How to Use Active Recovery Technology (ART)

Last updated on 2024-10-01 04:05:51

With Active Recovery Technology (ART), you can perform basic system configurations and recovery operations outside the Barracuda OS. From the ART menu, you can:

Reinstall the Barracuda CloudGen Firewall.
Test the system hardware (CPU, RAM, HDDs).
Retrieve system hardware information.
Start a basic command-line interface.
Change basic system configurations (hostname, management IP address, network routes).

ART is based on a very small Linux system. You can access it via the following methods:

Serial console – The default connection speed for the serial console is 19200 baud.
SSH – Use the SSH client in Barracuda Firewall Admin or another SSH client.
LCD display – On systems with an LCD display and keypad.

When you first boot the Barracuda CloudGen Firewall after installation or firmware update, you cannot access ART for 10 to 45 minutes (depending on the appliance model) while it generates the system configuration. To see if the according process (artsetup) is still running, refer to the Resources Page.
If the process was interrupted by a reboot of the system, it needs to be started manually. Launch the artsetup script in the /boot/art directory.

Entering the ART Menu

You can enter the ART menu after you reboot the Barracuda CloudGen Firewall or while the system boots up.

Enter ART after Rebooting the System from Firewall Admin

Go to the CONTROL > Box page.
In the left navigation pane, expand Operating System and click Reboot Box.

In the Reboot window, select the Reboot into Active Recovery Technology check box and click OK.

Enter ART from the Command-Line

To boot the CloudGen Firewall into ART on the Command-Line Interface:

touch /boot/art.lock

reboot

Enter ART via Bootloader Menu

By default, the bootloader menu is hidden for security reasons. In order to bring up the bootloader menu at startup, you must configure a time limit for keyboard input.

Go to CONFIGURATION > Full Configuration > Box > Advanced Configuration > Bootloader.
Click Lock.
Set the value for Loader Delay to 3 or higher. For more information, see How to Configure the Bootloader.

To enter the ART menu:

Boot the CloudGen Firewall.
Wait until the bootloader menu appears.
Select the second option to access Barracuda ART Recovery.

The ART Menu

If you are not using the SSH client in Barracuda Firewall Admin, make sure that your SSH client correctly forwards all functions keys to the serial console. If you are using PuTTY, enable Xterm R6 support in the PuTTY keyboard settings.

To navigate through the ART menu options, use the arrow and Esc keys. To select options, press the Enter key. You can select any of the following ART menu options via the serial console:

When accessed via SSH, the ART menu additionally features a Reboot option:

Test hard disk drive – Evokes a hard disk check tool. If bad blocks are found, you can only repair the hard disk file system with the command-line interface.
Test CPU – Performs a load test of all available CPUs.
Get hardware info – Displays all system information that is stored in a hidden partition, such as the serial number, initial installation date, etc.
Test RAM – Evokes a RAM checking utility. The entire RAM cannot be tested because the ART OS is stored on a part of the RAM.
System recovery – Reinstalls the system with a previously saved system configuration. For systems with a hard disk drive, an installation *.iso image and PAR file on a dedicated partition of the disk drive are used. Optionally, an *.iso image on a USB flash drive can also be used. For flash-only systems, a USB flash drive is required.
Configuration reset
Start shell
Reboot – Only available via SSH; use this option instead of Exit to save your configuration changes and reboot the unit.
Exit – Save and exit ART. Will only reboot the unit when accessed via the serial console. When accessed via SSH, use Reboot instead.

Saving and Recovering a System Configuration with ART

It is highly recommended that you save a working configuration of the Barracuda CloudGen Firewall for ART. When you recover the system with ART, this configuration will be used.

Flash-based systems like the Barracuda CloudGen Firewall F10 and F10x do not have a partition that is dedicated to storing the files required for recovering the system. For these systems, you must use a USB flash drive to save and recover your system configuration with ART. On the USB flash drive, save and rename the required PAR file as box.par. Save and rename the required firmware ISO image as netfence.iso.

Save a System Configuration for ART

Log into the Barracuda CloudGen Firewall.
Go to the CONTROL > Box page.
In the left navigation pane, expand Operating System and click Save Current Config for ART.

Recover a System Configuration with ART

If you did not save a system configuration for ART, the Barracuda CloudGen Firewall will be reinstalled with the default factory settings.

Enter the ART menu.
Select System recovery.

The Barracuda CloudGen Firewall will be reinstalled with the firmware version that it was shipped with.

Setting Only Basic Configuration Parameters using ART

Use this function with care. Modifying these important basic system configuration parameters is a massive operational modification and may prevent you from accessing your unit via Barracuda Firewall Admin and/or SSH.

It is possible to set a few important basic configuration parameters using the ART Basic Configuration menu. To enter this menu, perform the following steps:

At the command line, enter: setip

Note that the command is indeed spelled setip , not setup.

An ART screen appears as shown in the figure below. Now, using the arrow keys and Enter, select Basic Configuration.

Modify the Hostname, Management IP, Netmask, and/or Default Gateway fields as needed followed by pressing F3 to save the changed values.
Select Reboot to reboot the unit so that the changed values become effective.

Changing the Firmware Version Used by ART

ART always uses the firmware version that is shipped with the Barracuda CloudGen Firewall. After reinstalling your system with a new firmware version, you must update ART to use the same firmware version. Use the command line via the SSH client:

At the command line, change to the /art directory. Enter: cd /art
If an older file with the name GWAY-<old firmware version number>.iso already exists in the directory, delete this file:
rm GWAY-<old firmware number>.iso
Upload the new firmware ISO image to the firewall. The name of the file has the format GWAY-.... followed by the firmware version number, e.g., GWAY-8.3.1.0086.iso.
Change the file permission: enter chmod 755 GWAY-<firmware version number>.iso.

The content of the directory should be similar to this:

[root@firewall:~]# ls -al /art/
total 1615816
drwxr-xr-x.  3 root root       4096 Jul 26 15:40 .
dr-xr-xr-x. 22 root root       4096 Jul 26 16:01 ..
-rwxr-xr-x   1 root root    1659864 Jul 26 15:39 box.par
-rwxr-xr-x   1 root root 1652901888 Jul 26 15:40 GWAY-8.3.1-0086.iso
drwx------.  2 root root      16384 Jul 26 15:32 lost+found

Using ART with the Barracuda Firewall Control Center

You must enable ART before using it with the Control Center. Go to the CONFIGURATION > Box Properties page. In the left menu, expand Configuration and click Operational. From the ART Network Activation list, select yes.

For CloudGen Firewall units managed by the Barracuda Firewall Control Center, you can initiate remote management tunnels from the ART menu. You can also access the management IP address, VIP, default route, and remote management tunnel. If the system has an Internet connection, you can also connect to the management IP address and VIP via SSH.

ART only makes the default route and the route's dynamic network link available. ISDN or WWAN links are not available.

Saving and recovering a system configuration with ART does not work for the Control Center. This function is only available for the CloudGen Firewall.