This section includes the following topics:
A firewall configuration can be uploaded to a running firewall at any time. To upload a configuration, first select the target firewall in the tree view of the Security Editor, and then choose Upload Configuration... from the Action->Communication menu.
A communication wizard similar to the one shown to the right will be displayed. The firewall that was selected in the tree view will automatically be marked with a check box. Additional firewalls can be selected or de-selected by clicking the corresponding check boxes.
If the Automatically activate uploaded configurations option is selected, the firewalls will activate the new configurations as soon as they have been received.
Click the Next button to start the upload. The most recent configuration will be uploaded to all selected firewalls.
The next wizard page will display a list containing all the firewalls that configurations are being uploaded to, along with the status of each upload. Click the Properties... button to display an Event Properties dialog box where a detailed log of the progress is listed.
After a new configuration is activated, a fail-safe test is performed to verify that the firewall can still be reached from Amaranten Firewall Manager. If the test fails, the firewall will automatically revert to its previous configuration. In this way, an administrator is prevented to lock himself out from a remote firewall.
The previous configuration version is also used if the new configuration contains information that cannot be parsed by the firewall core. The Event Properties dialog box will then contain an error log.
When a new configuration has been activated successfully, a text similar to the following is displayed in the Event Properties dialog box:
Attempting to connect to the firewall.
Uploading to firewall.
Upload successful.
Re-reading configuration.
Waiting for answer from firewall.
Configuring from FWCore_N.cfg.
Configuration done.
Configuration "FWCore_N.cfg" (v21) verified for bi-directional
communication.
The Deploy Configuration command, available in the Action menu of the Security Editor, is similar to the Upload Configuration command, with one major difference; Deploy Configuration will automatically select firewalls that have configurations that are more recent in the data source. These firewalls are also displayed in the Security Editor with the status Needs Deployment.
The running configuration may be downloaded from a firewall and stored in the management data source. To download a configuration, first select the target firewall in the tree view of the Security Editor, and then choose Download Configuration... from the Action->Communication menu. The communication wizard is used in the same way as in the Uploading a configuration section above.
The version number of the downloaded configuration will be the version number of the most recent configuration in the management data source increased by 1, or the version number of the running firewall configuration, whichever is highest.
For example, if the running firewall configuration has version number 10 and the most recent version in the management data source has version number 7, then the version number of the downloaded configuration will be 10. On the contrary, if the running firewall configuration has version number 5 and the most recent version in the management data source has version number 7, then the version number of the downloaded configuration will be 8.
A firewall can be instructed to re-read its configuration, meaning that the firewall reads its current configuration and performs the same initialization procedures as it does upon start. To perform a configuration re-read, first select the target firewall in the tree view of the Security Editor, and then choose Re-read Configuration... from the Action->Communication menu. The communication wizard is used in the same way as in the Uploading a configuration section above.
A firewall can be instructed to perform a complete restart, similar to a power off/power on operation. To perform a firewall restart, first select the target firewall in the tree view of the Security Editor, and then choose Restart Firewall... from the Action->Communication menu. The communication wizard is used in the same way as in the Uploading a configuration section above.