It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure Revision Control System Monitoring (RCS)

  • Last updated on

The RCS provides information on all configuration changes to your system and you can retrieve and revert to older configuration versions when needed. RCS can generate reports to help monitor configuration changes.

Limitations

The following Barracuda Firewall Admin configuration nodes and services are not supported by RCS:

  • DNS Service
  • VPN > VPN Settings
  • VPN > Client-to-site VPN
  • VPN > Site-to-Site VPN

Activating the RCS on a Standalone Barracuda CloudGen Firewall 

When activated on a standalone CloudGen Firewall, RCS provides information on all configuration changes that are made to the firewall.

  1. Go to CONFIGURATION > Full Configuration > Box > Administrative Settings.
  2. In the left menu, select RCS Setup.
  3. Click Lock.
  4. Enable the Version Control System.
  5. Specify the settings as described in the above section.
  6. Click Send Changes and Activate.

Activate the RCS by disconnecting and then reconnecting to the Barracuda CloudGen Firewall. Click Disconnect and then click Connect. After configuring and activating RCS, you can view change reports for each Config Tree node.  

Report Processing Script Examples

The following table displays examples of scripts that you can enter in the Report Processing Script table for transmitting your change reports via scp or mailclt. In your script, use the $REPORT variable. The name of the report file is stored in $REPORT.

MethodExample Script
scpscp "$REPORT" root@recipient.com

mailclt
Note that the SMTP server must be entered as an IP address. Entering hostnames is not allowed.

/opt/phion/bin/mailclt
-f
sender@sender.com
-r
recipient@recipient.com
-s
"change"
-m 192.168.0.1 -a
"$REPORT"

Viewing RCS Versions

You can view the RCS versions for a configuration page from the Config Tree or on the page itself. To compare versions, you can generate RCS reports. These RCS reports can also be filtered for specific time periods and administrator IP addresses.

  • To view the RCS versions from a configuration page, open it, click RCS in the upper right of the page and select Show versions.
  • To view the RCS versions of a configuration page from the Config Tree, right-click the configuration node and select Show RCS Versions.

rcs.png

The RCS Versions window displays a list of all versions of a configuration page. It displays the following information:

ColumnDescription
VersionThe version numbers of activated (by clicking Activate) changes.If a configuration has only been sent (by clicking Send Changes), this column displays, "session."
If a linked file is edited, the file version and complete path to the link target are also displayed.
DateThe date when the configuration version was activated. Dates are formatted follows: yyyy/mm/dd
TimeThe time when the configuration version was activated. Unless you have changed the time settings for the system, the UTC time format is used.
AdminThe login name of the administrator who made changes for the configuration version.
PeerThe IP address of the administrator who made changes for the configuration version.
Operation

Displays the type of change made by the administrator:

  • CHANGE – Indicates a modification.
  • ADD – Indicates an added configuration entry (for example a newly introduced firewall rule).
  • REMOVE – Indicates a removed configuration entry (for example removing a CloudGen F rule).
  • LINK – Indicates a link to a repository entry.
  • UNLINK – Indicates that a link to a repository entry was removed.
Link VersionIf the configuration page is linked to a repository, the version of the link target is displayed.
Link PathIf the configuration page is linked to a repository, the complete path of the link target is displayed.
ReleaseThe product release number.
MessageDisplays a message if configured.

Generate an RCS Report

In the RCS Versions window, you can generate an RCS report to compare and view information for specific configuration versions. For configuration objects that contain at least one sub-node you can also filter RCS reports for specific time periods and administrator IP addresses. To generate a report,

  1. Open the RCS versions page.
  2. Select the versions that you want to include in the report. To select a range of versions, click the first version and last version in the range of interest. Then select the Full History check box. To select all versions, click Select All .
  3. Click Show Differences.  

To generate a filtered report,  

  1. Click RCS on the configuration page and select Show RCS Report.
  2. You can specify the following settings for the report:
    • Start Date / End Date – The period of time that is to be displayed.
    • Admin – (Optional) The login name of a specific administrator.
    • Peer – (Optional) The IP address of an administrator
    • Include Node Creation – Collects all available version information. This option may generate a high load of information.
    • No Difference Details – Only specify if a change was made. The changed value is not displayed.
    • Show Detail for Linked Nodes – Collects all available change information. Also displays changes made to a linked target. This option may generate a high load of information.

The RCS Report window displays the following information:

OptionsDescription
NodeDisplays changes in a tree structure. The first level specifies the name of the configuration entity, the second level specifies the name of the data set, the third level specifies the position in the configuration dialog, and the fourth level specifies the object of editing.
Operation

The type of change made:

Move - The position of the configuration entry was moved in the hierarchy (for example moving a rule up or down in a rule set).
* - Indicates that multiple changes were made to the configuration entry.

NewThe new value of the configuration entity.
OldThe old value of the configuration entity. The New and Old columns may contain multiple lines. To view all the lines, expand the nodes in the Node column or right-click the Details… from the context menu.
VersionDisplays the version number when editing is displayed. If there are multiple version number within this node, the column displays: *
StampThe date and time when the configuration was modified. Unless you have changed the time settings for the system, the UTC time format is used. The date and time are formatted as follows: yyyy/mm/dd hh:mm:ss
AdminThe name of the administrator who made changes for the configuration version.
PeerThe IP address of the administrator who made changes for the configuration version. If the same IP address is entered multiple times within a firewall rule, the RCS Report window may display incorrect change history even if the change was correctly deployed.
RCS Report Tools 

You can right-click the RCS Report columns and select any of the following options to modify the column view or print the report:

  • Details – Opens the RCS Report Detail window, which displays the column information in a more readable format (recommended for multi-line entries).
  • Expand and Expand All – Expands a selected node or all nodes.
  • Collapse and Collapse (All) – Collapses a selected node or all nodes.
  • Print (Visible Only, Landscape/Portrait) – Prints the display as it is displayed. You can print the report in landscape or portrait orientation. Landscape is recommended.
  • Print (All, Landscape/Portrait) – Prints all the information in the report. You can print the report in landscape or portrait orientation. Landscape is recommended.

The toolbar on the bottom of the RCS Report window offers the following functionalities:

  • Search String – In this empty field, you can enter the string you want to search for. Wildcards are not supported.
  • << Find / Find >> – Navigate up and down the report to find the specified search string.
  • Import … / Export … – Export the report into a *.prp file for archiving purposes or import an archived prp file.
  •   << Prev / Next >> – Navigate between the selected configuration versions.

Revert an RCS Version

With RCS, you can revert a configuration page to a previous version. You cannot retrieve RCS versions for VPN settings.

  1. On the configuration page, click RCS and select Retrieve versions.
  2. In the RCS Versions window, select the required configuration version and click Choose. The configuration page header displays the selected version.
  3. Click RCS and select Accept Version.
  4. In the window that opens with a message asking if you want to accept and activate the selected version, click Yes.
  5. Click Send Changes and Activate.