To back up and save the configuration of the Barracuda CloudGen Firewall, use the phionar and conftool utilities. You have the option of compressing or encrypting PAR files. Encrypted archive files can be created for Firewalls and Control Centers using firmware 6.0.1 or higher.
phionar
Create and maintain archive files by using phionar. Use the following syntax:
phionar <operations> file.par | .pca <source directory>/* <options>
You can use the following operations:
Operations | Description |
---|
a | Adds specific files to an already existing archive. Use asterisks (*) to add all files in a directory to an archive. |
c | Creates a new archive. Use asterisks (*) to add all files in a directory to an archive. Otherwise, specify the file names individually. You can use this operation in combination with the following options: d – Adds whole directories and subdirectories to an archive. Without this option, only files found within the top level directory are added to the archive. l – Preserves links. Without this option, links are treated as regular files. p – Preserves all user and group information. If the p option is not used, the user executing the command takes over the ownership of the packed files. v – Verbose option for printing a log of all performed steps to the standard output. This option is useful if an archive is not created as expected. e – Aborts the action if an error occurs. 2 – Creates an archive with large file support. (v2.0) S – Slow write (delay).
To create an empty archive, use the c operation without any options. |
r | Removes files from an existing archive. The archive is not extracted. Use the correct file name. Otherwise, the file will not be deleted. To verify the file name, use the s operation. |
x | Extracts single files from an existing archive. The files inside the archive will not be deleted. When extracting files from an archive, the leading ./ (dotslash) can be ignored. If the archive contains that specific file, the file is extracted. |
k | Marks files or whole folders in an archive as deleted. Extracting a file that has been marked as deleted will delete a file of the same name in the target directory. Make sure that you use the correct file name, including a leading ./ (dotslash). To verify the file name, use the s operation. |
s | Displays the archive contents. |
E | Encrypt a PAR file. Requires -P (password set manually) or -Q (password set to serial number). |
D | Decrypt a PCA file. Requires -P (password set manually) or -Q (password set to serial number). |
Options | Description |
---|
-X or --exclude [pattern] | Defines skip patterns. Use when specifying a file name or pattern. |
-P [password] | Set the password for the encrypted PAR file. Encrypted PAR files use the PCA extension. |
-Q | Use the serial number as the password. This option cannot be used on pool-licensed, virtual Barracuda CloudGen Firewalls. |
Example Usage
The following sections provide examples of how to use the phionar command to create and maintain archives.
In the/tmp directory, create an archive named box.par that includes all files from the /opt/phion/config/configroot directory and subfolders.
[root@NGFW:~]# cd /opt/phion/config/configroot/
[root@NGFW:/opt/phion/config/configroot]# phionar cdl /tmp/box.par *
Display the contents of the newly created box.par archive.
[root@NGFW:/opt/phion/config/configroot]# phionar s /tmp/box.par
d 0 040755 0 0 LostAndFound
d 0 040755 0 0 LostAndFound/GCSID_procpar_cmdline_4399
d 0 040755 0 0 LostAndFound/GCSID_procpar_cmdline_4399/1832355359_box.conf
f 76 100600 0 0 box.conf
f 173 100600 0 0 box.desc
f 126 100644 0 0 box.param
f 1229 100600 0 0 boxadm.conf
f 253 100600 0 0 boxadm.desc
(optional) Adding a file (e.g,: /opt/phion/config/active/box.conf) to the existing box.par:
[root@NGFW:/tmp]# phionar a box.par /opt/phion/config/active/box.conf
Create an encrypted PCA archive by using a manually set password (default):
[root@NGFW:/tmp]# phionar cdl -E box.pca /opt/phion/config/configroot/*
Create an encrypted PCA archive by using the serial number as the password. Do not use on pool-licensed, virtual firewalls. PCA files created with the -Q option can be deployed on the firewall with that serial number without having to enter the password.
[root@NGFW:/tmp]# phionar cdl -E -Q box.pca /opt/phion/config/configroot/*
Verify the names of the files in the box.par archive.
[root@NGFW:/tmp]# phionar s box.par
f 13 100644 0 0 ./boxadm.param
f 19 100644 0 0 ./boxkey.conf
f 14 100644 0 0 ./boxkey.param
f 4 100600 0 0 ./box.par
d 0 040755 0 0 ./tmp
f 12 100644 0 0 ./tmp/box.desc
f 13 100644 0 0 ./tmp/boxadm.desc
f 15 100644 0 0 ./tmp/boxkey.desc
Remove all of the ./tmp files.
[root@NGFW:/tmp]# phionar r box.par ./tmp ./tmp/*
Verify that the ./tmp files have been removed.
[root@NGFW:/tmp]# phionar s box.par
f 13 100644 0 0 ./boxadm.param
f 19 100644 0 0 ./boxkey.conf
f 14 100644 0 0 ./boxkey.param
f 4 100600 0 0 ./box.par
Extract files that begin with box*.
[root@NGFW:/tmp]# phionar x box.par box*
Check the /tmp directory to verify that the box* files have been extracted.
[root@NGFW:/tmp]# ls -l
-rw-r--r-- 1 root root 13 Nov 14 16:33 boxadm.param
-rw-r--r-- 1 root root 19 Nov 14 16:33 boxkey.conf
-rw-r--r-- 1 root root 14 Nov 14 16:33 boxkey.param
-rw------- 1 root root 359 Nov 14 16:31 box.par
Mark the ./boxadm.param file as deleted.
[root@NGFW:/tmp]# phionar k box.par ./boxadm.param
Verify that the ./boxadm.param file has been marked as deleted.
[root@NGFW:/tmp]# phionar s box.par
R 0 000000 -1 -1 ./boxadm.param
f 19 100644 0 0 ./boxkey.conf
f 14 100644 0 0 ./boxkey.param
The following table displays an example of how to define skip patterns.
[root@NGFW:/tmp]# phionar a box.par -X myarchive0.par /opt/phion/config/configroot/box.conf
Decrypt a PCA archive file by using phionar on the Barracuda CloudGen Firewall F-Series or Control Center:
[root@NGFW:/tmp]# phionar D -P YOURPASSWORD box.pca box.par
Decrypt a PCA archive file using openssl version 1.1.0 and lower.
[root@LinuxHost:/tmp]# openssl enc -d -aes-256-cbc -pass pass:YOURPASSWORD -in myarchive.pca -out box.par
Decrypt a PCA archive file using openssl version 1.1.1 and higher.
[root@LinuxHost:/tmp]# openssl enc -d -aes-256-cbc -md md5 -pass pass:YOURPASSWORD -in myarchive.pca -out box.par
You can unpack a compressed PGZ archive on the command line:
[root@NGFW:/tmp]# zcat box.pgz > box.par
conftool
To create PAR files for Barracuda CloudGen Firewalls in a range or cluster of a Barracuda Firewall Control Center, use the conftool command. Use the following syntax:
conftool par [range_cluster] <output-directory>
Example Usage
This section provides examples of how to use the conftool command to create a range and cluster PAR file. The PAR files are saved to the /home/phion/CC-Boxes-PARs/ directory.
Create a PAR file for a range named 1.
[root@MC-Morrigan:/home/phion/CC-Boxes-PARs]# conftool par 1 /home/phion/CC-Boxes-PARs/
HQ-Perimeter-HA1
HQ-Perimeter-HA2
ISPs
RO-Munich
RO-Zurich
Create a PAR file for a cluster named Headoffice in a range named 1.
[root@MC-Morrigan:/home/phion/CC-Boxes-PARs]# conftool par 1_Headoffice /home/phion/CC-Boxes-PARs/
HQ-Perimeter-HA1
HQ-Perimeter-HA2
d 0 040755 0 0 LostAndFound
d 0 040755 0 0 LostAndFound/GCSID_procpar_cmdline_4399
d 0 040755 0 0 LostAndFound/GCSID_procpar_cmdline_4399/1832355359_box.conf
f 76 100600 0 0 box.conf
f 173 100600 0 0 box.desc
f 126 100644 0 0 box.param
f 1229 100600 0 0 boxadm.conf
f 253 100600 0 0 boxadm.desc