Stop diffing router configs in Notepad++

Automate Your Backups and Eliminate Network Configuration Drift

IronDiff automatically pulls your configs, detects drift, and pushes a visual red/green diff to your team. Securely pull configs using a lightweight, local agentβ€”no inbound firewall rules required.

Get Started For Free View Pricing

πŸ”’ Device credentials never leave your local network. The agent only transmits encrypted diffs.

IronDiff Dashboard showing configuration diffs

From Zero to Your First Diff in Under 5 Minutes

Deploying IronDiff is simple, secure, and requires zero inbound firewall rules.

1

Deploy the lightweight agent

Choose your deployment method β€” no inbound firewall ports required either way.

Linux, macOS, or any host with Docker.

docker run -d \
  --name irondiff \
  --restart unless-stopped \
  -p 5000:5000 \
  -v ./config:/app/config \
  -v ./data:/app/data \
  -e TZ=America/Denver \
  -e LICENSE_KEY=your-license-key-here \
  irondiff/irondiff --daemon

Configuration is split across config.yaml, devices.yaml, and .env in the mounted ./config volume.

Windows 10/11 or Server 2016+ β€” no Docker needed.

Download IronDiffAgent.exe from the IronDiff Portal and double-click to install. The service starts automatically and opens the web UI at http://localhost:5000.

Silent / RMM deployment:

.\IronDiffAgent.exe install --license-key "YOUR-KEY" --silent

All configuration lives in a single irondiff.yaml file. Built-in auto-updates β€” no Watchtower needed.

2

Configure your devices

Navigate to the local web UI in your browser β€” https://localhost:5000 for Docker or http://localhost:5000 for Windows β€” log in securely, and add your target network hardware. IronDiff supports Cisco, Aruba, pfSense, Fortigate, and more.

3

Detect drift immediately

Hit the "Run Now" button to instantly pull your first configuration into the portal, or configure your automated polling schedule to track changes as they happen.

Start for Free

Includes an instant 14-day Professional Trial. No credit card required.

Built for Professional Environments

🏒

MSP Native

Manage hundreds of client sites from a single dashboard. Segment devices by organization and customer while maintaining a single security posture.

βš–οΈ

Audit Ready

Simplify your next compliance audit. Detailed change tracking and unlimited historical versioning provide a clear record of what changed and exactly when it happened.

πŸ”

Security First

Our outbound-only agent architecture means no VPNs or inbound firewall ports. Encryption keys are generated locally and never leave your network.

πŸ””

Proactive Alerting

Catch unauthorized changes before they cause an outage. Native Slack, Teams, and Webhook integrations notify your team the moment a configuration drifts.

How IronDiff Works

1

Connect

Zero Inbound Firewall Rules. Pull configurations locally and push them outbound using our lightweight on-prem agent.

2

Redact

Sensitive data like passwords are stripped in memory before storage.

3

Backup

Backups are optimized and stored securely with multi-layered protection and historical archiving.