We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Central Management

  • Last updated on

The Barracuda NG Control Center is designed for the central management of Barracuda NG Firewalls. NG Control Center admins configure security, content, traffic management, and network access policies from one central management interface. Template-based security information and configuration versions make it possible to manage all locations from one central system. 

System Hierarchy: Ranges, Clusters and Boxes

CC_hierarchy.png

The Barracuda NG Control Center organizes the managed NG Firewalls into a hierarchy of ranges and clusters, with the individual box configurations at the lowest level. The number of available ranges and clusters depends on which edition NG Control Center you are using:

  • Standard Edition – One range, one cluster, unlimited number of boxes (NG Firewalls).
  • Enterprise Edition –  One range, unlimited number of clusters, unlimited number of boxes (NG Firewalls).
  • Global Edition – Five ranges with the option to add additional ranges, unlimited number of clusters, unlimited number of boxes (NG Firewalls).
Ranges

Ranges simplify central administration of globally distributed NG Firewalls. For each range, you can define global settings, spanning all clusters in the range. You must create at least one cluster in a range to be able to add Barracuda NG Firewall boxes. To make configuration easier, you can define the following range-wide configuration settings:

  • Range Objects
  • Range GTI Editor
  • Range Statistics
  • Range Access Control Objects
  • Range QoS Shaping Trees
  • Activation Template

For more information, see How to Manage Ranges and Clusters

Clusters

At the second highest level, clusters represent groups of Barracuda NG Firewalls. To make configuration easier, you can define the following cluster-wide configuration settings:

  • Cluster Objects
  • Cluster GTI Editor
  • Cluster Statistics
  • Cluster Access Control Objects
  • Cluster QoS Shaping Trees
  • Activation Template

For more information, see How to Manage Ranges and Clusters

Boxes

Boxes represent the individual Barracuda NG Firewall units within a Barracuda NG Control Center cluster.

For more information, see:

System Health and Status Monitoring 

The Barracuda NG Control Center continuously monitors the system status of all managed units and displays a summary on the Barracuda NG Admin Status Map.

For more information, see CC Status Map Page.

Configuration Updates

The configuration for all managed NG Firewalls is stored on the Barracuda NG Control Center. When the admin activates a configuration change, it is automatically pushed out to the managed Barracuda NG Firewalls.

For more information, see CC Configuration Updates.

Remote Management Tunnels

Remote Barracuda NG Firewalls not able to directly reach the Barracuda NG Control Center connect to the NG Control Center via a remote management tunnel. These secure remote management tunnels are used for all communication, such as configuration updates, statistics, and monitoring updates.

For more information, see How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

Licensing on the Barracuda NG Control Center

The Barracuda NG Control Center automatically completes license activation for new Barracuda NG Firewalls. If pool licenses are used, the NG Control Center can assign and update license information for remote systems NG Firewalls using these licenses.

For more information, see Licensing on a NG Control Center.

Firmware Updates on Managed NG Firewalls 

The Barracuda NG Control Center manages deployment of hotfixes and firmware updates for all managed units. Updates and changes are pushed to the managed units and can be triggered manually or automatically at a preset time.

For more information, see How to Update Barracuda NG Control Center Managed Systems.

Barracuda NG Control Center Trust Center Model

CC_Certificates.png

Connections between the Barracuda NG Control Center, NG Firewall, and Barracuda NG Admin are authenticated with X509 private/public keys.The NG Control Center handles the certificate and authentication of remote NG Firewalls and NG Admin. The NG Control Center also stores a list of valid SSH keys for all managed units.

  • NG Control Center connects to a managed NG Firewall – During deployment, the public keys for the box certificate and the Control Center certificate are exchanged. These keys are used to authenticate all SSL connections between the Control Center and the managed units.
  • Connecting to the NG Control Center with NG Admin – NG Admin can verify if the Control Center certificate is valid and if it is communicating with the intended Barracuda NG Control Center by checking the certificate with the NG Control Center public key it has previously downloaded from the Control Center.
  • Connecting to a managed NG Firewall with NG Admin – NG Admin downloads the public key from the NG Control Center and then uses that key to verify the box certificate of the managed NG Firewall. 

For information on how to troubleshoot the certificate chain of trust, see the Authentication Level section in NG Control Center Troubleshooting.

Last updated on