It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Zero Touch Redeployment

  • Last updated on

This documentation refers to the implementation in Control Center releases 8.0.6, 8.2.2, 8.3.1, and higher.

Zero Touch Redeployment is intended to simplify the redeployment of configurations in case of hardware replacements. The configuration can be found on Control Centers under Global Settings > CC Parameters > Zero Touch Deployment. All relevant parameters are available in advanced configuration mode.

Automatic Zero Touch Redeployment

This feature can be enabled globally and can also be enabled or disabled for specific ranges and clusters. 

ztd_rd.png

Requirements and Limitations

Automatic Zero Touch Redeployment requires support from the ZTD service and must be enabled one time for each customer’s BCC account by Barracuda Networks Technical Support.

Automatic Zero Touch Redeployment works for CC-managed appliances. For pushing the configuration, the following matchers support automatic redeployment:

  • Internal IP address
  • Internal subnet
  • External IP address
  • External subnet

The same matching condition can only be used once. If the same matching condition is used to push several configurations, automatic redeployment is disabled by default. This default can be overruled in CC Parameters > Zero Touch Deployment > Identical Matcher Redeployment. For more information on matching conditions, see How to Configure a Firewall for Zero Touch Deployment.

It is not recommended to enable this feature unless it is absolutely clear that this option works in your specific use case. In general, there is no guarantee that the Control Center can correctly auto-redeploy the correct configuration in this special case.

Automatic Zero Touch Redeployment involves the following steps:

  1. An appliance is Zero Touch-deployed the standard way, connects to the Control Center, and completes the ZTD cycle. Automatic redeployment is enabled on the Control Center and for the customer’s account. For more information, see Zero Touch Deployment.
  2. In case the hardware for the appliance malfunctions and is exchanged for a new appliance, the new appliance contacts the ZTD service.
  3. The ZTD service detects that a consumed configuration for a completed appliance matches the new hardware and informs the Control Center that a redeployment is necessary.
  4. The Control Center automatically pushes the current configuration for the appliance to the ZTD service.
  5. The new appliance receives the configuration and takes the role of the original appliance.

Manual Zero Touch Redeployment

Manual Zero Touch Redeployment is an option that is available via REST and Firewall Admin. The Firewall Admin option is available on the Status Map and the Zero Touch Deployment page in the Control Center. For more information, see CC Zero Touch Deployment. Manual Zero Touch Redeployment can be used for any completed Zero Touch-deployed configuration. It deletes the consumed configuration from the user’s ZTD account and uses the same matcher to push a fresh configuration from the Control Center to the ZTD service. This option is independent from automatic re-deployment; it works with and without enabled automatic redeployment.

A typical use case is the following scenario:

  1. An appliance is Zero Touch-deployed the standard way, connects to the Control Center, and completes the ZTD cycle. For more information, see Zero Touch Deployment.
  2. The hardware for this appliance malfunctions and is exchanged for new hardware.
  3. The user identifies the malfunctioned appliance in the CC Status Map. It will be offline.
  4. The user triggers manual redeployment for this appliance.

The new hardware receives the configuration pushed in Step 4 via Zero Touch Deployment and takes the same role as the malfunctioned appliance.

Last updated on