User manual BARRACUDA COMMAND LINE REV 1.1 INTERFACE GUIDE
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual BARRACUDA COMMAND LINE REV 1.1. We hope that this BARRACUDA COMMAND LINE REV 1.1 user guide will be useful to you.
Manual abstract: user guide BARRACUDA COMMAND LINE REV 1.1INTERFACE GUIDE
Detailed instructions for use are in the User's Guide.
[. . . ] Command Line Interface Guide
Barracuda NG Firewall Revision 1. 1
Barracuda Networks Inc. Winchester Blvd Campbell, CA 95008 http://www. barracuda. com
Copyright Notice
Copyright 2004-2010, Barracuda Networks www. barracuda. com v4. x-090623-06-1119 All rights reserved. Information in this document is subject to change without notice.
Trademarks
Barracuda NG Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders.
2
Barracuda NG Firewall - Command Line Interface Guide
Contents
Chapter 1 - I n t r o d u c t i o n . [. . . ] Two important files, boxadmin. conf and boxnet. conf, are sitting within this directory.
38
Barracuda NG Firewall - Command Line Interface Guide
5. 3. 2
"Configroot" Directory
Directory for the GUI's management configuration tree.
5. 3. 3
"History" Directory
Contains DB files for internal use only. Absolutely not to be changed manually.
Do not make any changes to this directory.
5. 3. 4
"Sessions" Directory
Whenever a session is opened, all session based information is stored here.
5. 3. 5
"Update" Directory
All files needed for synching with another box (e. g. HA) are stored here.
Configuration Files and Tree 39
40
Barracuda NG Firewall - Command Line Interface Guide
Chapter 6 Network Activation
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Networking Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Network Activation 41
6. 1
General
This chapter is about activating a new network configuration using the console. Which files can be changed?
6. 2
Networking Layer
The networking layer is installed along with the etc_box package. It is called phionetc_box because almost all relevant files are located within the /etc/phion directory. The main purpose of this package is controlling every part of the system that communicates using the network. Along with the software modules, there are further packages, such as openssh or ntp, that retrieve their configuration from NGFW scripts and whose modules are started by these scripts.
6. 3
Configuration Files
There are three configuration files used to control the network behavior of the system: · · · 6. 3. 1 Options 6. 3. 2 boxadm. conf, page 43 6. 3. 3 boxnet. conf, page 43
6. 3. 1
Options
This is the only configuration file not managed by Barracuda NG Admin.
Fig. BOX_NETWORK="Y" # Number of retries to bring up all devices, sometimes useful for token ring devices NET_RETRY=0 # should the phion subsystem be started ?PHION_START="Y" #for some historical reason: should the NetDB subsystem be started?NETDB_START="N" # for advanced Servers START_ORA="N" #Y/N start ORACLE on BOOT START_ADABAS="N" #Y/N start ADABAS on BOOT
Table 63 Parameters in the options file Parameter
BOX_NETWORK NET_RETRY PHION_START NETDB_START
Options
Y/N numerical Y/N Y/N
Default
Y 0 Y N
Description
If set to "N", nothing will happen when trying to start networking. If set to "N", the Barracuda operative layer will not start. Use this if a box is running without proprietary Barracuda NGFW software. Only of use when using a box with NetDB database on it.
42
Barracuda NG Firewall - Command Line Interface Guide
6. 3. 2
boxadm. conf
Contains parameters related to services that don't require a network restart in order to get activated (e. g. Additionally, this file contains information about box services (box tuning).
Fig. 639 Example for boxadmin. conf content
ACLLIST[] = DNSSERVER[] = 212. 86. 0. 4 DOMAIN = phion. qa INACTFLAG = n NTPEVT = 0 RPASSWD = $1$someMD5encryption SPASSWD = $1$someMD5encryption STARTNTP = y SYNC = y TMASTER[] = 10. 0. 0. 33 TZONE = Europe/Vienna UTC = y [rootalias_mbr] AUTHLEVEL = 0 NAME = mbr PASSWD = $1$goelga$9ysSYZ4X. qpJqn8k0KpsC. PUBKEY = -----BEGIN RSA PUBLIC KEY----MIGJAoGBAOV2ltrcBSa4mV3S0ni6P6K9RTIWHG3aMoolsAQNEsImcReUqhdc+QQ2 kCHHHJ5HWpBc0ePF6P+nrv0Pgw3SZHcV3mA7L1JeHs2XEqvndnVlvA+uNhnbMVBD o/yUhq4Vwdgmu3OiUlspJhgRnCapRIvSAmoARNPWoGA/tw8HgJdTAgMBAAE= -----END RSA PUBLIC KEY----[rootalias_pmr] AUTHLEVEL = 0 NAME = pmr PASSWD = $1$djoanl$BPvPXlA87meC4. JVNljcP. PUBKEY = -----BEGIN RSA PUBLIC KEY----MIGJAoGBAM2dG/OHlJCdIASXy4DmOWb23u4SJr2q/BzalLDM31m9kc/zsKAbZasU Yevr86H7yZ2qqtILywycsCYKuYATZe37QlO30vyh+VCphgumwbfVXl9fkAeJUrzM XGNRUWpwiDCl4vEpGl0b5gHka/XjKdsM4RmXAE6k+6+5sAuIrZqPAgMBAAE= -----END RSA PUBLIC KEY-----
6. 3. 3
boxnet. conf
Contains information about dealing with network connections, such as host name, network devices, IP addresses and routing information.
Fig. 640 Example for boxnet. conf content
HOSTNAME = mybox RAM = n VIP = [addnet_212er] BIND = y CRIT = n DEV = eth1 IP = 212. 86. 0. 112 MASK = 8 NAME = 212er PING = y [addroute_default1] DEST = 212. 86. 0. 100 DEV = FOREIGN = y MASK = 32 NAME = default1 PREF = 100 SRC = TARGET = 0. 0. 0. 0 TYPE = gw [addroute_default2] DEST = 212. 86. 1. 100 DEV = FOREIGN = y MASK = 32 NAME = default2 PREF = 200 FOREIGN = y MASK = 8 NAME = dev2 PREF = SRC = TARGET = 212. 86. 1. 0 TYPE = dev [addroute_devnet] DEST = 10. 0. 0. 101 DEV = FOREIGN = y MASK = 8 NAME = devnet PREF = SRC = TARGET = 10. 0. 3. 0 TYPE = gw [boxnet] DEV = eth0 IP = 10. 0. 0. 181 MASK = 8 [cards_10realtek] BLTIN = module MOD = 8139too. o NAME = 10realtek NUM = 2 TYPE = eth
Network Activation 43
44
Barracuda NG Firewall - Command Line Interface Guide
Chapter 7 Verification Scripts
/etc/phion/bin/verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Verification Scripts 45
7. 1
/etc/phion/bin/verify
This script checks the logical consistency of the boxnet. conf and boxadm. conf files. [. . . ] At the position of the Command parameter, enter for example:
phionrcscleanup--path=/opt/phion/ rangetree/configroot/Revision --months=6 · Specify the scheduling times.
18. 2. 2
Example 2
Set up a cron job using the command line:
Fig. 1868
* * * * * command to be executed ----||||| | | | | ----- Day of week (0 - 7) (Sunday=0 or 7) | | | ------- Month (1 - 12) | | --------- Day of month (1 - 31) | ----------- Hour (0 - 23) ------------- Minute (0 - 59)
Fig. 1869 Example for CC
crontab -e * * 1 * * phionctrl module block rangeconf; /opt phion/bin/phionrcscleanup -- path=/opt/phion/rangetree/configroot/Revision -months=1; phionctrl module start rangeconf;
Fig. 1870 Example for HA-CC
crontab -e * * 1 * * phionctrl module block rangeconf; /opt * * 1 * * phionctrl box block boxconfig; phionctrl module block rangeconf; /opt phion/bin/phionrcscleanup -- path=/opt/phion/rangetree/configroot/Revision -months=1; phionctrl module start rangeconf; phionctrl box start boxconfig;
phionrcscleanup 89
18. 2. 3
Example 3
Place a script in one of the cron directories in /etc/cron. * to start the job daily, hourly, weekly or monthly:
Fig. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE BARRACUDA COMMAND LINE REV 1.1
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual BARRACUDA COMMAND LINE REV 1.1 will begin.