needed functionality. Should not be hard to compress/encrypt and export the config... Am I underestimating it?

    1
    Comment actions Permalink
  • Avatar
    Michael Turchin

    If the last successful config is saved in the app, what about allowing import/export of that config file from the app?

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    The configuration dump is unlikely to be triggered through ssh.  The entry point to configure the system is via the app or the web page.  

    0
    Comment actions Permalink
  • Avatar
    AzagraMac

    Do you know anything about this functionality?

    I have quite a lot of rules in my hand... that could well be facilitated as you do in Pi-hole by means of a link and you put all the domains you want to block.

    Besides, if you have to restore the Firewalla, it doesn't migrate to another one... you have to start all over again.

    These basic things, I do not understand how they are not raised.

    Do we keep waiting for improvements like this, or do we look for options that give them to us?

    My hardware:
    - Firewalla Blue, v1.971 (gf77d20b)
    - Firewalla App, v1.45.92

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    It is already in 1.47, a lot more items will be restored. 

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Please see this doc for config migration.

    https://help.firewalla.com/hc/en-us/articles/360015356093

     

    And you can either migrate from one box to another or migrate to the same box after factory reset.

    0
    Comment actions Permalink
  • Avatar
    Danny Natale

    Thanks, it says I am not authorized to view the page.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    try again please. someone (not me) forgot to publish the changes

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @argentcove, this feature is more of a "restore" to a new unit.  

    As of your use case, is it more like a complete restore from a point in time? or you want restore to any configuration (previous) ?

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @argentcove, possible to post the requirement to https://help.firewalla.com/hc/en-us/community/topics/115000356994-Feature-Requests- 

    This way our developers can look there and see if they can do something. But in general, saving configuration should not be an issue, and unfortunately, it can only be saved in the app. Restoring can only happen if the unit is reset. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    After you reflash, you should get an option to restore from your settings. see https://help.firewalla.com/hc/en-us/articles/360015356093-How-to-migrate-data-from-one-Firewalla-Box-to-another-

    (make sure you don't remove the old instance from your app before pairing)

    0
    Comment actions Permalink
  • Avatar
    David Parish

    Can you elaborate where we can find this “last successful configuration” ?

    The first thing I do when setting up a router is to save a known good baseline configuration. This has saved me more than once when I have gone down a “rabbit hole” trying to do tweaks or solve an issue. It is also comforting knowing if I screw things up, I can restore to a good working config. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The last successful configuration is a state saved in the app itself. It is not exposed. It can be applied after you reset the device, and this is how the current migration works. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @EngNezar, in case this can be exported to a file, it will not be human-readable, and likely have many restrictions on what can be restored, is that okay? 

    0
    Comment actions Permalink
  • Avatar
    Chris Larson

    Currently the config is stored in the app storage. If a person clears cache and data for the app, which is in the instructions to join beta, would you not lose your config? We should be able to export the config to a different storage location and be able to roll back to at least a couple previous versions of the config ideally.

    0
    Comment actions Permalink
  • Avatar
    Kurtis Bickhaus

    I should be able to reflash myfirewalla, and restore config via USB in a matter of several minutes.  I dont know why this thread goes back so far.  I thought surely I was scrolling down to see a solution.  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    First, there is a stored configuration already, in case you reset the unit.

    As for storing multiple versions of the configuration, the issue is really maintaining the configuration itself. If you keep 10 versions of configuration,the software needs to ensure all that 10 versions can be activated; if there is anything significantly changed in the past, then the complexity of keeping things compatible will increase significantly. If you are with us for the past few years, there is always a significant change between releases, and with that, configuration schema also changes. 

    0
    Comment actions Permalink
  • Avatar
    Ross

    While I agree with this idea, I would like the choice of restoring from any point a backup was saved and is now available (like in Apple's Timeline app) in case the last backup is not good enough to undo the problem. I may need to go farther back in time.

    I realize that you do not have unlimited storage space available in the app, but it would be great to explore what other options you have if you open up the app to restore previously saved backups that are now available perhaps from the MSP interface or the phone's storage. This would shift the responsibility of archival of long-term backups to the MSP and/or consumer. You can continue to make it easy on the consumer by making a limited selection of backups (say the last 5) available for restore.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Not sure if I explained this before. The issue with storing multiple configurations is not related to storage. It is more of handling schema changes.

    With each release, we modify how configuration is stored in the system. (adding new features, optimizing old features). This means the schema used for versions A, will be different than version B. If different versions of configurations are allowed, then there will be a significant (very significant) effort to translate the schemas. So, even if we add support for multiple configurations, it will need to be restricted. (meaning, you can't use a saved configuration from a different release)

    We are thinking ... 

    The MSP is a special case, where the schema is stored in the cloud, so it may be easier to implement this.

    0
    Comment actions Permalink
  • Avatar
    Kurtis Bickhaus

    We just need “developer mode” then. Let some of us who know what we’re doing break some things, and just leave a proper warning. Do something smart to enable it, like the early release fast-tapping to enroll. Make it super clear that it’s not to be screwed with.

    0
    Comment actions Permalink
  • Avatar
    Ross

    Sorry if this is a dumb question, but it comes from a system architectural viewpoint and not a developer POV, Is it possible to backup without being so dependent on the underlying schema? Or what if you did not change the schema with every release but reserved if for when features are added or removed?

    0
    Comment actions Permalink

Please sign in to leave a comment.