It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Import an Existing CloudGen Firewall into a Control Center

  • Last updated on

To manage a previously configured firewall and not lose its configuration, import the PAR file. After importing the PAR file, the Control Center automatically signs the box certificates. Deploy the PAR file to the firewall to finish adding the firewall to the Control Center. Since virtual server and service names must be unique per cluster, it is recommended to replace the default S1 virtual server with a new virtual server using a unique name. After moving and, if necessary, renaming the services to the new virtual server, delete the old S1 virtual server.

Before You Begin

Configure OMS log streaming before managing your firewall via the Control Center. For more information, see How to Configure Azure OMS Log Streaming.

Verify that the name of the virtual server and all included services on the firewall are not already used in the cluster.

Step 1. Transfer Certificates from the Certificate Store on the Stand-Alone Firewall to the Certificate Store on the Control Center

  1. Log into the firewall.
  2. Go to CONFIGURATION > Configuration Tree > Advanced Configuration > Certificate Store.
  3. For each certificate in the certificate store:
    1. Right-click each certificate in the list.
      export_certificate_from_store.png
    2. Click Export to File to save the certificate.
  4. Log into the Control Center.
  5. Go to CONFIGURATION > Configuration Tree > Range Settings / Cluster Settings > Certificate Store.
  6. Click Lock.
  7. For each certificate that has been exported before:
    1. Click '+'. The import menu is displayed.
    2. Click Import new Certificate Store Entry from File.
      import_certificate_to_range_cluster_certificate_store.png
  8. Click Send Changes.
  9. Click Activate.

Step 2. Export the PAR File on the CloudGen Firewall

Create a PAR file on the firewall. This file contains all your configuration settings.

  1. Log into the firewall.
  2. Go to CONFIGURATION > Configuration Tree > Box.
  3. Right-click on the Box node and select Create PAR file.
  4. Choose the destination folder and click Save. 
  5. Click OK.

Step 3. Import the PAR File on the Control Center

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster .
  2. Right-click Boxes and select Import Box from PAR file.
  3. Select the PAR file created in Step 1 and click Open.
  4. Enter a Box  Name. The name cannot be changed after importing the PAR file.
  5. Click Activate.

Step 4. Change Configuration to Use Certificates from the Control Center Certificate Store

After importing the PAR file on the Control Center, all certificates must be reassigned at their appropriate location of usage.

Step 5. (optional) Configure Remote Management Tunnel

If your firewall cannot directly access the Control Center, configure a remote management tunnel. For more information, see How to Configure a Remote Management Tunnel for a CloudGen Firewall.

Step 6. Enable the CloudGen Firewall

Imported firewalls are disabled per default. Disabled firewalls are represented by a grey status icon.

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your clusteryour CloudGen Firewall > Box Properties.
  2. In the left menu, select Operational.
  3. Set Disable Box to no.
  4. Click Send Changes and Activate.

The status of the firewall on the Status Map (CONTROL > Status Map) now changes from gray (offline) to red with dashes (unreachable).

Step 7. Deploy the PAR file to the CloudGen Firewall 

Deploy the PAR file to the firewall.

Step 7.1 Create the PAR file on the Control Center
  1. Log into the Control Center.
  2. Expand the node for the firewall you imported in Step 2.
  3. Right-click on the box name and select Create PAR file for box.
  4. Choose the destination folder and click Save. 
Step 7.2. Import the PAR on the CloudGen Firewall
  1. Log into your firewall.
  2. Go to CONFIGURATION > Configuration Tree > Box.
  3. Right-click on the Box node and select Restore from PAR file.
  4. Click OK
  5. Select the PAR file created in Step 5.1 and click Open.
  6. Click Activate.
Step 7.3. Activate the Network Configuration
  1. Go to CONTROL > Box.
  2. In the left menu, expand the Network section and click Activate new network configuration.
  3. Select Failsafe.
Step 7.4. Restart the Firmware
  1. Go to CONTROL > Box.
  2. In the left menu, expand Operating Systems and click Firmware Restart.
  3. Click YES. The firmware of the firewall restarts.

The status of the firewall is now green, red, or yellow. It can take a couple of minutes for the firewall to create a management tunnel.