To be able to continuously update and improve frequently used features based on real-world data, the Barracuda CloudGen Firewall sends performance and usage data to the Barracuda telemetry servers. Sending statistics is opt-out for new or freshly installed CloudGen Firewalls, and opt-in for updated firewalls. After collecting data, the CloudGen Firewall starts one attempt to update the telemetry data via an HTTPS connection. If the connection to the update servers fails, no further attempts are made until the next day. A copy of all parameters sent to the telemetry servers is logged every time an update is initiated. The Barracuda Firewall Control Center sends data collected only on box level. No data from the Control Center layer is collected. For firewalls in the public cloud (AWS, Google, or Azure), telemetry cannot be completely disabled; the minimal set of parameters is always transmitted.
Barracuda Telemetry Server
- airlock.nap.aws.cudaops.com
Telemetry Parameter List
Name | Key | Value Type | Description |
---|---|---|---|
General Information | |||
Serial Number | serial | Number | Serial number of the box |
MAC Address | mac | MAC address (hex format) | MAC address used for the license |
Model | appliance | Type | The appliance type, e.g., T100 for a CloudGen WAN T100 or VT1500 for a virtual appliance VT1500 |
Model | model | Type | The appliance type, e.g., T100 for a CloudGen WAN T100 or VT1500 for a virtual appliance VT1500 |
Virtual Subtype | virt_subtype | Type | Information about the hypervisor |
DevMap | devmap | Text | Device mapping |
Number of CPUs | numcpu | Number | Number of CPUs |
Memory Usage | memory | Percent | Percent of used memory |
Swap Usage | swap | Percent | Percent of used swap memory |
Average CPU Load | cpu | Float | 15-Minute CPU average load at the moment of collecting the data |
Used Firmware Partition | diskfirmware | Percent | Allocation of partition "/" in percent |
Used Data Partition | diskdata | Percent | Allocation of partition "/phion0" in percent |
Firmware Version | firmware | Version String | Version of the CloudGen WAN firmware software |
Hotfixes | hotfixes | String | Name of installed hotfixes. |
Uptime | uptime | Seconds | Box uptime in seconds |
Box location | country | Location | Location of the box if configured |
Stand-Alone / Centrally Managed | mcmanaged | Yes / No | Is box managed by a control center |
EU Expiration Date | euexpiration | Date | Expiration Date of Energize Updates |
EU Status | eustate | Status | Status of Energize Updates |
License Status | licstatus | Status | Status of the license |
Firewall Insights Configured | fwinsights_configured | Yes / No | Is Firewall Insights configured |
Firewall Insights Licensed | fwinsights_licensed | Yes / No | Is Firewall Insights licensed |
Virtual WAN for Azure Cloud | azurevwan_configured | Yes / No | Is vWAN for Azure Cloud enabled |
Class | class | number | Always 22 |
Web User Interface | ismanagedbywebui | Yes / No | Is Web UI enabled |
Kernel Architecture | kernelarchitecture | String | Kernel Architecture |
Metered Cloud Device | metered_ng | Yes / No | Is the appliance a metered cloud appliance |
Time | server_timestamp | Time | Current time as Unix timestamp |
Telemetry configuration | telemetry_amount | String | Minimal or full telemetry |
Virtual Routing and Forwarding | vrf | Number | Number of VRF instances in use |
Services | |||
App Control | appcontrol | Status | Shows the status of Application Control (license and activation) |
SSL Inspection | sslice | Enabled / Disabled | SSL Inspection for firewall service enabled |
Port Protocol Protection | protocolprotection | Enabled / Disabled | Is protocol protection in the firewall service enabled |
Google Safe Search | safesearch | Enabled / Disabled | Google Safe Search enabled |
YouTube for Schools | ytforschools | Enabled / Disabled | YouTube for schools enabled |
URL Filter | cofs | Enabled / Disabled | Web filter service enabled |
Virus Scanner | virscan | Enabled / Disabled | AV Scanner service installed |
Avira Virus Scanner | avira | Enabled / Disabled | Avira AV Scanner enabled |
Virus Scan in Firewall | fwavscan | Enabled / Disabled | AV Scan used in access rule(s) |
HTTP Proxy | proxy | Enabled / Disabled | HTTP proxy service installed |
HTTP Proxy mode | proxymode | Reverse / Forward / Transparent | HTTP Proxy mode |
Proxy SSL Inspection | squidbump | Enabled / Disabled | SSL Intercept mode from proxy service enabled |
DHCP Enterprise | dhcpe | Enabled / Disabled | DHCP Enterprise service installed |
DHCP Relay | dhcprelay | Enabled / Disabled | DHCP relay service installed |
SSH Proxy | sshprx | Enabled / Disabled | SSH proxy service installed |
FTP Gateway | ftpgw | Enabled / Disabled | FTP Gateway service installed |
OSPF Routing | ospf | Enabled / Disabled | OSPF service installed |
Mail Gateway | mailgw | Enabled / Disabled | Mail Gateway service installed |
SPAM Filter | spamfilter | Enabled / Disabled | Spam filter service installed |
DNS Service | dns | Enabled / Disabled | DNS service installed |
DNS Health Probes | dns_healthprobes | Number | Number of configured health probes |
DNS Primary Zones | dns_master_zones | Number | Number of configured primary zones |
DNS Records | dns_records | Number | Number of configured records |
Split DNS | dns_split_dns | Enabled / Disabled | Split DNS enabled |
IPS | ips | Enabled / Disabled | IPS detection enabled |
IPS Report-Only Mode | ipsreportonly | Enabled / Disabled | IPS report-only mode enabled |
IPS Scan Mode | ipsscanmode | Full / Fast / Auto | IPS scan mode |
Stream Reassembly | streamreassmbly | Yes / No / Auto | Mode of the stream reassembly for the firewall service |
RPC Tracking | rpc | Enabled / Disabled | RPC tracking enabled |
Guest Access | guestaccess | Enabled / Disabled | Guest access enabled |
Audit Log | audit | Enabled / Disabled | Firewall Audit logging enabled |
Audit Type | audittype | String | Audit log handling |
Fwaudit Service | ccfwaudit | Enabled / Disabled | Fwaudit service enabled |
Fwaudit Service | fwaudit | Enabled / Disabled | Fwaudit service enabled |
RCS | rcs | Enabled / Disabled | Version Control System for the Configuration enabled |
IPFIX Streaming | ipfixstream | Enabled / Disabled | IPFIX streaming enabled |
Syslog Streaming | syslogstream | Enabled / Disabled | Syslog streaming enabled |
SNMP Service | snmp | Enabled / Disabled | SNMP service installed |
QoS | qos | Enabled / Disabled | Quality of Service (Shaping) enabled |
App-Based Provider Selection | appbasedprovider | Enabled / Disabled | Enables/Disables the provider (ISP) selection based on the application detection (e.g., Facebook uses ISP1 and Google uses ISP2) |
SIP Proxy | sipproxy | Enabled / Disabled | SIP proxy service installed |
TCP Proxy | tcpproxy | Enabled / Disabled | TCP proxy for firewall service enabled |
VPN Service | vpnserver | Enabled / Disabled | VPN service installed |
Wi-Fi Service | wlan | Enabled / Disabled | Wi-Fi service enabled |
Firewall | |||
Number of Access Rules | fwrulesenable | Number | Number of forwarding access rules |
Number of Application Rules | apprulesenable | Number | Number of application rules |
Number of Network Objects | netobjs | Number | Number of network objects in the forwarding firewall |
Number of App Objects | appobjs | Number | Number of application objects in the forwarding firewall |
Number of URL Filter Objects | urlcatpolicys | Number | Number of URLCAT policies configured in the forwarding firewall |
Number of Connection Objects | connectionobjs | Number | Number of connection objects in the forwarding firewall |
Dynamic Bandwidth Traffic Duplication | connobj_dynbw_duplicate | Enabled / Disabled | Dynamic bandwidth traffic duplication enabled |
Dynamic Bandwidth Policy | connobj_dynbw_policy | Number | Dynamic bandwidth policy: Bandwidth, Latency, Quality, Upstream, Downstream, None |
VPN Transport Selection | connobj_vpnroutes | Number | VPN transport selection information: Quality, Bulk, Fallback, BestBandwidth, BestLatency, BestQuality |
Traffic Statistics | dtv_bytesfwd | Number | Bytes forwarded in 24 hours |
Traffic Statistics | dtv_bytesin | Number | Incoming bytes in 24 hours |
Traffic Statistics | dtv_bytesout | Number | Outgoing bytes in 24 hours |
Forwarding Firewall | firewall | Enabled / Disabled | Forwarding firewall enabled |
AV Service BATP | fwatd | Enabled / Disabled | AV Service BATP enabled |
Number of Schedule Objects | schedules | Number | Number of time schedule objects in the forwarding firewall |
Number of Proxy ARP Objects | proxyarpobjs | Number | Number of proxy ARP objects in the forwarding firewall |
Number of Generic IPS Patterns | genipspattern | Number | Number of generic IPS patterns in the forwarding firewall |
Number of Bridge Groups | bridginggroups | Number | Number of bridge groups in the forwarding firewall |
NAC Service | policyserver | Enabled / Disabled | NAC service enabled |
Active Protected IPs | protIP_active | Number | Number of active protected IPs |
Licensed Protected IPS | protIP_licensed | Number | Number of licensed protected IPS |
URL Categorization | urlcat | Enabled / Disabled | URL categorization enabled |
VPN | |||
Mobile Portal | vpn_mobile_portal | Enabled / Disabled | VPN Mobile Portal enabled |
Mobile App Access | vpn_mobile_app_access | Enabled / Disabled | VPN Mobile App Access enabled |
Number of Web Forwards | vpn_web_forwards | Number | Number of the VPN web forwards |
Number of Apps | vpn_applications | Number | Number of VPN applications |
Number of VPN Profiles | vpn_profiles | Number | Number of VPN profiles |
VPN FIPS | vpn_fips | Enabled / Disabled | Use only Federal Information Processing Standards (FIPS)-compliant algorithms and libraries for cryptography. First usage in firmware version 8.3.2. |
VPN Clients | |||
Number of Client-to-Site Tunnels | vpn_client2site_tunnels | Number | Number of all Client-to-Site tunnels |
Number of Client-to-Site Tunnels with Windows Clients | vpn_client2site_windows | Number | Number of Client-to-Site tunnels with Windows clients |
Number of Client-to-Site Tunnels with Mac Clients | vpn_client2site_mac | Number | Number of Client-to-Site tunnels with Mac clients |
Number of Client-to-Site Tunnels with Linux Clients | vpn_client2site_linux | Number | Number of Client-to-Site tunnels with Linux clients |
Number of Client-to-Site Tunnels with BSD Clients | vpn_client2site_bsd | Number | Number of Client-to-Site tunnels with BSD clients |
Number of Client-to-Site Tunnels with Android Clients | vpn_client2site_android | Number | Number of Client-to-Site tunnels with Android clients |
Number of Client-to-Site Tunnels with IPsec Clients | vpn_client2site_ipsec | Number | Number of Client-to-Site tunnels with IPsec clients |
Number of Client-to-Site Tunnels with L2TP Clients | vpn_client2site_l2tp | Number | Number of Client-to-Site tunnels with L2TP clients |
Number of Client-to-Site Tunnels with PPTP Clients | vpn_client2site_pptp | Number | Number of Client-to-Site tunnels with PPTP clients |
VPN Tunnels | |||
Dynamic Path Selection (SD-WAN) | vpn_dynamic_path_selection | Enabled / Disabled | Indicates if at least one VPN tunnel uses SD-WAN |
Dynamic VPN Routing | vpn_dynamic_vpn_routing | Enabled / Disabled | Shows if dynamic routing via VPN tunnels is enabled |
WAN Opt | vpn_wanopt | Enabled / Disabled | Shows if WAN optimization is enabled for the VPN service |
SSL VPN | vpn_sslvpn | Enabled / Disabled | Shows if SSL VPN is enabled for the VPN service |
Single Routing Table | vpn_single_routing_table | Enabled / Disabled | Shows if the VPN routes are added to the main routing table, or if separate routing tables are used |
Dyn Mesh | vpn_dynamic_mesh | Enabled / Disabled | Shows if Dyn Mesh is enabled for the VPN service |
Number of IPsec Site-to-Site Tunnels | vpn_site2site_tunnels_ipsec | Number | Number of site-to-site tunnels with IPsec |
Number of TINA Site-to-Site Tunnels | vpn_site2site_tunnels_tina | Number | Number of site-to-site tunnels with TINA |
Number of TINA Site-to-Site Transports | vpn_site2site_tunnels_tina_transports | Number | Number of site-to-site TINA VPN transports |
Number of Down Site-to-Site Tunnels | vpn_site2site_tunnels_down | Number | Number of site-to-site TINA VPN transports or IPsec tunnels that are currently down (for whatever reason) |
Number of VPN Tunnels with Enabled Dynmesh | vpn_site2site_tunnels_dynmesh_enabled | Number | Number of VPN tunnels with enabled dynmesh |
Number of SD-WAN-VPN Tunnels with Enabled Dynmesh | vpn_site2site_tunnels_sdwan_dynmesh_enabled | Number | Number of SD-WAN-VPN tunnels with enabled dynmesh |
Number of SD-WAN-VPN Tunnels | vpn_site2site_tunnels_sdwan_enabled | Number | Number of SD-WAN-VPN tunnels |
Number of Connected SSL-VPN Clients | vpn_sslvpn_clients | Number | Number of connected SSLVPN clients |
Authentication | |||
DC Client | auth_dcclient | Enabled / Disabled | Authentication via DC Agent / DC Client enabled/disabled |
TS Agent | auth_tsclient | Enabled / Disabled | Authentication via TS Agent / TS Client enabled/disabled |
Wi-Fi AP | auth_wifiap | Enabled / Disabled | Authentication via Wi-Fi access point enabled/disabled |
Networking | |||
3G (UMTS) | net_umts | Enabled / Disabled | Is UMTS setup enabled or disabled |
xDSL | net_dsl | Enabled / Disabled | Is DSL connection enabled or disabled |
Barracuda DSL Modem | net_barracuda_dsl_mode | bridgemode / advancedmode | How is the Barracuda DSL Modem configured |
net_barracuda_dsl_wan1 | Enabled / Disabled | Is DSL/WAN1 enabled or disabled | |
net_barracuda_dsl_wan2 | Enabled / Disabled | Is WAN2 enabled or disabled | |
DHCP | net_dhcp | Enabled / Disabled | Is DHCP connection enabled or disabled |
Wi-Fi | wifi | Enabled / Disabled | Is Wi-Fi connection enabled or disabled |
HA | net_ha | Enabled / Disabled | Is HA setup enabled or disabled |
IPv6 | net_ipv6 | Enabled / Disabled | Is IPv6 setup enabled or disabled |
Percentage of Network Ports Used | net_portusedperc | Percent | Percentage of network ports used |
Number of VLANs | net_vlans | Number | Number of VLANs used on the box |
Number of Ethernet Bonds | net_bonds | Number | Number of bonded network ports |
Number of Uplinks | net_portused | Number | Number of network ports in use |
SSD | |||
Media Wearout Level of disk Number <n> | ssd<n>_wearout | Number | Normalized value indicating the sanity of the SSD (Intel SSDs) disk number <n>: 100=brand new; 1=worn out |
Endurance Level of disk Number <n> | ssd<n>_endurance | Number | Normalized value indicating the prospective lifetime of the SSD (Innodisk SSDs) disk number <n>: 0=brand new; 100=at the end of the lifetime as defined by the manufacturer |
Control Center | |||
Managed Firewalls | managed_boxes_total | Number | Number of CloudGen Firewalls managed by the Control Center |
Managed Enabled Firewalls | managed_boxes_enabled | Number | Number of enabled CloudGen Firewalls managed by the Control Center |
Workspace Count | workspace_count | Number | Number of workspace configured on the Control Center |
Workspace Modified Timestamp | workspace_modified_timestamp | Time | The last modification time of all workspaces on the Control Center |
Events | |||
Firmware Update | firmware_update | JSON Object | Report success or errors concerning the automatic download and installation of firmware updates |
License | license | Error String | Only on CloudGen WAN appliances: report if a license stamp request fails |
Virus scanner | virus_scanner | JSON Object | Report failed virus scans |
Enable / Disable Telemetry Data
Sending usage statistics aids in future product planning. You can enable or disable the sending of usage statistics.
- Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings.
- In the left menu, click Telemetry Data.
- Click Lock.
- In the Telemetry Data Options section, select one of the following options:
- Full Data
- Minimal Data
- Disabled (This option is not available for firewalls in the public cloud).
- (optional) If you want the firewall to log submitted telemetry values, then activate the check box for Log Telemetry Data.
- Click Send Changes and Activate.
Enable / Disable Telemetry Data from a Control Center
You can enable/disable the sending of telemetry data by selecting multiple managed boxes (bulk configuration) in a list in the Control Center.
- Go to CONFIGURATION > Configuration Tree > Multi Range.
- Enlarge the list view area on the right side of the main view.
- Select all boxes for which you want to enable/disable the sending of telemetry data.
- Right-click on a selected box.
- Select Share Telemetry Data in the list.
- Another list is displayed.
- Select one of the following options:
- full data – All telemetry data is sent.
- minimal data – Only a basic set of telemetry data is sent.
- disabled – Do not send any telemetry data.
If the column Telemetry is selected to be displayed, the cell contents will display the telemetry status for each appliance: