Use the phionctrl utility to manage routing, IP addresses, interfaces, firewall processes, services, and modules for the Barracuda CloudGen Firewall.
The following phionctrl commands are available:
Command | Usage |
---|---|
phionctrl route | To display all active IP addresses, gateways, main routes, VPN interfaces, and the IP addresses of the running VPN service. |
phionctrl server | To manage and monitor running servers. |
phionctrl service | To manage services on a specific server without shutting down all available services. |
phionctrl module | To manage software modules. |
phionctrl ip | To manage IP addresses. |
phionctrl arp | To detect duplicate IP addresses in the network. |
phionctrl tell | To send unsolicited ARP requests. |
phionctrl proc | To view and handle processes on a Barracuda CloudGen Firewall. |
phionctrl hostid | To display the IDs of hardware components. |
phionctrl lic | To display license information for modules. |
phionctrl session | To view and kill management sessions. |
phionctrl usage | To monitor the CPU usage of all processes during a specified interval of time in milliseconds. |
phionctrl box | To monitor and manage processes specific to the Barracuda CloudGen Firewall (and not the operating system). |
phionctrl versions | To display the versions for modules. |
phionctrl startup | To start the Barracuda CloudGen Firewall subsystem (operating system) and its servers and services. |
phionctrl shutdown | To shut down the Barracuda CloudGen Firewall subsystem (operating system) and its servers and services. |
phionctrl neighbor show | To show IPv4 or IPv6 BGP neighbors. |
phionctrl boxinfo show | To display hostname, DNS server, route tables, routing interfaces, and IP addresses. |
phionctrl subscriptions | To display subscriptions on the Barracuda CloudGen Firewall. |
phionctrl dev | To display the status and properties of interfaces. |
phionctrl route
To display all active IP addresses, gateways, main routes, VPN interfaces, and the IP addresses of the active VPN service, use the following command:
phionctrl route show
Example Usage
The following table displays example output for the phionctrl route show command:
root@HQ-NG1:~]# phionctrl route show
---------- Active IPs ---------------
10.0.10.61/0 eth0 UP 00-0c-29-22-84-70
10.0.10.88/7 eth0 UP 00-0c-29-22-84-70
127.0.0.1/8 lo UP 00-00-00-00-00-00
127.0.3.1/8 pvpn0 vpn0 vpnr0 UP 00-00-00-00-00-00
172.16.0.254/0 eth3 UP 00-0c-29-22-84-8e
194.93.0.195/8 dhcp UP 00-0c-29-22-84-84
62.99.0.40/0 eth1 UP 00-0c-29-22-84-7a
---------- Active Routing Tables ----
vpnlocal 0
up device 192.168.0.0/8 dev pvpn0 src 0.0.0.0 metric 0 table vpnlocal foreign Name=
5 0 POLICY from 10.0.11.0/8
up device 172.16.0.0/8 dev vpn0 src 0.0.0.0 metric 0 table 5 foreign Name=
dhcp1 0 POLICY from 194.93.0.195/0
up device 194.93.0.0/8 dev dhcp src 194.93.0.195 metric 0 table dhcp1 foreign Name=
main 0
up device 194.93.0.0/8 dev dhcp src 194.93.0.195 metric 0 table main foreign Name=
up device 62.99.0.0/8 dev eth1 src 62.99.0.40 metric 0 table main Name=HQ-ISP1
up device 172.16.0.0/8 dev eth3 src 172.16.0.254 metric 0 table main Name=HQ-DMZ
up device 127.0.3.0/8 dev pvpn0 src 127.0.3.1 metric 0 table main foreign Name=
up device 127.0.3.0/8 dev vpnr0 src 127.0.3.1 metric 0 table main foreign Name=
up device 127.0.3.0/8 dev vpn0 src 127.0.3.1 metric 0 table main foreign Name=
up device 10.0.10.0/7 dev eth0 src 10.0.10.88 metric 0 table main foreign Name=boxnet
up device 194.93.0.254/0 dev dhcp src 194.93.0.195 metric 0 table main foreign Name=
HQ-ISP1 0 POLICY from 62.99.0.0/8
up gateway 0.0.0.0/32 dev eth1 via 62.99.0.254 src 62.99.0.40 metric 0 table HQ-ISP1 foreign Name=HQ-ISP1a
default 0
up gateway 0.0.0.0/32 dev eth1 via 62.99.0.254 src 62.99.0.40 metric 1 table default Name=HQ-ISP1a
---------- Active v6 IPs ---------------
---------- Active v6 Routing Tables ----
main 32767 POLICY from all/0 to all/0
[2014-03-20 16:11 CET] [-root shell-] [-Barracuda Networks-]
[root@HQ-NG1:~]#
Typically, information is dumped to the display with standard output (stdout). If necessary, you can also pipe information to a file. To pipe information to a file, append the following to the command:
> /path/filename
Use this format, for example, to write the output of a command to a file in the /tmp directory: [root@mybox:~] phionctrl route show > /tmp/route
The piping function might facilitate error localization. If you experience any problems, pipe the command output to a file and email the file to Barracuda Networks Technical Support.
phionctrl server
To manage and monitor running servers, use the phionctrl server command. Use the following syntax:
phionctrl server <option> [server-name]
You can use the following options with this command:
Option | Description |
---|---|
show | Displays the state and configuration of the server. The show option is useful for verifying that servers have been started, stopped, blocked, and restarted. Possible server states include the following:
The active parameter in the command output specifies if the server is active or inactive. Possible values for this parameter include:
|
start | Starts the specified server. For example, to start a server named mc: |
stop | Stops the specified server and all of its services. For example, to stop a server named mc: |
restart | When necessary, use this option to restart the server and its services (e.g., after making configuration changes), such as to restart a server named mc: You can verify the control daemon-managed restarting function by sending the stop option to the server and then reviewing the server and services that get restarted automatically. |
block | Blocks the specified server so that the control daemon will not restart it. The server and all of its services are permanently stopped. For example, to block a server named mc: |
unblock | Unblocks the specified server. For example, to unblock a server named mc: |
Example Usage
phionctrl service
To manage services on a specific server without shutting down all available services, use the phionctrl service command. Use the following syntax:
phionctrl service <option> [server-name] [service-name]
You can use the following options with this command:
Option | Description |
---|---|
show | Displays all servers and their active services on the firewall. The show option is useful for verifying that services have been started, stopped, blocked, and restarted. |
start | Starts a service manually. If the service is not blocked, it is started automatically by the control daemon. For example, to start the DNS service on a server named mc: phionctrl service start mc DNS |
stop | Stops a service on a specific server. If the service has not been blocked, it is later started automatically by the control daemon. For example, to stop the DNS service on a server named mc: phionctrl service stop mc DNS |
restart | Restarts a service on a specific server. You might need to restart a service after making manual configuration file changes. For example, to restart the DNS service on a server named mc: phionctrl service restart mc DNS |
block | Blocks a service so that is not started automatically by the control daemon. For example, to block the DNS service on a server named mc: phionctrl service block mc DNS |
Example Usage
phionctrl module
With the phionctrl module command, you can manage the following software modules:
- firewall
- cfirewall
- dhcpe
- dhcprelay
- ftpgw
- ospf
- policyserver
- spamfilter
- sshprx
- virscan
- vpnserver
- dns
- snmp
- proxy
- cfirewall
- mailgw
Use the following syntax:
phionctrl module <option> [module-name]
You can use the following options with this command:
Option | Description |
---|---|
show | Displays the state of the specified software module. For example, to view the state of the firewall module: phionctrl module show firewall |
start | Starts all services bound to the specified module. For example, to start the firewall module: |
stop | Stops the specified module. If the module was not blocked, it is then restarted by the control daemon. For example, to stop the dns module: |
restart | Restarts the specified software module. For example, to restart the dns module: |
block | Blocks the specified software module. If the software module is blocked, the corresponding services are not restarted by the control daemon. For example, to block the dns module: |
Example Usage
phionctrl ip
To manage IP addresses, use the phionctrl ip command. Use the following syntax:
phionctrl ip <option> [ip-address]
You can use the following options with this command:
Option | Description |
---|---|
show | Displays all active IP addresses and active routing tables. |
add | Adds the specified IP address. For example, to add the 10.0.10.12 IP address: phionctrl ip add 10.0.10.12 |
del | Deletes the specified IP address from the system. For example, to delete the 10.0.10.12 IP address: |
Example Usage
phionctrl arp
To detect duplicate IP addresses on your network, use the phionctrl arp command. You can detect duplicate IP addresses either for a specific IP address or for all configured IP addresses in the network. Use the following syntax:
phionctrl arp <ip-address> | all
The command uses the ARP protocol to assign an IP address to the physical address of a network card (MAC address). If a duplicate IP address is found, an error message related to the corresponding MAC address is displayed.
Example Usage
phionctrl tell
The ARP protocol is a passive protocol. For example, a network interface will remain silent until an ARP request is received. To send unsolicited ARP requests, use the phionctrl tell command. Use the following syntax:
phionctrl tell <ip-address>
Example Usage
The following table displays an example of how to send unsolicited ARP requests to the 10.0.10.10 IP address.
[root@ash:~]# phionctrl tell 10.0.10.10
send unsolicited ARP for 10.0.10.10 to 10.0.10.255 on eth0
phionctrl proc show
Use the phionctrl proc command to view information about processes and to kill processes. You can recall information for all processes, a specific process name, or a process ID.
You can use the following options with this command:
Option | Description |
---|---|
show | Displays all processes on a Barracuda CloudGen Firewall. Use the following syntax: phionctrl proc show all | [process-name] | [pid] |
kill [name] signal | Sends a 'kill' signal to the process named in the command. Use this command to terminate a single process. |
deepkill [pid] signal | Sends a 'kill' signal to the process with the ID named in the command. Use this command to terminate multiple processes in a group or tree. |
Example Usage
phionctrl hostid
To display the IDs of hardware components, such as the CPU ID, MAC addresses, and motherboard ID, use the phionctrl hostid command. This information is necessary for licensing purposes.
Example Usage
The following table displays example output for the phionctrl hostid command.
[root@ash:~]# phionctrl hostid
CPU-0000-0F29-003B-7040-0000-0000
BBS-BZTP44000670
MAC-00:0e:0c:4e:48:62
MAC-00:0e:0c:4e:48:63
phionctrl lic
To display license information, use the phionctrl lic command. You can display information either for all licenses or for a specific module. Use the following syntax:
phionctrl lic [module-name]
If a module name is entered, the specific license is displayed. A license is often issued for multiple services. If this is the case, then the scope of modules covered by the license is displayed in the subsection.
Example Usage
phionctrl session
To view and kill management sessions on a Barracuda CloudGen Firewall, use the phionctrl session command. Use the following syntax:
phionctrl session <option>
You can use the following options with this command:
Option | Description |
---|---|
show | Displays all open sessions on a Barracuda CloudGen Firewall and their PIDs. |
kill <pid> | Kills a management session for the specified PID. |
phionctrl usage
To monitor the CPU usage of all processes during a specified interval of time in milliseconds, use the phionctrl usage command. Use the following syntax:
phionctrl usage <interval-in-milliseconds> [r]
To also display all process names and split them into single PIDs, add the r option. The r option is useful for detecting a process that might be blocking the system.
Example Usage
phionctrl box
To monitor and manage processes that are specific to the Barracuda CloudGen Firewall (and not the operating system), use the phionctrl box command. Use the following syntax:
phionctrl box <option>
You can use the following options with this command:
Option | Description |
---|---|
show | Displays all processes specific to the Barracuda CloudGen Firewall. This option is also useful for verifying that all daemons are up and running. |
start <process> | Starts the specified process if it is down. |
stop <process> | Stops the specified process. If a service is blocked, it can be unblocked with this option. The control daemon then starts it again after a few seconds. |
restart <process> | Restarts the specified process. |
block <process> | Blocks the specified process. |
Example Usage
phionctrl versions
To display the versions for modules, use the phionctrl versions command. You can view the versions either for all modules or for a specific module. Use the following syntax:
phionctrl versions [module-name]
If a module name is entered, only the version for that module is displayed.
Example Usage
phionctrl startup and shutdown
To start and shut down the Barracuda CloudGen Firewall subsystem (operating system) and its servers and services, use the following commands:
Command | Descriptions |
---|---|
phionctrl startup | Starts the Barracuda CloudGen Firewall, reads all configuration files from the /opt/phion/config/active directory, and starts the daemons and services. |
phionctrl shutdown | Shuts down all services and the operating system. |
phionctrl neighbor show
To show IPv4 or IPv6 BGP neighbors, use the following commands:
Command | Descriptions |
---|---|
phionctrl neighbor show ipv4 | Shows all BGP neighbors with IPv4 addresses. |
phionctrl neighbor show ipv6 | Shows all BGP neighbors with IPv6 addresses. |
phionctrl boxinfo show
Displays information about hostname, DNS server, route tables, routing interfaces, and IP addresses.
phionctrl subscriptions
Displays status and details of all subscriptions on the Barracuda CloudGen Firewall.
phionctrl dev
Displays information about all interfaces on the Barracuda CloudGen Firewall, such as the interface name, status, and properties.