Backups
NetDefense can periodically pull each device’s OPNsense configuration and upload it to an S3-compatible bucket, encrypted with a key only your organization holds. The Backups page is where you wire up the bucket, set the schedule, and opt individual devices in. The concept overview is in Backups.
S3 Backup Configuration
Section titled “S3 Backup Configuration”The collapsible card at the top holds organization-wide settings — bucket name, the cron expression for the schedule (0 4 * * * here means daily at 04:00), the access key, the endpoint URL, and the default encryption key. The badge on the right shows Enabled when the configuration is active.
Click the chevron next to the configuration to expand it. Edits to this card affect every device that’s opted in.
Below the card you’ll see a count like 0 of 4 devices have backup enabled — a quick way to spot organizations where you’ve configured S3 but haven’t yet turned backups on for any device.
Device Backup Status
Section titled “Device Backup Status”The table lists every device with:
| Column | Meaning |
|---|---|
| Device | Name of the device. |
| Enabled | Per-device toggle. Off devices are never backed up even if the S3 config is enabled. |
| Encryption Key | Org default uses the key from the S3 Backup Configuration card. The kebab menu lets you set a per-device key for stricter isolation. |
| Last Backup | Timestamp of the last successful upload, or Never. |
| Status | Success, Failed, or — if no backup has run yet. |
| Message | Short reason on failure (e.g. “credentials rejected”, “bucket not found”). |
Use the filter bar to find a device by name or by enabled/disabled state.
When a scheduled backup runs, each device gets a BACKUP task you can drill into from Tasks.