It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure the Bootloader

  • Last updated on

Before changing the default bootloader settings, make sure that you understand how the bootloader of a Linux system functions.

If you do not have any special hardware requirements, the default bootloader settings are sufficient for proper operation. However, it is recommended that you change the default bootloader password. If required, you can also change the following bootloader settings:

  • The Linux kernel that is used during booting. You must also update the kernel or invoke a particular utility program from the command line to use the settings reserved for custom/manual kernel updates.
  • The boot time and prompt.

Edit the Bootloader Settings

  1. Go to CONFIGURATION > Full Configuration > Box > Advanced Configuration > Bootloader.
  2. Click Lock.
  3. To change the bootloader password, edit the following settings:
    • Use Bootloader Password – To require a password to boot the image if additional parameters are specified on the command line, select this check box. Doing so increases the security of the system and requires you to specify an appropriate loader password.
    • Bootloader Password – Plain text boot password required for manually entering additional boot parameters to the bootloader and kernel. Note that you should choose your own bootloader password before using the system in a productive environment. The factory default is ph10n.

      The password can only be stored in plain text format in the /etc/grub.conf file. The remaining parameters are only considered when the update policy is set to custom and the loader configuration is changed by invoking a utility program on the command line. For any other update policy or in case of header updates, they are ignored. The password can consist of small and capital characters, numbers, and non alpha-numeric symbols, except the hash sign (#).

  4. If required, you can also edit the following settings:

    • Loader Delay – Sets a timeout (in tenths of a second) for keyboard input. If no key is pressed within the specified time, the first or default image is automatically booted. You can enter a value from 0 to 100.
      The default value is set to 0.

      Note: Beware of setting the default value for the loader delay to a value greater than 0!
      Because the firewall's clock function depends on the BIOS clock, the firewall will not be able to boot in case the BIOS clock breaks and if the default value is larger than 0.
    • Serial Console – The serial port that is used to connect to the box by a serial connection. If there is no serial console on your system, select none.

    • Global Append Options – For experts only! Enter different commands to the kernel. The options are written to the /etc/grub.conf file at the end of the append dialog: append="console=tty0 console=ttyS0,19200n8r *your option*"

      If a Barracuda CloudGen Firewall running on 32-bit units like F10, F100, F200, and F300 has more than 768 MB of RAM and ACPF memory parameters are increased, you might have to increase the memory available for vmalloc. Add: vmalloc=400M

      To limit the number of used cores of multi-core CPUs, enter nr_cpus=<n> (<n> stands for the number of CPU cores). This option may be necessary on units operating with licenses containing CPU restrictions. If a license violation occurs, the unit displays: Box has 4 CPUs but only 2 licensed . For further details on license restrictions, refer to: How to License a CloudGen Firewall.

    • Disable ACPI – To disable ACPI when the system is booted, select yes. Disable ACPI if either the interrupt routing in the ACPI table is wrong and you want to fall back to standard interrupt routing, or if the ACPI functions in the BIOS cause problems.

  5. Click Send Changes and Activate.

After updating your kernel or changing boot settings, you must also reboot your Barracuda CloudGen Firewall. Sending and activating a new configuration will merely alter the header part of the loader configuration file while leaving the kernel untouched.

To view the current kernel and bootloader status, go to the CONTROL > Box page.