Use cctool to back up and restore Control Center (CC) configurations including Firewall, Secure Access Controller, and Secure Connector configurations. cctool extracts CC configuration tree information from the CC database (ccdb) and writes the information into an archive PAR file. In terms of functionality, cctool does the same as when creating or restoring CC configuration using Barracuda Firewall Admin (see also How to Back Up and Restore Firewall, Secure Access Controller and Control Center Configurations).
cctool is part of every firmware release 7.2.2 and higher and can be used on both CloudGen Firewalls and Control Centers. cctool is network-aware, which means you can use it not only locally but also remotely. For example, when you call cctool on a firewall with the appropriate parameters, cctool can also be executed on a remote Control Center. Additionally, this works on firewalls not managed by a Control Center.
The output extracted from the database into the archive PAR file is always stored on the box where the cctool command is initiated.
How to Use cctool
At a command prompt, type cctool
to view the available options:
[root@HQ-NG1:~]# cctool
error: missing mandatory parameter
Control Center CLI
Usage:
-a|--address <address> server IP of the CC
-u|--username <username> username to use to connect to the CC
-p|--password <password> password to login into the target system
-b|--backup <filename> prompt to backup to specified file
-r|--restore <filename> prompt to restore from specified file
-v|--verbose prompt to send verbose output to console
Options
-a | --address <address>
Because the configuration tree information can only be extracted from the database on a Control Center, the option address must always be a Control Center IP address. And because cctool is network-aware, the output is sent to the firewall where the cctool command was initiated. Consequently, if cctool is initiated on a Control Center, the archive PAR file is stored on the Control Center. In all other cases, the archive PAR file is created on the firewall where cctool was called.
-u | --username <username>
Username requires a valid user on the Control Center, for example, user root
.
-p | --password <password>
The password associated with the given username.
-b | --backup <filename>
Specify the name of the file into which cctool is to extract configuration tree information from the ccdb. By default, the file is always created on the current working path on the command line level.
-r | --restore <restore>
Specify the filename where the CC configuration tree will be restored from.
-v | --verbose
The -v option creates output while extraction is taking place.
Rework to Be Done After a Restore
After restoring a configuration tree on the Control Center using cctool, the previous configuration information of all managed firewalls is overwritten on the Control Center. In order to update all firewalls, the configuration must be explicitly pushed to all relevant firewalls.
- Log in to the Control Center.
- Go to CONTROL > Configuration Updates.
- Select all firewalls in the table you want to update.
- Right-click any of the selected firewalls.
- A pop-up menu is displayed.
- Select Complete Update from the list.
Examples
Initiate a backup on a 'CC configuration' (10.0.10.1) into an archive PAR with the name CC-10.0.10.1.par and credentials user <admin-user> and password <admin-password>
cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -b CC-10.0.10.1.par
Restore an archive PAR file from a given PAR file with the name CC-10.0.10.1 and credentials user <admin-user> and password <admin-password>
cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -r CC-10.0.10.1.par