CacheGuard-OS
User's Guide - Version UF-2.2.1

Operating System

Registration & Subscription

The registration process allows you to get a free S/N (Serial Number) that uniquely identifies your CacheGuard appliance. For commercial installations, the S/N is then used to purchase a subscription that allows you to use your appliance for a given period of time. A subscription is effected by a license key, which is sent to you the first time you purchase a subscription. Following the initial subscription period, a subscription renewal is required to continue to use your appliance.

The registration process is normally a manual process that should be initiated form an already installed appliance. Note that a CacheGuard appliance on a public cloud is automatically registered during its deployment. To begin the registration process it is more convenient to use the Web administration GUI as you will be asked to connect to the CacheGuard appliance registration Web portal to get an OTP (One Time Password).

To begin the registration process, go to the menu option [GENERAL] > [Main Settings] > [Registration & Subscription] of the Web administration GUI and follow given instructions. Please refer to the register command in the Commands Manual for further information.

Backup & Restore

To allow you to quickly recover a crashed machine due to a hardware or software issue, the configuration of a CacheGuard appliance and its essential data (antivirus signatures, URL lists, SSL certificates...) can be saved on a file server and then be restored on a freshly installed CacheGuard appliance (by reinstalling CacheGuard-OS on a new machine). To backup a CacheGuard appliance, you should A system first create a backup file on your appliance and then save that backup file on a trusted file server. The backup creation is a process that runs in background and you have to wait for its termination before being able to save the created backup file.

To create and save a system backup named "cacheguard.backup" on the trusted TFTP server having the IP address 172.18.2.1 use the following commands:

• system backup create
• system backup create report
• # Wait for the backup process termination...
• system backup save tftp 172.18.2.1 cacheguard.backup

Backup files can only be saved on trusted file servers. To declare a file server as trusted, use the access file command. To restore a previousely saved backup named "cacheguard.backup" from the trusted TFTP server having the IP address 172.18.2.1 use the following commands:

• system backup load tftp 172.18.2.1 cacheguard.backup
• apply

It is important to note that this backup and restore method works only if the freshly installed CacheGuard appliance and the failed CacheGuard appliance are on the same CacheGuard-OS version. In case where the freshly installed CacheGuard appliance and the failed CacheGuard appliance would not be on the same CacheGuard-OS version, you will have the possibility to make a logical restore. The logical restore is described in the Reinstalling the OS below and would require that you have to have a copy of your CacheGuard appliance logical configuration. See the Reinstalling the OS below for further information.

Patching the OS

CacheGuard Technologies Ltd regularly releases new CacheGuard-OS versions and provides OS patches to upgrade already installed CacheGuard appliances to the latest CacheGuard-OS version. It goes without saying that it is highly recommended to keep your CacheGuard appliance up to date by installing the latest available patches.

Patching the OS is always subject to risk. That's why it is highly recommended that you save your logical configuration and all its related data/files (SSL certificates, custom WAF rules, antivirus whitelist...) on a trusted file server before proceeding with an OS patch. In this way, you will be able to reinstall your CacheGuard appliance from scratch by installing the latest CacheGuard-OS version on it and then restore your configuration. The section Reinstalling the OS below describes how to easily recover a CacheGuard appliance configuration.

OS patches can be loaded on a CacheGuard appliance from a trusted file server and then be applied to the appliance (refer to the access file command to declare a file server as trusted). To load a patch file named CacheGuard-UF-64-2.1.3-patch.cgp from the trusted TFTP server having the IP address 172.18.2.1, use the following commands:

• system patch tftp 172.18.2.1 CacheGuard-UF-64-2.1.3-patch.cgp
• apply

You can get CacheGuard-OS patches from official CacheGuard servers on the internet. CacheGuard-OS patches can also be directly downloaded on a CacheGuard appliance from an official CacheGuard patch server on the internet. Please refer the system command in the Commands Manual for further information.

Caution: during the patching operation, it is highly recommended to take all precautions to avoid any power shortage on your CacheGuard appliance. If during the patching operation your machine is accidentally turned off or if, for an unforeseeable reason, the patching operation fails, the appliance may fall into an inconsistent state and then, the only recovery solution would be to reinstall CacheGuard-OS on your machine and then manually restore your configuration.

Reinstalling the OS

Some major CacheGuard-OS versions may be released without providing an OS patch. Those releases require that you reinstall CacheGuard-OS from scratch on your machine. In order to avoid having to manually reconfigure your newly installed CacheGuard appliance, you can save its logical configuration and all data/files related to that logical configuration (SSL certificates, custom WAF rules, antivirus whitelist...) on a trusted file server. In this way, you will be able to restore them on your newly installed CacheGuard appliance.

To save the logical configuration of a CacheGuard appliance in a file named "CG.conf" and all its related data in separated files in a folder named "CGFiles" located on a TFTP server having the IP address 172.18.2.1, use the following commands:

• conf save tftp 172.18.2.1 CG.conf
• file save tftp 172.18.2.1 CGFiles

To restore a CacheGuard appliance logical configuration from a file named "CG.conf" and all its related data/files from a folder named "CGFiles" located on a TFTP server having the IP address 172.18.2.1, use the following commands:

• conf load tftp 172.18.2.1 CG.conf
• file load tftp 172.18.2.1 CGFiles
• apply

Please be aware that there is some limitations to this logical backup and restore method. With this method, the following data/files are not saved and then can't be restored:

• Administrator passwords
• Antivirus Signatures
• URL lists

But no worries, antivirus signatures and URL lists are automatically downloaded from trusted file servers during the apply operation. However, if you have secondary administrator users, you will have recreate them manually.

Rebooting the Appliance

In some circumstances you may be asked to reboot your CacheGuard appliance. To reboot your appliance, use the command reboot.