It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

CONFIGURATION Tab

  • Last updated on

Configuration changes are done in the CONFIGURATION tab of Firewall Admin. The Configuration Tree lists all of the configuration pages for your system in a hierarchical order. Double-click on a configuration node to open the page. Each configuration page can be displayed in Basic or Advanced View. The Basic View contains the most commonly used configuration settings, whereas the Advanced View displays all available configuration settings.

Configuration Tree

The configuration tree provides access to all configuration areas of the CloudGen Firewall or Control Center.

confb.png

The Configuration page provides the following sections:

  • Configuration Tree – The Configuration Tree lists all of the configuration pages for your system in a hierarchical order. To access the subpages of a configuration section, click + (expand). To open a configuration page, double-click its node. On the CloudGen Firewall, the Box object is the highest node in the hierarchy of the Configuration Tree and contains all configuration objects, such as Box Properties and Services. On the Control Center, the Multi-Range object is the highest node. Expand Multi-Range to access all RangesClusters, and Boxes.
  • Quick File Access – On the Control Center, the Configuration page provides an additional section in the right pane where configuration nodes are listed under tabs for quick access. From this section , you can select configuration files by boxes and services. To quickly locate a configuration node, open the respective tab and double-click it in the list.

Configuration Tree Controls

From the Configuration Tree, you can manage your configurations and administrative sessions. You can also identify which nodes have been modified. When you right-click the nodes of the Configuration Tree, you are provided with options to manage your systems, services, and administrative sessions. The following table lists some of the available options:

  • Collapse All – Closes all open nodes in the Configuration Tree down to the top level.
  • Properties – Opens a window that displays the properties of the configuration node. This option is available only on the Control Center.
  • Lock – Locks write access to the selected node or tree branch. A lock icon is then displayed next to the node or branch. This lets other administrators know that the page has been locked for editing. If a page has been locked by you, a yellow lock is displayed next to it. If a page is locked by another administrator, a gray lock is displayed next to it. Selecting Show Lock Info from the context menu displays the information about the administrator who has locked the selected node or tree branch. Break Lock breaks the lock held by another administrator on the selected node or tree branch. Unlock releases write access to the configuration page. It is recommended that you unlock all configuration files before quitting a session or starting another task.

    To prevent administrators from overwriting each other's changes, you can only break locks that belong to broken sessions that are older than 10 minutes. An active session is broken when the associated client is suddenly disconnected and cannot successfully reconnect. You cannot break locks held in active sessions. However, if you have the appropriate permissions, you can kill sessions that own the lock.

    When you kill a session, you are forcing an undo on the database. The administrator who owns the killed session will lose all configuration changes that have not yet been activated.

  • Copy To Repository – Copies the selected configuration page to the corresponding repository section. This option is only available after you create a repository.
  • Refresh From Here – Updates the view of the Configuration Tree from the selected node.
  • Show RCS Versions – This option is only available on the Control Center. It displays Revision Control System (RCS) information for the selected nodes. For more information, see Revision Control System (RCS).
  • Show History – Displays a history of the locks that have been made to the selected node.
  • Show Backlinks – Shows references to other objects if available. This option is available only on the Control Center.
  • Show Backlink Overrides – Displays overrides if backlinks are present. This option is available only on the Control Center.
  • Show Config Definition – Opens a window displaying the details of this configuration node. This option is available only on the Control Center.
  • Remember Position / Clear Position – If you want Barracuda Firewall Admin to open at a specific node for your next session, right-click the node and select Remember Position. To clear the saved position, right-click it and select Clear Remember Position.

The following options are only available when you right-click the Box node:

  • Create DHA box – (This option is only available on stand-alone units.) Creates a secondary or Dedicated High Availability (DHA) unit for an HA setup. You can only create one HA partner for each box. For more information, see High Availability. When you create the DHA unit, the HA Box and HA Network nodes are created at the bottom of the Configuration Tree. On the HA Network page, you can configure the network settings for the DHA unit. The configuration itself is the same as the regular network configuration.

    When you initially create the HA box, the network settings of the primary unit are automatically used in the HA network settings. Before installing the DHA unit, verify that the correct IP addresses have been added to the HA Network settings.

  • Remove DHA box – Deletes the DHA unit.
  • Emergency Override – This option is only available on CloudGen Firewalls that are administered by a Control Center. It allows local configuration of the CloudGen Firewalls.

    After making your local changes, you must also manually synchronize configurations with the Control Center.

  • Refresh Complete Tree – Updates the view of the Configuration Tree.
  • Collapse  – Collapses all nodes in the selected tree branch.
  • Expand – Opens all nodes in the selected tree branch.
  • Create Repository  – Creates a repository of configurations. For more information, see Repositories.
  • Create PAR file  – Creates a PAR file to back up your system configuration. For more information, see Backups and Recovery.
  • Restore  from PAR file – Restores the configuration of your system from a PAR file. For more information, see Backups and Recovery.

The following options are only available when you right-click the Assigned Services node: 

  • Create Service – Creates a service. For more information, see Assigned Services.
  • Remove Service – Marks the selected service for deletion.

Identifying Modified Nodes

From the Configuration Tree, you can quickly determine if a node has been modified if one of the following icons is displayed next to it:

IconDescription
NewNode.PNGThe node has just been added. You will see this icon next to services and DHA units that you have added.
ModifiedNode.PNGThe node has been modified. You will see this icon next to configuration pages whose settings have been edited.
DeletedNode.PNGThe node has been marked for deletion. You will see this icon next to services that you have selected for removal.

The modified nodes are added, applied, or deleted after you activate your configuration changes.

Configuration Page Controls

When accessing a configuration page from the Configuration Tree by double-clicking, you can find the following options for editing the settings and applying configuration changes to the system:

conf_menu.png

  • Lock – Because multiple administrators can access a configuration page, you must always lock it before you can edit the settings. Lock locks the configuration page to give you write access and changes the status of the button to UnlockUnlock unlocks the configuration page.
  • Send Changes – After editing your settings, you must send them to the firewall or Control Center by clicking Send Changes. When the configuration changes were successfully sent, an Activation Pending link is displayed at the top.
  • Discard – This option allows you to discard the changes after they were sent.
  • Activate – To apply the configuration to the firewall after editing it and sending the changes, click Activate. (In case the Activation Pending link is displayed, click this link instead.)

The State Info  drop-down menu provides information about all sessions and transactions on the system and offers controls to manage HA synchronization.

  • Transactions  –   To view configurations that are pending activation, expand  State  Info  and select  Transactions .
  • Locks  –   To gather information about all locked elements in the configuration, select  Locks .
  • Sessions  –   The service bar of the Configuration page displays your Generic Configuration Session ID (GCSID). The GCSID contains the IP address and source port of the connecting client followed by the PID of the server process (boxconfigd) that is handling the current connection. When clicking Sessions, you can also view information about the sessions of other administrators. To terminate or gather more information about a session, select it in the appearing Configuration Sessions window and then click one of the following buttons:
    • Show Locks – Displays a list of the nodes that are locked by the administrator.
    • Show Transactions – Displays a list of the configuration changes that are waiting for activation.
    • Kill Session – Kills the session. However, it is strongly recommended that you do not kill sessions held by other administrators.
  • HA Sync opens the HA Box Synchronization  window with information about your HA units and controls to manage HA synchronization. For more information on these functions, see High Availability.

On a configuration page, you will also find controls for the following tasks:

  • Im/Export – With this drop-down option, you can export your settings to the clipboard and import them to the configuration of another system:
    • Copy to Clipboard – Exports your configurations to the clipboard.
    • Replace With Clipboard – Replaces the settings on the page with values that were copied to the clipboard.
    • Merge With Clipboard – Merges the settings of the page with values that were copied to the clipboard.
  • RCS  The RCS drop-down menu lets you access information about configuration changes that were applied to your CloudGen Firewalls. For more information, see Revision Control System (RCS)