It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Back Up and Restore CC Archive PAR Files on the Command Line

  • Last updated on

Use cctool to back up and restore Control Center (CC) configurations including Firewall, Secure Access Controller, and Secure Connector configurations. cctool extracts CC configuration tree information from the CC database (ccdb) and writes the information into an archive PAR file. In terms of functionality, cctool does the same as when creating or restoring CC configuration using Barracuda Firewall Admin (see also How to Back Up and Restore Firewall, Secure Access Controller and Control Center Configurations). 

This version of cctool is part of every firmware release 8.0.3 and higher and can be used on both CloudGen Firewalls and Control Centers. cctool is network-aware, which means you can use it locally and remotely. For example, when you call cctool on a firewall with the appropriate parameters, cctool can also be executed on a remote Control Center. Additionally, this works on firewalls not managed by a Control Center.

The output extracted from the database into the archive PAR file is always stored on the box where the cctool command is initiated.

How to Use cctool

At a command prompt, type cctool to view the available options:

[root@HQ-NG1:~]# cctool
error: missing mandatory parameter
Control Center CLI

Usage:
        -a|--address <address>          Server IP of the CC
        -u|--username <username>        Username to use to connect to the CC
        -p|--password <password>        
        -b|--backup <filename>          Creates a CC archive file
        -r|--restore <filename>         Restores a CC archive file
		-i|--importboxpar <filename>
        -t|--timeout <timeout [sec]>
		-o|--enable						Change operational state of a managed box on the CC to 'enabled'
		-O|--disable					Change operational state of a managed box on the CC to 'disabled'
		-l|--listboxes					List boxes on the CC
        -h|--help                       Show help for the command
  
         //* The following options apply for managed boxes and HA-boxes *//
        -M|--managedboxpar <filename>   Use this option for (primary HA) boxserver boxes 
                                        and for primary and secondary boxes without boxserver (<8.0)
        -H|--managedboxhapar <filename> Use this option for secondary HA boxserver boxes (>=8.0)
        -B|--managedboxname <boxname>   Name of the managed box
        -C|--cluster <cluster>          Name of the cluster
        -R|--range <range|              Name of the range    

Beware in case you want to use cctool automated as part of scripts!

In general, if you specify a file name that already exists, the respective archive PAR file is overwritten. This also applies to manually triggered calls of the tool.

Options

-a | --address <address>

Because the configuration tree information can only be extracted from the database on a Control Center, the option address must always be a Control Center IP address. And because cctool is network-aware, the output is sent to the firewall where the cctool command was initiated. Consequently, if cctool is initiated on a Control Center, the archive PAR file is stored on the Control Center. In all other cases, the archive PAR file is created on the firewall where cctool was called.

-u | --username <username>

Username requires a valid user on the Control Center, for example, user root.

-p | --password <password>

The password associated with the given username.

-b | --backup <filename>

Specify the name of the file into which cctool is to extract configuration tree information from the ccdb. By default, the file is always created on the current working path on the command-line level.

-r | --restore <restore>

Specify the file name where the CC configuration tree will be restored from.

Restoring information from an archive PAR file overwrites all existing 'CC configuration' of all managed firewalls.

This step can NOT be undone!

When restoring an archive PAR file, verify there are no active locks on any nodes in the configuration tree. Otherwise, the restore will fail!
-i | --importboxpar <filename>

Specify the par file to import by the filename.

-t | --timeout [sec]

Specify how long the command-line tool should try to connect to the CC before giving up.

-o | --enable

Specify Change the operational state of a managed box on the CC to 'enabled'.

-O | --disable

Specify Change the operational state of a managed box on the CC to 'disabled'.

-l | --listboxes

List boxes on the CC.

-h | --help

Show help for this command.

-M | --managedboxpar <filename>

Specify the file name for the archive file to be created for a managed box.

-H | --managedboxhapar <filename>

Specify the file name for the archive file to be created for the secondary box of a managed HA pair of boxes.

This option works only for appliances running the new 2-layer service architecture.
For more information on the 2-layer service architecture, see Assigned Services.

If you must create an archive for an HA pair running the former 3-layer server-service architecture, apply the option -M for both the primary and secondary box instead.

-B | --managedboxname <boxname>

Specify the name of the managed box.

-C | --cluster <cluster>

Specify the cluster by its name.

-R | --range <range>

Specify the range by its name.

 

Updating Following a Restore

After restoring a configuration tree on the Control Center using cctool, the previous configuration information of all managed firewalls is overwritten on the Control Center. In order to update all firewalls, the configuration must be explicitly pushed to all relevant firewalls.

  1. Log in to the Control Center.
  2. Go to CONTROL > Configuration Updates.
  3. Select all firewalls in the table you want to update.
  4. Right-click any of the selected firewalls.
  5. A pop-up menu is displayed.
  6. Select Complete Update from the list.
Examples

Initiate a backup on a 'CC configuration' (10.0.10.1) into an archive PAR with the name CC-10.0.10.1.par and credentials user <admin-user> and password <admin-password>

  • cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -b CC-10.0.10.1.par

Restore an archive PAR file from a given PAR file with the name CC-10.0.10.1 and credentials user <admin-user> and password <admin-password>

  • cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -r CC-10.0.10.1.par

Initiate a backup on a 'CC configuration' (10.0.10.1) into an archive PAR for a managed box and credentials user <admin-user> and password <admin-password>. The command can also be used for single managed boxes:

  • cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -R <range> -C <cluster> -B <name of box in CC> -M <filename for archive>

Initiate a backup on a 'CC configuration' (10.0.10.1) into an archive PAR for a managed secondary firewall of an HA pair with credentials user <admin-user> and password <admin-password>. As opposed to the preceding example, this command uses the -H option instead of the -M.

  • cctool -a 10.0.10.1 -u <admin-user> -p <admin-password> -R <range> -C <cluster> -B <name of box in CC> -H <filename for archive>