We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Public Cloud Provisioning Command Line Tools

  • Last updated on

The following command-line tools are available to automate configuration tasks during deployment of your NextGen Firewall.

  • getpar
  • create-dha
  • editconf
  • cloud-setmip

Retrieving PAR files from a NextGen Control Center

Use this command to retrieve PAR files from a Control Center during provisioning. For PAYG firewalls, the licenses are pushed to the Control Center before fetching the configuration.

Usage: getpar -a [CC IP address] -c [clustername] -r [range id number] -b [firewall name]

  • -a|--address [address] – Control Center IP address.
  • -u|--username [username] – CC admin user used to connect to the Control Center.
  • -c|--cluster [cluster] – Cluster name.
  • -r|--range [range] – Range number.
  • -b|--boxname [boxname] – Firewall name. 
  • -d|--destination [dest] – Destination directory and filename for the par file. E.g., /opt/phion/update/box.par
  • -s|–spoe – Use Single Point of Entry to connect to the Control Center.
  • -l|--pushlic auto|always|never – Configures if the licenses should be pushed to the Control Center before retrieving the PAR file. For PAYG firewalls, the license must be pushed to the Control Center.

For more information, see How to Modify CloudFormation Templates to Retrieve the PAR File from a Control Center.

Create a High Availability Cluster

Execute this command on the primary firewall to create a high availability cluster via command line. You are prompted for the password for the other firewall. If the secondary firewall is running in the public cloud, you must disable enforcing a password change on the secondary firewall by adding the following editconf commands to the provisioning / user data scripts: 

Usage: /opt/phion/bin/create-dha  -s [virtual server name] -c -o [IP address of other firewall] -n [netmask of other firewall] -g [IP address for default gateway used by the other firewall]

/opt/phion/bin/editconf -f /opt/phion/config/active/boxadm.conf -p RPASSWDENFORCE -v 0 /opt/phion/bin/editconf -f /opt/phion/config/configroot/boxadm.conf -p RPASSWDENFORCE -v 0

Available parameters:

  • -u|--username [username] – Specify username for connecting to the secondary firewall (default: root).
  • -o|--other-ip [address] – IP address of the secondary firewall. 
  • -g|--other-gw [address] – IP address of the default gateway for the subnet in which the secondary firewall is running.
  • -n|--other-netmask [CIDR netmask] – CIDR mask of the subnet in which the secondary firewall is running.
  • -s|--server [server name] – (Optional) Specify the virtual server name used for the high availability cluster.
  • -c|–cleardirty – Clear the dirty download flag after setting up the high availability cluster.
  • --verbosity [verbosity] – Enable command-line logging and set verbosity to the specified level.
  • --fullcolortrace – Enable colored command-line logging.

For more information on high availability, see High Availability.

Insert or Edit Configuration Parameter

In some cases, you may be required to edit a configuration parameter. For example, you need to disable enforcing a password change on first log in when pairing a high availability cluster via create-dha.

Usage: editconf  -f [/absolutepath/file.conf] -p [parameter to set] -v [value for the parameter]

  •  -f|--file [input config file, absolute path] – Absolute path to the configuration file.
  • -p|--put [key to set in the config file] – Set a configuration parameter. Requires value to also be set.
  • -d|--delete [key to delete] – Delete a configuration parameter.
  • -D|--delete-section – Remove the entire section from the configuration file.
  • -v|–value [value content] – Value to add to the configuration file.

Change Dynamic to a Static IP Management IP Address

Convert the management IP address on a dynamic interface to a static configuration. If no gateway or subnet is entered, these values are derived from the management IP address. In this case, the gateway is set to the first IP address in the subnet.

usage: cloud-setmip [management IP] [subnet in CIDR format] [default gateway IP address]

Last updated on