If you have a file containing a list of IP addresses or networks, you can import them automatically or manually into the external network objects. On CloudGen Firewalls running in the public cloud, these objects are automatically filled in with information gathered from the cloud provider. It is possible to import both IPv4 and IPv6 network addresses.
- IP addresses must be written in CIDR notation.
- Each IP address must be entered in a separate line.
- Limited to 10,000 IP addresses per file.
- The file used for importing IP addresses must be encoded in ASCII or at least UTF-8. Importing files encoded in UTF-8-BOM will not work.
Before You Begin
An admin account with full shell access is required.
Importing an External IP File on a Stand-Alone CloudGen Firewall
Step 1. Copy the File to the Firewall
- Copy the file containing the IP addresses to /var/phion/home/. Use a temporary file format to ensure that only data of completely copied files are imported into the network objects. E.g.,
Rename the file after the copy process:
# mv -f /var/phion/home/addresses.dirty /var/phion/home/addresses
Step 2. Import the File into a Custom External Object
On the command line, enter
/opt/phion/bin/CustomExternalAddrImport -i /var/phion/home/addresses -o <External Firewall Object Number> in the Command section. E.g.,
/opt/phion/bin/CustomExternalAddrImport -i /var/phion/home/addresses -o 1 to import into the Custom External Object 1
Check the CustomExternalImport firewall log file to verify the import was successful. You can also open the FIREWALL > Forwarding Rules page and click Networks.
Step 3. (Optional) Create a Cron Job for Import
Create a cron job to automatically trigger a periodic import process.
- Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > System Scheduler.
- Click Lock.
- In the left menu, click Daily Schedule.
- Click + to add an Interhour Schedule job.
- Enter the Name, and click OK.
/opt/phion/bin/CustomExternalAddrImport -i /var/phion/home/addresses -o <External Firewall Object Number>in the Command section.
- For High Availability setups, add
-hto execute the CustomExternalAddrImport binary located in /opt/phion/bin and import the IP addresses to the Custom Network Object with the index number 1. E.g., CustomExternalObject1
- Select every from the Minutely Schedule drop-down list, and enter the period for the Run Every...Minutes parameter.
- Click OK.
- Click Send Changes and Activate.
On a Barracuda Firewall Control Center
Configure a cron job on the Control Center to copy the address's file to the /var/phion/home/ directory of your managed firewalls. Copying the files through the management tunnels does not require separate authentication because the Control Center already has a trust relationship established with the remote firewalls. On the managed firewalls, create another cron job to import the address's file every 5 minutes.
- On the Control Center, create a cron job to regularly copy the address's file to the managed firewalls.
- On the managed firewalls, create a cron job to import the addresses.
- Do not use the h (HA synchronization flag).
- The predefined external objects can be copied into the global objects database and used throughout the firewall configuration.