We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

7.2.1 EA2 Migration Notes

  • Last updated on

Before migrating your CloudGen Firewall to 7.2.1 EA2, review the requirements and changes listed in the following sections. Some changes applied during the migration might require you to make preparations before the update or extra configurations after the update. 

Migration Path to 7.2.1

You can upgrade to firmware 7.2.1 from the following firmware versions:

Current Version Target Version
  7.2.1 EA2
6.0.0 - 6.0.7 Yes
6.1.0 - 6.1.3 Yes
6.2.0 - 6.2.4 Yes
7.0.0 - 7.0.3

Yes

7.1.0 EA - 7.1.2 Yes
7.1.3 No
7.2.0 EA1
Yes

Direct updating from firmware 5.x to 7.2.x is not possible.

For more information, see Migrating from 5.4.x to 6.0.x.

Read the Release Notes, especially the Known Issues section, for the firmware version that you want to update to.

For more information, see 7.2.1 EA2 Release Notes

Review Upgrade Requirements 

Verify that your CloudGen Firewall or Control Center meets the upgrade requirements, and read the release notes for the firmware version.

Supported Models

You can upgrade the following CloudGen Firewall models to 7.2.1 EA2:

Barracuda CloudGen F-Series and Control Center Models

Hardware Systems

F10 Rev B, F18 Rev A, F80 Rev A, F82 Rev A, F100 Rev A/B, F101 Rev A/B, F180 Rev A, F183 Rev A, F180R Rev A, F183R Rev A, F184R Rev A, F200 Rev A/B/C, F201 Rev A/B/C, F280 Rev A/B, F300 Rev A/B, F301 Rev A/B, F380 Rev A, F400 Rev A/B, F600 Rev A/B/C,F800 Rev A/B, F900 Rev A, F1000 Rev A, C400, C610

Virtual Systems

VF10, VF25, VF50, VF100, VF250, VF500, VF1000, VF2000, VF4000, VF8000, VC400, VC610, VC820

Public Cloud AWS, Azure, Google Cloud

Standard Hardware Systems

Standard Hardware

A standard hardware system is a Barracuda CloudGen Firewall F-Series running on 3rd-party server hardware using an SF license. Consult the Barracuda Networks Technical Support to find out if your specific standard hardware is supported.

Disk Space Requirements

To upgrade a system to version 7.2.1 EA2, you must have at least 50 MB of free space in the /boot/ partition and at least 2.1 GB in the / (root) partition. If you are upgrading an F10 Rev B, F100, F100 Rev B, F101, or F101 Rev B, verify that enough disk space is available:

flash_free_disk_space.png

To free up disk space, download the following cleanup script, and apply it via remote execution to centrally managed firewalls. For standalone firewalls, the script can be executed locally on firewall.

Upgrading One Firewall in a High Availability Cluster

If you are upgrading a firewall in a high availability (HA) cluster without upgrading its partner, you must re-synchronize the firewalls: 

  1. Go to FIREWALL > Live > Show Proc.
  2. Select the Sync Handler process and select Kill Selected.
    The process is automatically restarted after a couple of seconds, and the primary and secondary firewalls automatically synchronize their sessions.
Barracuda CloudGen Admin

After updating a system, you must also download CloudGen Admin with the same version. CloudGen Admin is backward-compatible. That means you can manage 5.2.x, 5.4.x, 6.x and 7.x F-Series Firewalls and Control Centers with CloudGen Admin 7.2.1.

Always use the latest version of Barracuda CloudGen Admin.

Migration Instructions for 7.2.1 EA2

When upgrading according to the migration path above, you must complete the migration steps listed below:

First-Generation ATP to Second-Generation Barracuda ATP Cloud Migration

As of January 31, 2019, the first-generation ATP cloud services used by default with firmware versions 6.2.x, 7.0.x, 7.1.0, 7.1.1, and 7.2.0 will be discontinued. Firewalls using ATP must switch to the second-generation ATP cloud service, which is known as Barracuda Advanced Threat Protection (BATP).

The following table gives an overview of the options you have when you run a special firmware version:

Product
Your Current
Firmware Version
Migrating Option
Stand-alone Box
or
Manged Box
6.x ... 7.0.x

Firmware 7.0.x is end-of-support in December 2018!

Update to the latest 7.1.x or 7.2.x releases, which are using BATP, without the need for further changes.
For more information, see How to Install Updates via CloudGen Admin on campus.barracuda.com.

Stand-alone Box

7.1.0, 7.1.1, 7.2.0

Update to the latest 7.1.x or 7.2.x releases, which are using BATP, without the need for further changes.
For more information, see How to Install Updates via CloudGen Admin on campus.barracuda.com.

If you cannot update your standalone box(es) to the latest releases, you can also migrate manually.
For more information, see How to Migrate Boxes with 7.1.0, 7.1.1 and 7.2.0 to BATP below.

Control Center
with
Managed Box

CC: 7.1.0, 7.1.1, 7.2.0
and
Box: 7.1.0, 7.1.1, 7.2.0

Update your managed boxes via the Control Center to the latest firmware release.
For more information, see How to Update Control Center-Managed Standalone CloudGen Firewalls.

If you cannot update your managed box(es) to the latest releases, you can also migrate manually.
For more information, see How to Migrate Boxes with 7.1.0, 7.1.1 and 7.2.0 to BATP below.

Control Center
with
Managed Box

CC: 7.1.2, 7.2.1 or newer
and
Box: 7.1.0, 7.1.1, 7.2.0
If you cannot update your managed box(es) to the latest release, contact the Barracuda Support Team.
Stand-alone Box
Managed Box
7.1.2 or newer
7.2.1 or newer
These firmware versions already support BATP. No changes are necessary.
How to Migrate Boxes with 7.1.0, 7.1.1, and 7.2.0 to BATP

Step 1. Enable Expert Settings in Barracuda Firewall Admin

For more information, see Barracuda Firewall Admin Settings.

Step 2. Enable the BATP Cloud service

Enabling BATP cloud service disconnects your firewall from the first-generation ATP service and connects it to the second-generation Barracuda ATP Cloud.

  1. Log into your firewall.
  2. Go to CONFIGURATION > Configuration Tree > your virtual server > Assigned Services > AV (Virus Scanner) > Virus Scanner Settings.
  3. In the left menu, click ATP.
  4. Click Lock.
  5. In the ATP Cloud Communication section, select the check box Enable BATP Cloud.
    migrate_to_batp_enable_batp_cloud.png
  6. Click Send Changes.
  7. Click Activate.

Your firewall now is connected to the second-generation Barracuda ATP Cloud service.

Firewall Activity Log

When updating a box to 7.2.1 EA2, logging of the actions Drop/Remove is disabled by default.

In case the log policy Activity Log Data is set to Log-Info-Text, the setting needs to re-configured after the update to 7.2.1. The update will introduce the default value Log-Info-Code.

Transfer and Reassign Certificates

In case you are running a standalone firewall and want to manage it in a Control Center, all certificates stored in the local Certificate Store must be saved on the standalone firewall, imported to the Certificate Store on the Control Center and reassigned at their appropriate location of usage. For more information, see How to Import an Existing CloudGen Firewall into a Control Center.

SSL VPN, NAC, and SSL VPN Authentication

SSL VPN authentication and NAC are automatically migrated into the default access control policy.

For more information see How to Configure Access Control Policies for Multi-Factor and Multi-Policy Authentication.

ECDSA SSH Key

Depending on the cipher preferred by the SSH client, you may be prompted to accept the new ECSDA key.

authentication_check.png

Rename SSL Interception

SSL Interception has been renamed to SSL Inspection.

Phion Service User

The phion service user has been removed.

Initial Grace Period for Default Password

When licensing a hardware appliance or a virtual firewall, the initial default password must immediately be changed to a new password after logging in. The new password will be valid even after the license has expired.

Start the Update

You can now update the CloudGen Firewall or Control Center.

For more information, see Updating F-Series Firewalls and Control Centers.

Last updated on