It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Configuration Files and Tree

  • Last updated on

The directory structure of Barracuda CloudGen Firewall systems is split into organizational units. You will find the configuration files arranged in administrative subunits within subdirectories of the configuration root directory. This article provides information on the directories that contain system configuration files.

Directories Containing Configuration Files

Configuration files for the system are contained in the following directories:

/opt/phion/config/configroot

The /opt/phion/config/configroot directory contains all configuration files that are constantly changed. The configuration tree of NG Admin starts in this directory. The box configuration is retrieved from this directory by Barracuda Firewall Admin. This directory will only contain empty configuration files for a fresh Barracuda CloudGen Firewall installation. If any service is added, the template files are copied from the corresponding directory at /opt/phion/modules/directory/box.

The Open configuration column displays the file structure as it is in this directory.

/opt/phion/config/active

The /opt/phion/config/active directory contains the active box configuration.

/opt/phion/modules/box

The /opt/phion/modules/box directory contains all default configuration (confdef) files and required scripts for activation and verification. The directory itself is split into several subdirectories. Usually, a corresponding subdirectory for each configuration file is found in the /opt/phion/config/configroot directory. Most subdirectories contain a bin directory with a verify and activate script or a binary or both.

Example for the directory structure:

[root@Bart:~]# cd /opt/phion/config/configroot/
[2005-10-07 16:57 UTC] [-root shell-] [-powered by Cuda IT-]
[root@Bart:
/opt/phion/config/configroot]# ll
total 176
drwxr-xr-x    9 root root         4096 Oct  7 15:40 .
drwxr-xr-x    8 root root         4096 Oct  7 15:40 ..
-rw-r--r--    1 root root          141 Oct  5 10:57 1
-rw-------    1 root root          421 Oct  5 10:31 boxadm.conf
-rw-------    1 root root          146 Oct  5 10:31 boxadm.desc
-rw-r--r--    1 root root          131 Oct  5 10:31 boxadm.param
-rw-------    1 root root          196 Oct  4 13:07 box.conf
-rw-------    1 root root          131 Oct  4 13:07 box.desc
-rw-------    1 root root         2580 Oct  4 13:07 boxkey.conf
-rw-------    1 root root          137 Oct  4 13:07 boxkey.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 boxkey.param
-rw-------    1 root root         1490 Oct  4 13:07 boxnet.conf
-rw-------    1 root root          135 Oct  4 13:07 boxnet.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 boxnet.param
drwxr-xr-x    2 root root         4096 Oct  4 13:07 
boxother
 -rw-------    1 root root          139 Oct  4 13:07 boxother.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 boxother.param
-rw-r--r--    1 root root          131 Oct  4 13:07 box.param
-rw-------    1 root root          857 Oct  4 13:07 boxqos.conf
-rw-------    1 root root          165 Oct  4 13:07 boxqos.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 boxqos.param
drwxr-xr-x    2 root root         4096 Oct  4 13:07 
boxsrv
 -rw-------    1 root root          142 Oct  4 13:07 boxsrv.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 boxsrv.param
-rw-------    1 root root          217 Oct  4 13:07 boxsys.conf
-rw-------    1 root root          142 Oct  4 13:07 boxsys.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 boxsys.param
drwxr-xr-x    2 root root         4096 Oct  7 15:07 
data
 -rw-------    1 root root          106 Oct  4 13:07 data.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 data.param
drwxr-xr-x    3 root root         4096 Oct  4 13:07 
gdata
 -rw-------    1 root root          107 Oct  4 13:07 gdata.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 gdata.param
drwxr-xr-x    3 root root         4096 Oct  4 04:51 LostAndFound
-rw-------    1 root root         3352 Oct  4 13:07 masterpub.conf
-rw-------    1 root root          167 Oct  4 13:07 masterpub.desc
-rw-r--r--    1 root root          131 Oct  4 13:07 masterpub.param
drwxr-xr-x    2 root root         4096 Oct  4 04:51 
pool
 -rw-------    1 root root         1227 Oct  4 13:07 roles.conf
rw-------
1 root root 164 Oct 4 13:07 roles.desc

This example shows the /opt/phion/config/configroot directory containing the boxnet.conf file. In the /opt/phion/modules/box directory, the boxnet subdirectory contains the .conf files and links to the activation and verification files.

The /opt/phion/modules/box directory contains two important subdirectories:

  • /opt/phion/modules/box/boxother This directory corresponds to Box Misc.
  • /opt/phion/modules/box/boxsrv This directory corresponds to Box Services.

Generally, all box services, such as the Firewall, Event, and Statistics services, are located in boxsrv. Other configuration items, such as authentication schemes, bootloader, or box licenses, are located in boxother. The confdef file determines the look of a window in Barracuda Firewall Admin (input fields, labels, buttons).

/opt/phion/modules/box/boxother

When a node is opened in the Box Misc. branch, the configuration is read from the /opt/phion/modules/box/boxother directory.

/opt/phion/modules/box/boxsrv

When a node is opened in the Box Services branch, the configuration is read from the /opt/phion/modules/box/boxsrv directory.

Subdirectories for the Configuration Tree Directory

On every Barracuda CloudGen Firewall system there is a configuration tree that contains all necessary information to keep the system up and running. The tree is at /opt/phion/config and contains the following subdirectories:

Manual changes within these directories can damage your system. For any necessary manual changes, you should contact Barracuda Networks Technical Support.

active

The active subdirectory contains the active configuration that is used by the currently running services. It contains two important files: boxadmin.conf and boxnet.conf.

configroot

The configroot directory is the directory for the GUI’s management configuration tree.

history

The history directory contains the DB files for internal use only. This directory must not be changed manually.

Do not make any changes to this directory.

sessions

The sessions directory contains information for opened sessions.

update

The update directory contains all files that are required for syncing with another system (e.g., high availability system).

Checking the Integrity of Configuration Files

To check the integrity of the boxnet.conf and boxadm.conf files, use the verify (/etc/phion/bin/verify) script. This script is also used for network configuration checks from the Barracuda Firewall Admin GUI.

The following table displays example output from running the verify script:

[root@winix:/var/phion/logs]# verify /opt/phion/config/configroot/boxnet.conf
SUCCESS: No obvious critical consistency errors in box configuration
Info:     [0140000]  º boxnet(k,ARGS): box reaches MC@10.0.6.3 from 10.0.6.31 via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm internal«
Info:     [0140000]  º boxnet(k,ARGS): box reaches MC@10.0.6.2 from 10.0.6.31 via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm internal«
Info:     [0140000]  º boxnet(k,ARGS): box reaches server NTP@10.0.6.96 from 10.0.6.31 via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm
internal«
Info:     [0140000]  º boxnet(k,ARGS): box reaches server DNS@10.0.6.90 from all via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm
internal«
Info:     [0140000]  º boxnet(k,ARGS): logical check passed
[ local networks ]
       |name    |addr               |dev      |ping |mgmt |ntpd
---------------------------------------------------------------net0
  |loop    |127.0.0.1/8        |lo       |y    |y    |n
net1
  |fw      |127.0.1.1/8        |tap0     |y    |n    |n
net2
  |vpn     |127.0.2.1/8        |tap1     |y    |n    |n
net3
  |vpnpers |127.0.3.1/8        |tap2     |y    |n    |n
net4
  |mip0    |10.0.6.31/8        |eth0     |y    |y    |y
net5
  |ospfVP  |10.0.151.33/8      |eth1     |y    |n    |n
[ management IPs ]
       |addr
-------------------------ip0
   |127.0.0.1/0
ip1
   |10.0.6.31/0
[ servers ]
1:  mw
        primary box:   winix [*]       10.0.6.31
        secondary box: linix           10.0.6.32
        1st server ip: 172.31.1.33     pingable=yes
        2nd server ip: 10.0.60.33      pingable=yes
2:  win0
        primary box:   winix [*]       10.0.6.31
        secondary box: -- none -
       1st server ip: 172.31.1.33     pingable=yes
       2nd server ip: 172.31.70.2     pingable=yes
       add server ip: 10.0.60.32      pingable=yes
       add server ip: 10.0.61.32      pingable=yes
       add server ip: 172.16.0.1      pingable=yes
       add server ip: 172.16.1.1      pingable=yes
       add server ip: 10.0.6.33       pingable=yes
       add server ip: 10.0.150.33     pingable=yes
[ IP tunnels ]
       |status  |name     |mode   |dev/src addr    |          local <-> remote
--------------------------------------------------------------------------------------tu0
   |ready   |tun1     |gre    |10.0.150.33/8   |    10.0.151.33 <-> 10.0.151.8
[ routing structure ]
Type  indicators: 'u' .... unicast, 'Ø' .... unreachable, '¤' .... stop lookup
State indicators: '®' .... ready, '×' .... pending, '¿' .... dynamic,  '¬' .... inactive
1:      u from 0.0.0.0/32 prio 0 table local
2:      u from 0.0.0.0/32 prio 3 table vpnlocal
3:      u from 0.0.0.0/32 prio 10000 table main

Activating Configuration Changes

Manual changes in the /opt/phion/config/configroot and /opt/phion/config/active directories can damage your system. For any necessary manual changes, you should contact Barracuda Networks Technical Support. Always back up the running files in the /opt/phion/config/active directory before changing the configuration manually.

From the CLI, you can change your system configuration by editing the files in the /opt/phion/config/configroot directory. After checking the integrity of the edited files, copy them to the /opt/phion/config/active directory that contains active system configurations. Then execute the activate command to activate your changes. You must also refresh Barracuda Firewall Admin to display your new configurations.

To change and activate configuration changes from the CLI:

  1. Back up the files in the /opt/phion/config/active directory.
  2. At the command line, change to the /opt/phion/config/configroot directory.
  3. Make the required changes to the appropriate file. For example, you can edit the boxnet.conf file.
  4. Change to the /bin directory at /opt/phion/modules/box/ for the configuration file that you edited. Enter:
    • cd /opt/phion/modules/box/<config file>/bin
    For example, to change to the /bin directory for the boxnet.conf file:
    • cd /opt/phion/modules/box/boxnet/bin
  5. Verify the integrity of the configuration file that you edited in the /opt/phion/config/configroot directory. Enter:
    • verify <path to the file in configroot directory>
    For example, to verify the integrity of the boxnet.conf file:
    • verify /opt/phion/config/configroot/boxnet.conf
  6. After the edited configuration file has been successfully checked, copy it to the /opt/phion/config/active directory.

    To avoid the Box activation alert symbol being displayed on the screen, you can also use the command:
    mv /opt/phion/preserve/boxnet.conf /opt/phion/config/active/boxnet.conf , instead of copying the file.

  7. Change into the /bin directory at /opt/phion/modules/box/ and activate the configuration.
    • cd /opt/phion/modules/box/<config file>/bin
    • activate
    For example, to activate changes to the boxnet.conf file:
    • cd /opt/phion/modules/box/boxnet/bin
    • activate
  8. Refresh the configurations in Barracuda Firewall Admin. You have two options:

    • Click Disconnect and then click Reconnect.

    • In the Config Tree, right-click the top node and select Refresh Complete Tree.

    Because Barracuda Firewall Admin displays configurations from the /opt/phion/config/configroot directory and not the /opt/phion/config/active directory, it is important that you refresh the Config Tree after making configuration changes in the CLI. Otherwise, Barracuda Firewall Admin overwrites your changes and displays settings from a cache of the previous configuration.