If you wish to use the Barracuda CloudGen Firewall system as a generic managed Linux platform, you may come up against situations where modifications might be desirable. You can also view this file to get an overview of the kernel relevant settings.
Configure Advanced System Settings
- Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > System Settings.
- Expand the Configuration Mode menu and select Switch to Advanced View.
- Click Lock.
- Configure the the parameters as listed in the below Advanced System Settings section.
- Click OK.
- Click Send Changes and Activate.
Advanced System Settings
The following settings are available for configuration:
IPv4 Settings
To specify IPv4 settings, select IPv4 Settings from the Configuration menu in the left navigation pane. You can specify the following settings:
Section | Setting | Description |
---|---|---|
SMP Settings - Performance Tuning | Interface CPU Assignment | From this list, you can select the following settings:
|
Receive Packet Steering | Depending on the processed traffic, enabling this setting gives you better overall throughput of the system. | |
Explicit Interface Assignment | In this table, specify an Interface Name and click OK. In the Explicit Interface Assignment window, specify the following settings:
| |
General IP Settings | TCP ECN Active | Enable this setting to reduce the TCP traffic when a router load is at a maximum and therefore packet loss is possible. |
IP Dyn Address | Select only if you are experiencing problems with network connections using dynamic IP address allocation (ADSL, cable modem). If the forwarding interface changes socket (and packet) along with this parameter enabled, the source address while in SYN_SENT state gets rewritten ON RETRANSMISSIONS. |
ARP Settings
To specify ARP settings, select ARP Settings from the Configuration menu in the left navigation pane. You can specify the following settings:
Setting | Description |
---|---|
ARP Src IP Announcement | Defines different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on an interface. This settings field uses the arp_announce setting, whose values have been translated by Barracuda Networks to any (internal value = 0), best (internal value = 1), and primary (internal value = 2). Note the following excerpt from the kernel documentation:
|
ARP Cache Size | The maximum number of entries allowed in the ARP cache (default: 8192). |
Routing Cache
Garbage collection is done regularly by the kernel. The entries shown here provide full access to all relevant kernel settings.
Section | Setting | Description |
---|---|---|
Routing Cache Settings | Max Routing Cache Entries | Specifies the maximum number of entries in the kernel’s routing cache. On systems with a large number of sessions and routed IP addresses, this value may need to be increased. |
Garbage Collection | GC Elasticity | Specified as integer log2 of an internal setting used to steer the sensitivity of the garbage collection algorithm. It is provided for completeness only. Changing it requires a thorough understanding of the GC algorithm to achieve the desired effect (default: 8, allowed values: 1, 2, 4, 8, 16, 32). |
GC Interval [s] | This setting is used by the kernel's regular GC loop and defines the loop time in seconds between two regular GC events (min: 1, max: 120, default: 60). | |
GC Min Interval [s] | The minimum time in seconds between two garbage collections (min: 1, max: 120, default: 60). This setting is provided because GC may either occur throughout a regular GC loop (see above) or may be triggered by a kernel event outside the regular loop. This setting warrants that in the latter case, GC is not to run too frequently. | |
GC Threshold | A threshold value of cache entries which is used to determine the necessity of garbage collection and to which extent (that is, how radical) entries must be removed (min: 1024, max: 65535, default: 8192). | |
GC Timeout [s] | Time in seconds after which an inactive routing cache entry is removed from the cache. Note that active entries may not be removed from the cache (min: 1, max: 300, default: 60). |
I/O Settings
The remaining block of configuration entries is special in so far as the IDE tuning option is only activated by rebooting the system. This prevents the user from repeatedly activating and deactivating this low-level setting on a running system. Doing so during full operation may freeze the operating system.
Setting | Description |
---|---|
I/O Tuning | Enable, if you wish to edit the maximum number of file handles and nodes that the OS kernel can handle. |
I/O Scheduler | From this list, you can select a specific Linux I/O scheduler or select the default scheduler (selected by Barracuda). |
Open Files (max) | The maximum number of open file descriptors that the Barracuda CloudGen Firewall system is prepared to handle (min. 8192, max. 655536). It is recommended that you do not allot more than 256 files per 4 MB of RAM. Changing the default setting is unnecessary if you do not experience any problems. |
CompactFlash
To specify flash memory settings, select CompactFlash from the Configuration menu in the left navigation pane. You can specify the following settings:
Section | Setting | Description |
---|---|---|
RAM Drive Settings | Size (in %) | The percentage of the total available RAM to be used in the tmpfs RAM partition (default: 20). If, instead, you want to specify this value in MB, delete any settings from this field. |
Size (in MB) | The size of the tmpfs RAM partition specified in MB. To enter a value in this field, you must clear any value from the Size (in %) field. | |
Log Settings | Size Settings | In this table, you can specify the maximum size settings for all log file types. However, you may not need to edit these settings because they are adjusted automatically for certain systems. If you do choose to add or edit a table entry for a log file, specify the resource and the maximum size of the service log files for the resource. |
Wrap Logfiles | Enable log cycling if required. | |
CompactFlash Settings | Disable CompactFlash mode | To disable the system from starting in flash RAM mode, regardless of the storage architecture that the flash RAM auto detection recognizes, select y es . |
Force CompactFlash mode | To start the system in flash RAM mode, regardless of the storage architecture that the flash RAM auto detection recognizes, select yes. |