We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

phionar and conftool

  • Last updated on

To back up and save the configuration of the Barracuda NextGen Firewall F-Series, use the phionar and conftool utilities. You have the option of compressing or encrypting PAR files. Encrypted archive files can be created for Firewalls and Control Centers using firmware 6.0.1 or higher.

phionar

Create and maintain archive files by using phionar. Use the following syntax:

phionar <operations> file.par | .pca <source directory>/* <options>

You can use the following operations:

Operations Description
a Adds specific files to an already existing archive. Use asterisks (*) to add all files in a directory to an archive.
c

Creates a new archive. Use asterisks (*) to add all files in a directory to an archive. Otherwise, specify the file names individually. You can use this operation in combination with the following options:

  • d – Adds whole directories and subdirectories to an archive. Without this option, only files found within the top level directory are added to the archive.
  • l – Preserves links. Without this option, links are treated as regular files.
  • p – Preserves all user and group information. If the p option is not used, the user executing the command takes over the ownership of the packed files.
  • v – Verbose option for printing a log of all performed steps to the standard output. This option is useful if an archive is not created as expected.
  • e – Aborts the action if an error occurs.
  • 2 – Creates an archive with large file support. (v2.0)
  • S – Slow write (delay).

To create an empty archive, use the c operation without any options.

r

Removes files from an existing archive. The archive is not extracted.

Use the correct file name. Otherwise, the file will not be deleted. To verify the file name, use the s operation.

x

Extracts single files from an existing archive. The files inside the archive will not be deleted.

When extracting files from an archive, the leading ./ (dotslash) can be ignored. If the archive contains that specific file, the file is extracted.

k

Marks files or whole folders in an archive as deleted.

Extracting a file that has been marked as deleted will delete a file of the same name in the target directory. Make sure that you use the correct file name, including a leading ./ (dotslash). To verify the file name, use the  s operation.

s Displays the archive contents.
E Encrypt a PAR file. Requires -P (password set manually) or -Q (password set to serial number).
D
Decrypt a PCA file. Requires -P (password set manually) or -Q (password set to serial number).
Options Description
-X   or   --exclude [pattern]
Defines skip patterns. Use when specifying a file name or pattern.
-P [password] 
Set the password for the encrypted PAR file. Encrypted PAR files use the PCA extension.
-Q

Use the serial number as the password.

This option cannot be used on pool-licensed, virtual Barracuda NextGen Firewalls. 

Example Usage

The following sections provide examples of how to use the phionar command to create and maintain archives.

  • Creating PAR Files

    1. In the/tmp directory, create an archive named box.par that includes all files from the /opt/phion/config/configroot directory and subfolders.

      [root@NGFW:~]# cd /opt/phion/config/configroot/
      [root@NGFW:/opt/phion/config/configroot]# phionar cdl /tmp/box.par *
    2. Display the contents of the newly created box.par archive.

      [root@NGFW:/opt/phion/config/configroot]# phionar s /tmp/box.par 
      d              0 040755     0     0  LostAndFound
      d              0 040755     0     0  LostAndFound/GCSID_procpar_cmdline_4399
      d              0 040755     0     0  LostAndFound/GCSID_procpar_cmdline_4399/1832355359_box.conf
      f             76 100600     0     0  box.conf
      f            173 100600     0     0  box.desc
      f            126 100644     0     0  box.param
      f           1229 100600     0     0  boxadm.conf
      f            253 100600     0     0  boxadm.desc
    3. (optional) Adding a file (e.g,: /opt/phion/config/active/box.conf) to the existing box.par:

      [root@NGFW:/tmp]# phionar a box.par /opt/phion/config/active/box.conf
  • Creating PCA Files (Encrypted PAR Files)

    Create an encrypted PCA archive by using a manually set password (default):

    [root@NGFW:/tmp]# phionar cdl -E box.pca /opt/phion/config/configroot/*

    Create an encrypted PCA archive by using the serial number as the password. Do not use on pool-licensed, virtual firewalls. PCA files created with the -Q option can be deployed on the firewall with that serial number without having to enter the password.

    [root@NGFW:/tmp]# phionar cdl -E -Q box.pca /opt/phion/config/configroot/*
  • Removing and Extracting Files

    1. Verify the names of the files in the box.par archive.

      [root@NGFW:/tmp]# phionar s box.par
      f      13 100644     0     0 ./boxadm.param
      f      19 100644     0     0 ./boxkey.conf
      f      14 100644     0     0 ./boxkey.param
      f       4 100600     0     0 ./box.par
      d       0 040755     0     0 ./tmp
      f      12 100644     0     0 ./tmp/box.desc
      f      13 100644     0     0 ./tmp/boxadm.desc
      f      15 100644     0     0 ./tmp/boxkey.desc
    2. Remove all of the ./tmp files.

      [root@NGFW:/tmp]# phionar r box.par ./tmp ./tmp/*
    3. Verify that the ./tmp files have been removed.

      [root@NGFW:/tmp]# phionar s box.par
      f      13 100644     0     0 ./boxadm.param
      f      19 100644     0     0 ./boxkey.conf
      f      14 100644     0     0 ./boxkey.param
      f       4 100600     0     0 ./box.par
    4. Extract files that begin with box*.

      [root@NGFW:/tmp]# phionar x box.par box*
    5. Check the /tmp directory to verify that the box* files have been extracted.

      [root@NGFW:/tmp]# ls -l
      -rw-r--r--    1 root     root 13 Nov 14 16:33 boxadm.param
      -rw-r--r--    1 root     root 19 Nov 14 16:33 boxkey.conf
      -rw-r--r--    1 root     root 14 Nov 14 16:33 boxkey.param
      -rw-------    1 root     root 359 Nov 14 16:31 box.par
    6. Mark the ./boxadm.param file as deleted.

      [root@NGFW:/tmp]# phionar k box.par ./boxadm.param
    7. Verify that the ./boxadm.param file has been marked as deleted.

      [root@NGFW:/tmp]# phionar s box.par
      R       0 000000    -1    -1 ./boxadm.param
      f      19 100644     0     0 ./boxkey.conf
      f      14 100644     0     0 ./boxkey.param
  • Excluding Files Using Skip Pattern

    The following table displays an example of how to define skip patterns.

    [root@NGFW:/tmp]# phionar a box.par -X myarchive0.par /opt/phion/config/configroot/box.conf
  • Decrypting PCA Files with phionar or openssl

    Decrypt a PCA archive file by using phionar on the Barracuda NextGen Firewall F-Series or NextGen Control Center:

    [root@NGFW:/tmp]# phionar D -P YOURPASSWORD box.pca box.par

    Decrypt a PCA archive file using openssl.

    [root@LinuxHost:/tmp]# openssl enc -d -aes-256-cbc -pass pass:YOURPASSWORD -in myarchive.pca -out box.par
  • Unpacking PGZ Files

    You can unpack a compressed PGZ archive on the command line:

    [root@NGFW:/tmp]# zcat box.pgz > box.par 

conftool

To create PAR files for Barracuda NextGen Firewalls in a range or cluster of a Barracuda NextGen Control Center, use the conftool command. Use the following syntax:

conftool par [range_cluster] <output-directory>

Example Usage

This section provides examples of how to use the conftool command to create a range and cluster PAR file. The PAR files are saved to the /home/phion/CC-Boxes-PARs/ directory.

  1. Create a PAR file for a range named 1.

    [root@MC-Morrigan:/home/phion/CC-Boxes-PARs]# conftool par 1 /home/phion/CC-Boxes-PARs/
    HQ-Perimeter-HA1
    HQ-Perimeter-HA2
    ISPs
    RO-Munich
    RO-Zurich
  2. Create a PAR file for a cluster named Headoffice in a range named 1

    [root@MC-Morrigan:/home/phion/CC-Boxes-PARs]# conftool par 1_Headoffice /home/phion/CC-Boxes-PARs/
    HQ-Perimeter-HA1
    HQ-Perimeter-HA2
    
Last updated on