If a Barracuda CloudGen Firewall is managed by a Firewall Control Center, all changes in the configuration of the gateway are made in the Control Center user interface. The Control Center then sends the modified configuration to the managed firewall. The Configuration Updates page is located under the CONTROL tab.
The Configuration Updates window displays the status of the configuration send process for each gateway as follows:
- Green – Indicates a successful send process.
- Red – Indicates an error while sending. The Reason column provides more detailed information about the problem.
- Blue – Indicates updates that are currently being processed.
- Yellow – Indicates configuration updates for units that have been deleted on the Control Center.
The Control Center tries to send the configuration again if a configuration update fails to be sent. If this second attempt also fails, the waiting period until the next attempt is increased. This process is repeated as often as necessary. The waiting period between two send attempts may increase to up to 30 minutes.
Right-clicking an update process offers the following options:
- Update Now – Triggers an immediate update of the new configuration. The Control Center sends only the changed part of the configuration to the relevant gateway, not the complete configuration. If triggered manually, the configuration update is also carried out for disabled firewalls (Box Properties > Disable Box set to Yes).
- Complete Update – Sends a complete configuration update to a firewall. If triggered manually, the configuration update is also carried out for disabled firewalls (Box Properties > Disable Box set to Yes).
- Block Update – Prevents sending configuration updates to the destination firewall.
- Unblock Update – Disables Block Update for the destination firewall.
- Delete – Deletes configuration update tasks of deleted firewalls.
- Force Delete – Use this option with care. It is possible to delete a configuration update that needs to be sent to a firewall. With this action, you initiate a difference between the configuration defined on the Control Center and the configuration that is actually in use on a firewall unit.
The CONTROL > Sessions tab displays all sessions that have been opened by Barracuda Firewall Admin clients on the gateways administered by the Control Center. To refresh specific sessions, right-click the desired session and select Refresh. To terminate specific sessions, right-click the desired session and select Kill Session.
The Control Center might be unable to send configuration updates to one or more firewall units. The most common reason is that the CC has attempted to send configuration updates to a gateway that was offline for a long period. The CC increases the time between two send attempts after each unsuccessful attempt. As of the 20th attempt, the attempts to send configuration updates are made only once an hour. You can trigger the transmission of a new configuration to a gateway by clicking Update Now on the CONTROL > Configuration Updates page.
The message 'Authentication Failed' might appear when logging into a gateway by double-clicking via the Control Center Status Map. In most cases, the root password for the affected gateway has not been set. The default password is set in this case. You can retroactively change the password in the CC Config Tree in the Administrative Settings of the affected unit.
If this object is linked to an object in the repository, configuration changes must be done in the repository object. For more information, see Repositories.
Disable Unavailable Firewalls
The Disable Box parameter should be enabled in the Box Properties if a firewall has already been configured in the Control Center, but has not been installed yet. To disable or enable a firewall:
- On the Control Center, go to CONFIGURATION > Configuration Tree.
- Expand the Multi-Range node and the cluster where the firewall unit is located.
- Open the box and double-click Box Properties.
- Click Lock.
- In the left navigation pane, select Operational.
- Select yes or no from the Disable Box drop-down menu.
- Click Send Changes and Activate.
Disabling a box has two effects:
- A Control Center does not continuously attempt to send configuration updates to the firewall unit not yet present.
- The respective firewall is displayed in gray instead of red on the CONTROL > Status Map page.