If a Barracuda NextGen Firewall F-Series is managed by a NextGen Control Center, all changes in the configuration of the gateway are made in the NextGen Control Center user interface. The NextGen Control Center then sends the modified configuration to the managed unit. This article provides information on the functional display and handling of configuration updates.
In this article:
Configuration Updates Page
The Configuration Updates page is located under the CONTROL tab in the Barracuda NextGen Firewall F-Series.
Using the following icons, configuration updates window displays the status of the configuration send process for each gateway:
- Green – Indicates a successful send process.
- Red – Indicates an error while sending. The Reason column provides more detailed information about the problem.
- Blue – Indicates updates that are currently processed.
- Yellow – Indicates configuration updates for units that have been deleted on the Barracuda NextGen Control Center.
If sending of a configuration update fails, the Control Center retries to send the configuration. If this likewise fails, the waiting period until the next attempt is increased and then a new attempt is made to send the configuration. This process is repeated as often as necessary. The waiting period between two send attempts may increase to up to 30 minutes.
- Update Now – Right-clicking an update process and selecting this option triggers an immediate update of the new configuration. The Control Center sends only the changed part of the configuration to the relevant gateway, not the complete configuration. If triggered manually the configuration update is also carried out for disabled firewalls (Box Properties > Disable Box set to Yes).
- Complete Update – Sends a complete configuration update to a Barracuda Firewall F-Series. If triggered manually the configuration update is also carried out for disabled firewalls (Box Properties > Disable Box set to Yes).
- Block Update – Prevents sending configuration updates to the destination NextGen Firewall F-Series.
- Unblock Update – Disables Block Update for the destination NextGen F-Series Firewall.
- Delete – Deletes configuration update tasks of deleted NextGen F-Series Firewalls.
- Force Delete – Use this option with care: it is possible to delete a configuration update that needs to be sent to the Barracuda NextGen Firewall F-Series. With this action you initiate a difference between the configuration defined on the Barracuda NextGen Control Center and the configuration that is actually in use at a Barracuda NextGen Firewall F-Series.
The CONTROL > Sessions tab displays all sessions that have been opened by Barracuda NextGen Admin clients on the gateways administered by the Barracuda NextGen Control Center. To refresh specific sessions, right-click the desired session and select Refresh. To terminate specific sessions, right-click the desired session and select Kill Session.
The Barracuda NextGen Control Center might be unable to send configuration updates to one or more firewall units. This can have various reasons. However, the most common reason is that the CC has attempted to send configuration updates to a gateway that was offline for a long period. The CC increases the time between two send attempts after each unsuccessful attempt. As of the 20th attempt, the attempts to send configuration updates are only once an hour. You can trigger the transmission of a new configuration to a gateway by clicking Update Now on the CONTROL > Configuration Updates page.
The message 'Authentication Failed' might appear when logging in to a gateway by double-clicking via the Barracuda NextGen Control Center Status Map. In most cases, the root password for the affected gateway has not been set. The default password set in this case is default. You can retroactively change the password in the CC Config Tree in the Administrative Settings of the affected unit.
If this object is linked to an object in the repository, configuration changes must be done in the repository object. For more information, see Repositories.
Disable Unavailable Firewalls
The Disable Box parameter should be enabled in the Box Properties if a Barracuda NextGen Firewall F-Series has already been configured in the Control Center but has not been installed yet. To disable or enable a Barracuda NextGen Firewall F-Series, proceed with the following steps:
- On the Barracuda NextGen Control Center, go to the CONFIGURATION > Configuration Tree page.
- Expand the Multi-Range node and the cluster where the firewall unit is located.
- Open the box and double-click Box Properties.
- Click Lock.
- In the left navigation pane, select Operational.
- Select yes or no from the Disable Box dropdown menu.
- Click Send Changes and Activate.
Disabling a box has two effects:
- A Barracuda NextGen Control Center does not continuously attempt to send configuration updates to the firewall unit not yet present.
- The respective Barracuda NextGen Firewall F-Series is displayed in gray instead of red on the CONTROL > Status Map page.