The Barracuda Firewall Control Center is designed for the central management of CloudGen Firewalls. Control Center admins configure security, content, traffic management, and network access policies from one central management interface. Template-based security information and configuration versions make it possible to manage all locations from one central system.
Configuration Tree
The configuration tree is a hierarchically organized set of nodes where each node stands for a certain state of configuration or a certain relationship between other nodes in the hierarchy of the tree. From an abstract point of view, each node has two basic functions:
- Identifying and naming aspects as a single entity.
- Subordinating other, multiple objects and representing them by a parental, single object.
Functionally, a node serves to give a user access to the information represented by the node:
- It displays an associated window with multiple sets of information for configuration purposes.
- It displays all subordinated nodes.
From an organizational point of view, the nodes of the configuration tree are arranged from top to bottom following a specific order that supports the user in navigating, locating, and pinpointing certain nodes with minimal effort.
Expanding and Collapsing Nodes
Nodes that are displayed with a leading '+' indicate that there is more information available. There are two ways of accessing the subordinated information:
- Click the '+' symbol to display the node's subordinated content. The '+' sign will turn into a '-' sign.
- You can also right-click a node. If applicable, a list will be displayed, and if the node offers additional subordinated information, you must click Expand in the list.
Both options are called Expand (a node).
To free space in the display window, you can Collapse a node. Once again, there are two ways of removing subordinated items from a display list:
- Click the '-' symbol to hide the node's subordinated contents. The '-' sign will turn into a '+' sign.
- You can also right-click a node. If applicable, a list will be displayed, and if the node offers additional subordinated information, you must click Collapse in the list.
Both options are called Collapse (a node).
Navigation in Large Configuration Trees
Navigation in the configuration tree does not usually take much time for a smaller number of managed appliances. However, the configuration tree in the Control Center can become quite large if companies must manage several hundred firewalls. Locating and/or expanding subordinated nodes, especially at a deeper level, can then become very time-consuming.
For more information on how to navigate in a large configuration tree, see How to Enable Dynamic Loading for Large Configuration Trees.
System Hierarchy: Ranges, Clusters, and Boxes
The Control Center organizes the managed Firewalls into a hierarchy of ranges and clusters, with the individual firewalls at the lowest level. The number of available ranges and clusters depends on which edition Control Center you are using. For more information on the available Control Center editions, see Firewall Control Center
Ranges
Ranges simplify the central administration of globally distributed firewalls. For each range, you can define global settings, spanning all clusters in the range. You must create at least one cluster in a range to be able to add CloudGen Firewalls. To make configuration easier, you can define the following range-wide configuration settings:
- Range Objects
- Range GTI Editor
- Range Statistics
- Range Access Control Objects
- Range QoS Shaping Trees
- Activation Template
For more information, see How to Manage Ranges and Clusters
Clusters
At the second level, clusters represent groups of firewalls. To make configuration easier, you can define the following cluster-wide configuration settings:
- Cluster Objects
- Cluster GTI Editor
- Cluster Statistics
- Cluster Access Control Objects
- Cluster QoS Shaping Trees
- Activation Template
For more information, see How to Manage Ranges and Clusters.
Boxes
Boxes represent the individual CloudGen Firewalls within a Control Center cluster.
For more information, see:
- How to Import an Existing CloudGen Firewall into a Control Center
- How to Add a New/Clone an Existing CloudGen Firewall to/in the Control Center
- How to Move, Copy, and Delete CloudGen Firewalls in the Control Center
Unmanaged Firewall
It is possible to display CloudGen Firewalls not managed by the Control Center, or the box layer of the Control Center in the Status Map.
For more information, see How to Display the Control Center Box Layer on the Status Map.
System Health and Status Monitoring
The Control Center continuously monitors the system status of all managed units and displays a summary on the Barracuda Barracuda Firewall Admin Status Map.
For more information, see CC Status Map Page.
Configuration Updates
The configuration for all managed firewalls is stored on the Control Center. When the admin activates a configuration change, it is automatically pushed out to the managed firewalls.
For more information, see CC Configuration Updates.
In case multiple managed firewalls must be bulk updated, it is now possible to activate selected firewalls to receive updates if configuration changes are made in the Control Center.
For more information, see How to Bulk Enable/Disable Firewalls to Receive Configuration Updates from CC.
Remote Management Tunnels
Remote firewalls not able to directly reach the Control Center connect to the Control Center via a remote management tunnel. These secure remote management tunnels are used for all communication, such as configuration updates, statistics, and monitoring updates.
For more information, see How to Configure a Remote Management Tunnel for a CloudGen Firewall.
VPN Offloading
To reduce traffic load for large deployments, Control Center-managed CloudGen Firewalls can be configured to handle remote management tunnels.
For more information, see How to Configure Management Tunnel Offloading Using an Access Controller.
Licensing on the Firewall Control Center
The Control Center automatically completes license activation for new firewalls. If pool licenses are used, the Control Center can assign and update license information for remote systems firewalls using these licenses.
For more information, see Licensing CloudGen Firewalls in the Control Center.
Firmware Updates on Managed Firewalls
The Control Center manages the deployment of hotfixes and firmware updates for all managed units. Updates and changes are pushed to the managed units and can be triggered manually or automatically at a preset time.
For more information, see How to Update Control Center-Managed CloudGen Firewalls.
Control Center Trust Center Model
Connections between the Control Center, CloudGen Firewalls, and Barracuda Barracuda Firewall Admin are authenticated with X509 private/public keys.The Control Center handles the certificate and authentication of remote firewalls and Barracuda Firewall Admin. The Control Center also stores a list of valid SSH keys for all managed units.
- Control Center connects to a managed CloudGen Firewall – During deployment, the public keys for the box certificate and the Control Center certificate are exchanged. These keys are used to authenticate all SSL connections between the Control Center and the managed units.
- Connecting to the Control Center with Barracuda Firewall Admin – Barracuda Firewall Admin can verify if the Control Center certificate is valid and if it is communicating with the intended Control Center by checking the certificate with the Control Center public key it has previously downloaded from the Control Center.
- Connecting to a managed CloudGen Firewall with Barracuda Firewall Admin – Barracuda Firewall Admin downloads the public key from the Control Center and then uses that key to verify the box certificate of the managed CloudGen Firewall.
For information on how to troubleshoot the certificate chain of trust, see the Authentication Level section in Control Center Troubleshooting.