It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Backup and Restore CC Archive Par Files on the Command Line

  • Last updated on

Use cctool to back up and restore Control Center (CC) configurations including Firewall, Secure Access Controller, and Secure Connector configurations. cctool extracts CC configuration tree information from the CC database (ccdb) and writes the information into an archive PAR file. In terms of functionality, cctool does the same as when creating or restoring CC configuration using Barracuda Firewall Admin (see also How to Back Up and Restore Firewall, Secure Access Controller and Control Center Configurations). 

cctool is part of every firmware release 7.2.2 and higher and can be used on both CloudGen Firewalls and Control Centers. cctool is network-aware, which means you can use it not only locally but also remotely. For example, when you call cctool on a firewall with the appropriate parameters, cctool can also be executed on a remote Control Center. Additionally, this works on firewalls not managed by a Control Center.

The output extracted from the database into the archive PAR file is always stored on the box where the cctool command is initiated.

How to Use cctool

At a command prompt, type cctool to view the available options:

[root@HQ-NG1:~]# cctool
error: missing mandatory parameter
Control Center CLI

Usage:
        -a|--address <address>          server IP of the CC
        -u|--username <username>        username to use to connect to the CC
        -p|--password <password>        password to login into the target system
        -b|--backup <filename>          prompt to backup to specified file
        -r|--restore <filename>         prompt to restore from specified file
        -v|--verbose                    prompt to send verbose output to console

Options

-a | --address <address>

Because the configuration tree information can only be extracted from the database on a Control Center, the option address must always be a Control Center IP address. And because cctool is network-aware, the output is sent to the firewall where the cctool command was initiated. Consequently, if cctool is initiated on a Control Center, the archive PAR file is stored on the Control Center. In all other cases, the archive PAR file is created on the firewall where cctool was called.

-u | --username <username>

Username requires a valid user on the Control Center, for example, user root.

-p | --password <password>

The password associated with the given username.

-b | --backup <filename>

Specify the name of the file into which cctool is to extract configuration tree information from the ccdb. By default, the file is always created on the current working path on the command line level.

Beware in case you want to use cctool automated as part of scripts!

In general, if you specify a filename that already exists, the archive PAR file is NOT created. This also applies to manually triggered calls of the tool.

-r | --restore <restore>

Specify the filename where the CC configuration tree will be restored from.

Restoring information from an archive PAR file overwrites all existing 'CC configuration' of all managed firewalls.

This step can NOT be undone!

When restoring an archive PAR file, verify there are NO ACTIVE LOCKS on any node in the configuration tree. Otherwise, the restore will fail!
-v | --verbose

The -v option creates output while extraction is taking place.

Rework to Be Done After a Restore

After restoring a configuration tree on the Control Center using cctool, the previous configuration information of all managed firewalls is overwritten on the Control Center. In order to update all firewalls, the configuration must be explicitly pushed to all relevant firewalls.

  1. Log in to the Control Center.
  2. Go to CONTROL > Configuration Updates.
  3. Select all firewalls in the table you want to update.
  4. Right-click any of the selected firewalls.
  5. A pop-up menu is displayed.
  6. Select Complete Update from the list.

Examples

Initiate a backup on a 'CC configuration' (10.0.10.1) into an archive PAR with the name CC-10.0.10.1.par and credentials user <admin-user> and password <admin-password>

  • cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -b CC-10.0.10.1.par

Restore an archive PAR file from a given PAR file with the name CC-10.0.10.1 and credentials user <admin-user> and password <admin-password>

  • cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -r CC-10.0.10.1.par