It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure a Firewall for Zero Touch Deployment

  • Last updated on

To deploy a firewall via Zero Touch Deployment (ZTD), the Control Center must be configured to sync with the Zero Touch Deployment service. Create the firewall configuration and push the basic configuration to the Zero Touch Deployment service. It is always recommended to order the firewall with the Zero Touch option. However, you can manually claim a firewall that was ordered without the Zero Touch option.

  • Orders placed with ZTD option – The firewall is automatically assigned to the Control Center. It cannot be claimed manually via the linking code to avoid having the wrong customer claim the firewall.
  • Orders placed without ZTD option The firewall is not associated with a Control Center. Manually claim the firewall on the Control Center or in the Zero Touch Deployment service web interface using the serial number and linking code supplied in the order confirmation email from Barracuda Customer Services. Firewalls claimed by Control Center can no longer be claimed by another Control Center using the same BCC account to connect to the ZTD service.

ztd_deployment.gif

Before You Begin

  • Verify that the hardware firewall model is supported for Zero Touch Deployment.
  • Verify that the appliance was ordered with the Zero Touch Deployment option, and that you received the order confirmation email with the serial number and linking code.
  • Verify that the Control Center and the remote firewalls can access ztd.barracudanetworks.com.

Zero Touch Deployment does not support multi-factor authentication. When deploying a firewall via ZTD, multi-factor authentication must be turned off for the user associated with the login- or Barracuda Cloud Control account.

Step 1. Configure Zero Touch Deployment Settings

Configure the Control Center to connect to the ZTD portal.

  1. Log into the Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Multi-Range > CC Parameters.
  3. Click Lock.
  4. In the left menu, click Zero Touch Setup.
  5. Configure the Zero Touch Deployment Configuration:
    • ZTD Service Server – Enter https://ztd.barracudanetworks.com
    • ZTD Service Port – Enter 443
      ztd01.png
  6. In the left menu, click BCC Authentication.
  7. Enter the ZTD portal Username.
  8. Set the ZTD portal Password.
    ztd01a.png
  9. Click Send Changes and Activate.

Step 2.  Create the Firewall Configuration

Prepare the firewall configuration on the Control Center. Verify that the cluster version and the firmware installed on the firewall match.

  1. Go to CONFIGURATION > Configuration Tree > your range > your cluster > Boxes.
  2. Right-click Boxes and select either Create Box Wizard or Create Box

For more information, see How to Add a New CloudGen Firewall to the Control Center and How to Configure a Remote Management Tunnel for a CloudGen Firewall.

Step 3. (Orders without ZTD option) Claim the Firewall

If the firewall was not part of a ZTD order, it can still be associated with the Control Center by manually claiming the appliance. The serial number and linking code required to claim a firewall is included in the invoice email and on the back of the Quick Start Guide included with the firewall. It is not possible to claim an appliance that has already been claimed on a different Control Center or that has been ordered as part of a ZTD order.

  1. Go to CONTROL > Zero Touch Deployment.
  2. Right-click on the firewall and select Claim Appliances for Zero Touch Deployment. The Claim Appliance from Zero Touch Deployment window opens.
    ztd02.png
  3. Enter the serial number and linking code.
    ztd04.png
  4. Click OK.

Step 4. Push the Basic Configuration

Push the basic configuration for the claimed firewall to the Zero Touch Deployment service.

  1. Go to CONFIGURATION > Configuration Tree > your range > your cluster > Boxes > your firewall
  2. Depending on the managed type of firewall, continue accordingly:
    1. For a managed single box, right-click the firewall and select Push Configuration to Zero Touch Deployment. The Push Configuration to Zero Touch Deployment window opens.
      ztd05.png
    2. For a managed HA pair of firewalls, right-click the firewall and select Push Configuration of Primary Box to Zero Touch Deployment for the primary firewall or Push Configuration of Secondary Box to Zero Touch Deployment for the secondary firewall.
      push_configuration_of_ha_box.png
  3. Select the matcher type to determine which firewall the basic configuration is assigned to.
    • All – The new firewall connecting to ZTD is selected.
    • Local IP/Subnet – The IP address or network assigned to the DHCP interface of the firewall.
    • Public IP/Subnet – The public IP address, as seen by the ZTD portal.
    • Serial Number – The serial number of the appliance.
  4. Depending on the matcher, enter the matching value.
    ztd06.png
  5. Click OK.

Go to CONTROL > Zero-Touch Deployment and verify that the appliance state is In Progress.

ztd07.png

As soon as the claimed firewall connects to ZTD, the firewall uses the basic configuration to connect to the Control Center. The ZTD status is Completed.

ztd08.png

Troubleshooting information can be found in the Zero Touch Deployment service web interface or in the ZTD log file Box/Config/daemon.log  and Box/Config/ztd.log

When pushing configurations from a CC to the ZTD service, the version number of the pushed configuration can even be lower than the firewall's firmware version as long as the version of the pushed configuration supports ZTD. However, this does not affect the need to keep a firewall's version in sync with existent range or cluster versions.