It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Configure Custom Box Descriptors and Filter Managed Firewalls in Different Data Views

  • Last updated on

To configure a CloudGen Firewall, you must give the appliance a name to make it identifiable. Administrators can thereby distinguish it from other computer devices in the network. However, if companies operate at different locations, a single edit field to identify a device is not sufficient.

As of firmware release 8.0.5 (with exception of firmware 8.2.0), the Control Center provides additional information fields you can configure to more clearly identify managed CloudGen Firewalls in multiple networks that relate to the structure of your organization. These freely customizable data fields, called custom box descriptors, can be configured exclusively in the Control Center and can also be written and read via REST.

For multiple Control Centers that are configured to operate in a parent-to-child relation, all configured box descriptor fields are propagated transparently from the parent to all child-related Control Centers.

Before You Begin

Important Considerations for Configuring Custom Box Descriptors
  1. Custom box descriptors are an advanced configuration option. In order to use them, you must switch to Advanced Configuration Mode at the bottom of the left menu in the display area of the respective configuration window.
  2. The configuration of a custom box descriptor provides maximum flexibility for defining a certain set of edit fields to cover an individual use case. Each member of a set contains two components:
    1. Label – The label is needed to classify the custom box descriptor. For example: if you require a custom box descriptor that refers to your headquarters, the name of the label would be HQ.
    2. Extended name.
  3. You can configure up to 15 custom box descriptor fields that can later receive any chosen value to extend the standard name of the firewall. These fields are an ordered set ranging from 1 to 15, where edit field 1 is treated with the highest priority and edit field 15 with the lowest, making the first data entry of the list always displayed on top. These edit fields can be found at your Control Center > CONFIGURATION > Configuration Tree > Multi Range > Global Settings > CC Parameters.
    overview_section_custom_box_descriptors.png
    Each string you enter in one of these edit fields represents the label for a custom box descriptor field.

  4. Each string then maps to an analog position as a label in the configuration section for a custom box descriptor field in the Properties node of a managed firewall. If no label for any custom box descriptor is defined, the related user interface area will be empty, as shown by the dotted rectangle below:
    operational_settings_with_empty_area_for_custom_box_descriptors.png

    Because custom box descriptors are configurable only in Control Centers, they will not show up in the Properties window when you are logged into the managed firewall.

  5. After a custom box descriptor is configured, it will show up for every managed firewall in the respective section of the Properties node.

    It is not possible to configure custom box descriptors individually for different managed firewalls.
  6. A custom box descriptor field must be configured in two steps, where each step must be executed in a dedicated section of the user interface of the Control Center's configuration tree.
    The following example is not mandatory. It simply explains one kind of use case.

    1. In the first step, you must define the name of the user interface label for a certain descriptor field.

      By selecting an appropriate name for a label, you can influence how much the name serves as an implicit, self-explanatory label for creating a hierarchical naming path in terms of a naming tree, e.g., HQ.area1.subarea1.factory1. ... and so forth.


      custom_box_descriptors_labels_defined.png

      Note that the maximum length for a custom box descriptor label is 25 characters.

    2. In the second step, the associated descriptor field appears in the configuration section of the Properties node of a managed firewall with the configured label.
      operational_settings_with_filled_area_for_custom_box_descriptors.png

  7. Custom box descriptor fields that have no label defined in CC Parameters > Custom Box Descriptors do not appear in the user interface section of the Properties node for configured descriptor fields. For example, if you delete the value Firewall Subarea 1 in the list of labels, the list of valid custom box descriptors will display the sequence: Firewall HQ - Firewall Area 1 - Factory 1.

    If you delete one label in the chain of descriptor fields, the subsequently filled fields will be moved up in the Custom Box Descriptors list of the Properties node.
    By contrast, if you re-insert a value into an empty edit field, the custom box descriptor field will be (re-)displayed with the new label for the edit field.

    In order to avoid confusion and unnecessary configuration time, it is recommended to thoroughly plan the naming scheme before configuring the labels. This is especially necessary if you manage a large number of firewalls at different locations.
  8. After making changes to the list of CC Parameters > Custom Box Descriptors, you must re-open the Firewall Admin session. That is, you must close and re-open the Properties node to see the changes.

How to Configure Custom Box Descriptors

Enter all names for the labels of the required custom box descriptors.

  1. Log into the Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Multi Range > Global Settings > CC Parameters > Operational Setup.
  3. Click Lock.
  4. Enter the required name(s) for the custom box descriptor label(s) into the relevant edit field(s).
  5. Click Send Changes / Activate.
    custom_box_descriptors_labels_defined.png

Assign the extending names to the different classes of your custom box descriptors:

  1. Go to CONFIGURATION > Configuration Tree > Multi Range > Global Settings > your Range > your Cluster > Boxes > your box > Properties > Operational.
  2. Click Lock.
  3. Assign the required name(s) to the categories of your custom box descriptor labels.

  4. Click Send Changes / Activate.
    custom_box_descriptors_data_entered.png

    Note that the maximum length for a custom box descriptor value is 100 characters.

Filtering Function of Custom Box Descriptors

Custom box descriptors help you to gain a better overview of a large number of managed firewalls. For this reason, custom box descriptors also serve as a filter to let you display only a subset of managed firewalls.

In order to see custom box descriptors as a filter, you must disconnect and then reconnect your session to the Control Center.

A Custom Box Descriptor can be used as a filter:

custom_box_descriptors_in_cc_status_map.png

These filters can be used in the following view:

  • CONTROL > Status Map
  • CONTROL > Configuration Updates
  • CONTROL > Firmware Updates
  • CONTROL > Pool Licenses
  • DATABASE > Box
  • EVENTS
  • CONFIGURATION > right worktable > Boxes

How to Filter for Specific Firewalls

The following instructions refer to the given values above. So let's assume you have already configured several firewalls for multiple regions/countries and want to display all firewalls for the region "Europe".

  1. Log into your Control Center.
  2. Go to CONTROL > Status Map.
  3. Locate the column with the name Firewall HQ.
  4. Click the cell with the name Filter above the name of the column Firewall HQ.
  5. Enter fw_HQ_Europe into the filter cell.
  6. Now, only firewalls are displayed where the entry applies to the filter value.

custom_box_descriptors_in_cc_status_map_filter_active.png