feature request - firewall config backup and restore
yesterday, blue went out for the 1st time. after reading up on how to recover, the reflash worked and i had to pair and update the device names and rules again.
a way to download the config and use the same config to update a new firewalla would be nice. i mean, if you got a quite a few devices like IoT that will each have to be renamed in the device list, and rules recreated or approved again, a config file would make recovery easier.
-
I think the option to backup/restore a point in time would be valuable, maybe an auto backup when changes are made, and keep x amount of revisions.
There may be times many changes are made, and you end up breaking something and cannot remember what the config was prior. Also having the option to export a backup just in case Firewalla is damaged, a restore can be done to a new unit.
-
In this situation, as long as you have the app that paired with the old unit available, you can "restore" the config to a new unit. (So the firewalla need not be 'live', as long as the app is there, the config is saved on the app storage)
Anyway, we do understand config dump, it is on the list for sure.
-
The auto-backup idea is interesting, but I wanted a way to save my complete config to a backup that I could restore at any time. I thought that was what this thread was all about?
Any other decent router lets you backup the config to a downloadable file. After powering up my FWG for the first time, I was super disappointed that this feature was missing. It makes me less confident in making any significant configuration changes to my network.
-
that's a different use case scenario. that's for migrating from a live firewalla to another live firewalla.
the scenario i had in mind is to recover the firewalla from a config file or backup file.
picture a remote office using blue, it goes down. it's then reflashed and paired to the mobile app of the administrator for the site. he now needs to recreate all the rules and allow the devices again. something that could be avoided if the app had an export config feature to dropbox or google drive which could be imported back into the reflashed blue.
-
This is really too "consumer" thinking, and not geared towards us "Home DIYers", "Advanced Tinkerers", "IT professionals" who don't mind things getting a bit more advanced.
Configurations can change, sure, then just version the configuration when you save it, and mark it as incompatible in the new firmware when you no longer can read it. Heck, I'm sure there are portions you could still read, even if sections are not valid anymore. You could even use the readable sections as a template for proper values if we have to go through a new setup routine. "It might break" is simply a very lame excuse for not allowing downloading our settings.
- I might want to experiment with a completely new network configuration with VLAN etc, only to quickly revert if it didn't work out or my family starts complaining. Storing my settings locally would let me quickly recover to the old configuration
- I had a water leak a few years ago, which fried every single piece of electronics in my house (except my laptops). Having a off-device backup would allow me to recover quickly. On-device configuration would be useless.
- Maybe I would want to replicate my current setup at my parents house, using my on configuration as a template.
There are tons of reasons to offload the configuration to somewhere else (heck, I'd like to version control mine!). "You might not be able to load it again" is a cop-out, and unprofessional.
-
I agree with needing a simple way to be able to restore settings without a nuclear “reset” of the device. As I have stated before, my Asus routers have this feature as does every other firewall software. TBH, if my Asus router was good at dual wan functionality ( it has the capability but it doesn’t work correctly ) I would not have gone with Firewalla Gold. My Asus RT-AC86U with Merlin firmware and added scripts will do everything my FWG will do for a lot less money. Don’t get me wrong, I like the FWG but really guys, a simple ability to establish a restore point seems like a no brainer.
-
Basically, any configuration is a set of line code, then it has been stored on a file somehow with an extension of *.cfg or *.backup ...etc. we need a way to download and save such a file then in case something happened and we need to restore the last running config, then we can just upload this simple file and boom done.
-
More than 3 year of ticket, and still no possibility to export the configuration to a file, how embarrassing....
We don't just want the option to migrate, which is fine, even the worst router, you can export the configuration.
The truth is that Firewalla leaves much to be desired, it is more worthwhile to mount a Pfsense on a medium powerful computer with 2.5g and 10g cards, than to continue investing in firewalla.
One that says goodbye.
-
I'm in complete agreement with the folks requesting the ability to backup/restore a system config. I know there's the current config in the app, but why not provide the ability to export/restore the config via the web interface, or ssh console? Taking a backup is standard before any work and trusting/hoping a known good copy is in the app on someone's phone just doesn't cut it.
-
Just wanted to add my vote for the ability to externally save all configs and restore them.
My use case, which has been described by someone else already in this thread, is that I want to "baseline" my Firewalla Gold and have a way to restore to those configs at any time. I want to have multiple "restore points" so that, as I make changes, I can always revert to any of those "restore points". I'd prefer to store the configs myself, but if they need to be stored in a place that is managed by the app or by Firewalla, that is ok, as long as the configs can be applied to a new Firewalla as well.
I would want the config backup file to be downloadable from the web based interface (my.firewalla.com) so that I can save the config files on my network internally.
I've also wanted the ability to turn off automatic upgrades because I run a business and I want to lower the risk that anything might break Firewalla. One of the updates broke local DNS hostname resolution, and it took down my network for a while. I reported the issue, and Firewalla fixed it within a few days, but during that time, I had to scramble to get my network back up and running. I want to be able to "version lock" my Firewalla and mobile app, and I know that this is not easy to implement.
I know that there's a lot of challenges with adding these features. For one, the Firewalla and the mobile app need to remain compatible with each other. Turning off automatic upgrades could result in a user upgrading their mobile app while having an incompatibly older version of the firmware/software on their Firewalla. As for "restore points" or backups of all configs, this is tough because Firewalla is, in fact, Ubuntu with lots of apps installed that support all of its features. The configs for each app would need to be included in the backup file. And, because Firewalla performs automatic upgrades, there would need to be a degree of backward compatibility with backup configs for older versions of Firewalla. Backward compatibility of old backup config files is not an easy thing to implement. They would probably have to come up with their own config file schema that is an abstraction of all of the configs for the apps on Firewalla. It should also be noted that Firewalla has their own backend to support many features, and their backend has to also be compatible with the mobile app and software running on the Firewallas. I know that their backend probably mostly proxies API requests from the web and mobile client to the Firewalla device, but nevertheless, their backend support is free to us as users, which is pretty nice, and it adds some complexity for the features we are wanting.
Another feature I've wanted is the ability to give servers on my local network additional hostname aliases. Even my Fios router supports this through their web UI. For Firewalla, it looks like I'm going to need to add DNSMasq configs. If I have to SSH into my Firewalla to manually add DNS configs just to support this, I might as well switch to something that gives me more control. I've tried using a DNS server on my local network, but that put me down a rabbit hole that was taking way too long.
Firewalla has been great, and the integration of their mobile app is really nice. The mobile app notifications are another big reason I've stayed with Firewalla. However, I am thinking I'm going to need to switch to pfSense. I'm not going to like having to VPN into my network to view and modify firewall configs with the pfSense web UI, but pfSense gives me a lot more control. Firewalla doesn't seem well-suited for businesses that need more control over configs and the ability to schedule and test software upgardes before they are applied in production. And to be fair, I do not think Firewalla claims to be for more than home/personal use or small businesses with simpler networking needs.
Overall great product, but I guess it's back to the drawing board for me.
-
Yea, this is a bit ridiculous. For example, tonight I need to test a bunch of changes and I want to know for sure that I have a simple way to roll back at a moment's notice.
In theory, this should be as simple as just hitting a "Export system settings", and as easy to restore as "Restore system settings from file"
I won't begin to venture as to how easy this is to implement, but in terms of "10 things every piece of network equipment should have", this is in the top 10 list from day one.
-
I suppose then, it might be an advanced feature that some of us are willing to work with. I understand that perhaps along with the config backup, we might need to also back up a copy of the whole system to flash back to the version that worked at the time of backup. Perhaps a "developer mode"? It would be fitting seeing as you have alpha and beta already. Plus the upcoming API. I myself am certainly willing to have to go through the extra effort of sticking an OS copy along with the backup. It truly is just as critical as any other machine.
*Or heck, call it something scary like "Warning, Administrative Mode: For qualified network technicians only. Misuse may result in system corruption.".
-
That link just tells how to migrate. I still don't see a way to backup my current configuration before making changes. I understand that it should be on my phone, but if I made my changes from my phone, then would there be a backup of the config before the changes?
Am I missing something?
-
I agree with David Parish. We need a simple way to restore. In addition, if I’m not mistaken backup only store in apps. Is there ways to download to somewhere to save it?
Some people do lost their phone without backup. I simple configuration backup file store where else is highly recommanded. -
Agreed, @Mstormo. For a consumer box, this is fine, maybe even great, but for a lot of folks looking to develop and do more with it, the backup/restore issue is a non-starter. Most folks got around the problem with old configs was a long time ago, by not allowing incompatible configurations to be restored. There are a number of enhancements I'd like to try, but there's no way I'm going to risk breaking something and having to start over from scratch (which may very well be possible considering the one stored copy in the app may very well update before issues popped up). I wanted another Gold for my office network, but for now, I think I'm going to continue looking at other options.
Please sign in to leave a comment.
Comments
52 comments