CacheGuard-OS
User's Guide - Version UF-2.1.3
Configuration Management
To implement the appliance in an existing network it must be configured adequately. The behaviour of the appliance depends on a set of parameters combined together to form a "Configuration" seen as a whole. To see the current (or running) configuration use the command "
conf" without any argument.
Parameters
The appliance is configured by setting different parameters using online commands ( Console port or SSH) or the Web administration GUI (see the Administration Interface section). There are different types of parameters:
- Classical parameters (like IP configuration associated with the internal network interface devices configured with the command "ip internal")
- Boolean parameters (like different modes configured with the command "mode")
- List parameters (like an IP network route configured with the command "ip route")
A classical parameter is given alongside a command as its argument. For instance to set the internal network interface use the command: "
ip internal <ip > <netmask>"
A boolean parameter is activated with the keyword "on" and deactivated with the keyword "off". For instance to activate the compress use the command "compress on".
List parameters are manipulated using the following keywords:
- add (to add an element)
- del (to delete an element)
- raz (to delete all elements)
For instance to add a route use the command "
ip route add <ip> <netmask> <gateway>".
Applying a Configuration
The appliance always has two configurations: a current (or running) configuration and a new configuration (or programmed). The configuration process consist of two steps:
- The Parameter Setting step
- The Applying step
During the Parameter Setting step, used commands do not immediately affect the running system. To be operational a configuration (set of parameters) must be applied to the system.
The applying process replaces the current (running) configuration by a new programmed configuration. After the "apply" process and if no error is detected, the current configuration is equal to the new configuration. The command "
conf diff" allows you to compare the current and the new configuration and shows differences between those configurations.
A configuration is seen as a whole and to be applicable, all settings should be compatible together. The command "apply" does all integrity checks before applying a configuration.
To apply a configuration use the command "apply". This command launches a system apply as background task. The system apply may take from seconds to some minutes according to the nature of the configuration and the performance of your hardware. The command "apply report" prints the state execution report of the latest "apply" command.
If after having set different parameters to create a new configuration you decide to cancel the programmed configuration you can use the command "cancel". This is only possible before the use of command "apply".
Finally, there is the ability to reset to the initial factory configuration. To apply the factory configuration use the following commands:
Load & Save a Configuration
The configuration may be saved on a file server (FTP, TFTP...) with the command "conf". Only trusted file servers are allowed to communicate with the appliance. A file server is declared trusted by using the command "access". To trust the TFTP server identified by the IP address "172.18.2.1" use the following commands:
- access file add internal 172.18.2.1
- apply
Wait for the termination of the asynchronous command "apply" (use the command
"apply report" to see the execution state report). Now to save the current running configuration in the file "cacheguard.conf" located on the TFTP server "172.18.2.1" use the following command:
- conf save tftp 172.18.2.1 cacheguard.conf
The created file will contain a list of configuration commands. To load this configuration into the appliance from the same TFTP server use the following command:
- conf load tftp 172.18.2.1 cacheguard.conf
The syntax used in a configuration file is the same as the online configuration syntax. The configuration loaded from a file server is added to the existing new configuration. To avoid cumulative settings you can reset list values before adding new items to that list. To do this you can use the keyword "
raz" to reset that list. If the command "
apply" is not included in the loaded file, it should be manually invoked after the file loading to activate the new configuration - The saving process does write the command "
apply" into the target file.
Copyright (C) 2009-2023 CacheGuard - All rights reserved