Config JSON checkpoints on the Barracuda Web Application Firewall are JSON-formatted configuration snapshots at specific points in time. These checkpoints provide administrators with a human-readable configuration file that can be further modified to configure the Barracuda WAF. In addition, since these files are JSON formatted, it is possible to download them from the Barracuda WAF and store them in a version-controlled repository, such as Git or CVS.
The Barracuda Web Application Firewall provides a factory shipped default configuration JSON file (named “base_config”) that contains the factory-shipped configuration. When an administrator performs configuration changes to the WAF, they can create checkpoints. Administrators can also choose to create and download a Config diff against the changes since the last checkpoint or the base configuration.
Configuration JSON checkpoints are created and stored in the ADVANCED > Backups > Configuration Checkpoint section.
Using the GUI, the changes/differences of the checkpoints are exported using the following options:
- Complete Configuration – choose this type of export if you want to export the entire WAF
- Only Changes – choose this type of export if you want to export only the changes made to the WAF configuration in the selected checkpoint. The details of the changes are exported to a JSON file. This is the recommended option.
The Configuring Checkpoint section allows you to create and delete checkpoints.
Perform the following steps:
- Navigate to ADVANCED > Backups > Configuration Checkpoint.
- In the Name box, enter a name for the checkpoint.
Note: The name can include alphanumeric characters, periods (.), hyphens (-) and underscores (_). Any other special characters such as space, semicolon, asterisk, etc. are not allowed.
- In the Comment box, provide a description for the checkpoint.
- Click Create Checkpoint. A checkpoint along with its timestamp when it was created is displayed in the table below. You can use this checkpoint when you want to export the details of the checkpoint to a JSON file.
Exporting Differential Configurations from Checkpoints
The Export WAF Configuration File section allows you to export differential configurations from the created checkpoints.
- Navigate to ADVANCED > Backups > Export WAF Configuration File.
- Backup - Choose a type of export for exporting the configuration changes.
- Complete Configuration - exports the entire configuration including the base configuration.
- Only Changes: exports only the changes made to the configurations to a JSON file for the selected checkpoint.
- Changes After - select the checkpoint you want to export from the dropdown list.
- Date - displays the date and time when the checkpoint was created.
- Comment - specify details about the checkpoint.
Validating the Configuration File
After creating the configuration JSON file, validate the file by uploading this in the Barracuda Web Application Firewall user interface. The Restore WAF Configuration File section allows you to upload the JSON file for validation and restoring the configurations.
Perform the following steps to validate and restore the configurations of the JSON file:
- Log into the Barracuda Web Application Firewall.
- Navigate to ADVANCED > Backups > Restore WAF Configuration File.
- Click Browse and select the JSON file that you created.
- From Action Type, specify the option that you want to perform on the JSON configuration file.
- Validate - Creates a sandbox environment on the Barracuda Web Application Firewall to test and validate the configurations specified in the JSON file. The validation process might take a few minutes for completion depending on the size of the configuration. However, the progress of completion is indicated on the user interface. A Success/Failure message is displayed at the end of the validation process.
- Apply Configuration - Applies the configurations specified in the JSON file. The process might take a few minutes for completion depending on the size of the configuration. However, the progress of completion is indicated on the user interface. A Success/Failure message is displayed at the end of the installation process. In case there is an error, the configuration on the system is automatically reverted to the state prior to the config restore. Also, you can view the details of the error by clicking the link displayed on the user interface.
Click Upload Now to upload the JSON file.