It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

Example - How to Link a Cluster/Global Repository Node to a Default Box Node

  • Last updated on

As of firmware 9.0.1, it is possible to link a repository node to its name-related Default Box node.

This article can be used for a scenario where you must create a large number of managed boxes based on the configuration of a Default Box node, and where you must switch the configuration of that Default Box node between multiple repository nodes with different configurations that can be used for other groups of identically configured boxes.

Note that regardless of the following example of linking to a Default Box node, this article generally explains how to work with repositories.

Before You Begin

  • This example requires you to have a Control Center running.
  • This example assumes that each cluster represents a specific location for multiple boxes.
  • One box in each cluster will be representative of the most common box configurations for the other boxes in that cluster.
  • The 'Administrative Settings' node of two existing firewalls will be used here to illustrate the use case.
  • The 'Administrative Settings' node on the cluster level will be used as a reference for configuring new firewalls in Cluster 1.
  • The 'Administrative Settings' node on the global repository level will be used as a reference for configuring new firewalls in Cluster 2.

Create Repositories

For this example, you must create repositories in your Control Center if not already present.

Step 1. Create a Global Repository
  1. Log into your Control Center.
  2. Go to CONFIGURATION > Configuration Tree.
  3. Right-click Multi-Range.
  4. In the menu list, select Create Repository.
  5. The configuration tree will be created.
  6. Click Activate.
    repos_global_repo_created.png
Step 2. Create a Repository in a Cluster that Contains Your Firewalls
  1. Go to Multi-Range > your range > your cluster.
  2. Right-click <your cluster>.
  3. In the menu list, select Create Repository.
  4. Click Activate.
    repos_create_cluster_repo.png

Optionally, repeat the steps above for a second cluster.

The following image shows the clusters created on the global and cluster level:

repos_global_and_cluster_repos_created.png

Saving Important Configurations to a Repository

To re-use specific configurations, you have two options:

  1. Configurations that are stored in the Default Box node:
    • This node is unique to a specific cluster on a Control Center.
    • Configurations in a Default Box node cannot be used in any other cluster than its own.
    • Each sub-node of the Default Box node can hold just one (=1) name-related node of its type.
  2. Configurations that are stored in repositories:
    • Depending on the level of the repository (cluster, range, or global), the node is unique to the level created.
    • Each sub-node in a repository node of a specific type can hold multiple sub-nodes of the same type and originate from multiple appliances of the same level (cluster, range).
    • The only differentiating element is the name of the repository entry, which can be freely chosen when a specific configuration is copied to its related repository node.

The advantage of the Default Box node is that every new firewall that is created from scratch in a cluster will contain the configuration of the Default Box. This can reduce configuration times, especially in cases when boxes in a cluster vary only slightly. The advantage of a repository is that it can hold multiple configurations of the same type from different appliances in a node of the same type.

Due to the new option that a Default Box sub-node can be linked to any node of the same type in a repository, you can now set up larger numbers of appliances with almost identical configurations that can even be combined from different configuration sources in the repositories. The following steps will illustrate this by using the example of the Administrative Settings node. For this, all new firewalls in Cluster 1 will only share Essential Health and System Data, and all new firewalls in any other cluster will share Full System Diagnostics and Analytics without having to reconfigure this option on each new firewall after the deployment.

Step 1. Create a Referential Firewall Configuration in Cluster 1

In this example, all new firewalls in Cluster 1 must only share Essential Health and System Data. The first step is to create a configuration for this:

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 1 > Boxes > your box > Administrative Settings.
  2. Click Lock.
  3. For Share Telemetry Data, select Essential Health and System Data.
    repos_telemetry_select_essential_health_and_system_data.png
  4. Click Send Changes.
  5. Click Activate.
Step 2. Copy the New Configuration to the Cluster 1 Repository
  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 1 > Boxes > your box.
  2. Right-click Administrative Settings.
  3. Select Copy to Cluster Repository... from the menu list.
  4. The Select Object window is displayed.
  5. Enter the name of the new repository object: AdmSettingsC1Box.
  6. Click OK.
  7. The new repository object AdmSettingsC1Box will be inserted below the node CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 1 > Cluster Repository > Box > Administrative Settings.
  8. Click Activate.
    repos_adm_settings_copied_to_cluster_repo.png
Step 4. Copy the Administrative Settings Node of Custer 2 to the Global Repository

Assuming that the Administrative Settings node was not changed in Cluster 2, the default value for the Telemetry Data is Full System Diagnostics and Analytics. These settings will be used as a reference in the global repository.

repos_telemetry_select_full_system_diagnostics_and_analytics.png

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 2 > Boxes > your box.
  2. Right-click Administrative Settings.
  3. Select Copy to Cluster Repository... from the menu list.
  4. The Select Object window is displayed.
  5. Enter the name of the new repository object: AdmSettingsC2Box.
  6. Click OK.
  7. The new repository object AdmSettingsC2Box will be inserted below the node CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 2 > Cluster Repository > Box > Administrative Settings.
  8. Click Activate.
    repos_adm_settings_copied_to_global_repo.png

Preparing Repositories for an Accelerated Deployment of Firewalls

The new option of linking a Default Box sub-node to a specific repository node provides innumerable combinations of configurations with different settings. Depending on your individual requirements, you can now combine links from a global, range, or cluster repository into the Default Box node, which will serve as a concentrator for configurations based on the most commonly used presets for new firewalls.

Step 1. Preparing the Default Box Node in Cluster 1 to Use Configuration Settings of the Repository in Cluster 1

The following steps illustrate the principle of how to configure the Default Box node to provide the most common configuration settings to all firewalls yet to be configured in Cluster 1. In this example, the Administrative Settings node in the Default Box node will be linked to the type-related node in the Cluster 1 repository.

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 1 > Boxes > Default Box.
  2. Right-click Administrative Settings.
  3. Click Lock.
  4. Right-click Administrative Settings.
  5. From the menu list, select Link from Cluster Repository... .
  6. The Select Object window is displayed.
  7. Select AdmSettingsC1Box.
  8. Click OK.
  9. The Activate Changes window is displayed.
  10. Click Activate.
    repos_default_box_node_in_cluster1_linked_to_cluster1_repo.png
Step 2. Preparing the Default Box Node in Cluster 2 to Use Configuration Settings of the Global Repository

As in Step 1, the Administrative Settings node in the Default Box node of Cluster 2 will be linked to the type-related node in the global repository.

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 2 > Boxes > Default Box.
  2. Right-click Administrative Settings.
  3. Click Lock.
  4. Right-click Administrative Settings.
  5. From the menu list, select Link from Repository... .
  6. The Select Object window is displayed.
  7. Select AdmSettingsC2Box.
  8. Click OK.
  9. The Activate Changes window is displayed.
  10. Click Activate.

repos_default_box_node_in_cluster2_linked_to_global_repo.png

Create New Firewalls in the Control Center Based on the Cluster-Specific Configuration Settings of the Default Box Node

Now that the configuration in the Default Box node is prepared, you can quickly create additional firewalls because the creation process takes the linked data from the Default Box node.

The following steps illustrate how the Control Center takes the configuration settings from the Default Box node.

Step 1. Create a New Firewall in Cluster 1
  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 1.
  2. Click the '+' icon to expand the Boxes node.
  3. Right-click Boxes.
  4. In the menu list, click Lock.
  5. Right-click Boxes.
  6. In the menu list, click Create Box... 
  7. The Create Box window is displayed.
  8. Enter the data into the fields that best describe your new firewall, e.g.:
    1. Appliance Name900FW2-C1-GA-mgd
    2. Product Type – Select VF500 from the menu list.
      repos_create_new_firewall_in_cluster1.png
  9. Click Finish.
  10. Click Activate.
    repos_new_firewall_created_in_cluster1.png
  11. After the new firewall is created, you can see that the Administrative Settings node references the AdmSettingsC1Box node in the Default Box node.
  12. Repeat the previous steps for each additional firewall that you want to create. Note that the name of the new appliance and its type will be the only new data that you must enter. All other configuration values depend on your individual presets.
Step 2. Create a New Firewall in Cluster 2
  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Range 1 > Cluster 2.
  2. Click the '+' icon to expand the Boxes node.
  3. Right-click Boxes.
  4. In the menu list, click Lock.
  5. Right-click Boxes.
  6. In the menu list, click Create Box... 
  7. The Create Box window is displayed.
  8. Enter the data into the fields that best describe your new firewall, e.g.:
    1. Appliance Name900FW3-C2-GA-mgd
    2. Product Type – Select VF500 from the menu list.
      repos_create_new_firewall_in_cluster2.png
  9. Click Finish.
  10. Click Activate.
    repos_new_firewall_created_in_cluster2.png
  11. After the new firewall is created, you can see that the Administrative Settings node references the AdmSettingsC2Box node in the Default Box node.
  12. Repeat the previous steps for each additional firewall that you want to create. Note that the name of the new appliance and its type will be the only new data that you must enter. All other configuration values depend on your individual presets.

If you want to create another bunch of firewalls based on a different commonly used configuration, continue below.

Switching Quickly Between Different Configuration Setups

As you have seen above, the new firewalls have been created based on the configuration stored under the Default Box node. The Administrative Settings node provided an example of how a configuration located in a specific repository serves as a configuration preset that is referenced by the Default Box node. In order to take advantage of such a quick setup with different configuration settings, perform the following steps:

  1. Create another example firewall that contains all relevant nodes with the settings correctly configured. This will be your reference setup.
  2. Store each individually modified configuration setting in this newly configured firewall into one of the repositories (cluster, range, or global). Think of a self-explanatory name for the repository entry so that you can easily identify the required repository entry later.
  3. Depending on the cluster in which you want to create new firewalls, remove all existing repository links in the Default Box node.
  4. Create all necessary repository links in the Default Box node of the cluster where you want to create your new firewalls and refer to the repository entry where you have stored your reference configuration settings (cluster, range, or global).
  5. After your new Default Box node is configured, create your new firewalls as described above.

Transforming a Firewall into a Distinct Appliance (optional)

All new firewalls that have been created based on the Default Box node will also contain the same repository link(s). Keeping these links of all newly created firewalls will have the advantage that you can change the configuration of all firewalls with just a single change of the related repository node. However, in certain situations, it can be useful to maintain a firewall on its own. For this, you must remove all contained repository links of the affected firewall.

To turn a firewall into a distinct appliance, perform the following steps:

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > Boxes > your box.
  2. Right-click the node that references a specific repository entry.
  3. From the menu list, select Remove Link and keep settings.
  4. Click Activate.
  5. The Activate Changes window is displayed.
  6. Click Activate.

The firewall will now take over the last values from the repository-linked configuration node and copy them to its native Administrative Settings node. You can now maintain this firewall as a distinct appliance.