CacheGuard OS
User's Guide - Version EH-1.4.2
Operating System
Registration & Subscription
The registration process allows you to get a free S/N (Serial Number) that uniquely identifies your appliance. This S/N is then used in a second step to purchase a subscription for the commercial edition.
A subscription for a given period is effected by a license key, which is sent to you the first time you purchase a subscription. Following this initial subscription period a renewal is required to continue to use your appliance.
The registration process is a manual process that should be initiated form an already installed appliance. To begin the registration process it is easier to use the Web GUI as you will be asked to connect to the appliance registration Web portal to get an OTP (One Time Password).
To begin the registration process go to the menu option [GENERAL] > [Main Settings] > [Registration & Subscription] of the Web GUI and follow given instructions. Please read the manual of the register command for further information.
Backup & Restore
To allow you to recover quickly a crashed system, the running system including the logical configuration and also essential data (antivirus signatures, URL lists, SSL keys...) could be saved on a file server and restored back in the future on a freshly installed OS. A system backup should be created prior to being saved on a file server. The creation is done in the background and you can follow the operation by requesting a report at any time. When finished, you can save your system backup on file server and preserve the file on a safe place.
To create and save a system backup named "cacheguard.backup" on the trusted TFTP server identified by the IP address "172.18.2.1" use the following commands:
- system backup create
- system backup create report
- ...
- system backup save tftp 172.18.2.1 cacheguard.backup
Note that only trusted file servers can be used. To declare a file server as trusted use the command "access file".
To restore a previousely saved backup named "cacheguard.backup" from the trusted TFTP server identified by the IP address "172.18.2.1" use the following commands:
- system backup load tftp 172.18.2.1 cacheguard.backup
- apply
Patch the OS
CacheGuard Technologies Ltd may from time to time provide OS patches. It is highly recommended to keep your OS up to date by installing the latest patches.
OS patches can be loaded from a file server of your choice and then installed on the appliance. Note that only trusted file servers can be used. To declare a file server as trusted use the command "access file". To load a patch named "CacheGuard-EH-64-1.3.4-patch.cgp" from the trusted TFTP server identified by the IP address "172.18.2.1" use the following commands:
- system patch tftp 172.18.2.1 CacheGuard-EH-64-1.3.4-patch.cgp
- apply
Patches can also be automatically downloaded from an official CacheGuard Web server. Please refer to the documentation of the system command for further information.
Caution: During the patching operation, it is highly recommended to NOT turn off your machine. If your machine is accidentally turned off, the appliance may fall into an inconsistent state and then, the only solution is to reinstall the OS on your machine. It is recommended to save your configuration and SSL certificates whenever you want to patch the OS.
Upgrade the OS
Some major CacheGuard-OS release requires that you reinstall the OS from scratch. In this case proceed as follows:
- Save your logical configuration using the conf command.
- Save all TLS objects (certificates and private keys) using the tls command.
- Read carefully Change Logs.
- Modify your saved logical configuration using an ASCII text editor if needed.
- Reinstall the OS from scratch (see OS Installation).
- Reload your saved configuration into your freshly installed system using the conf command.
- Reload all previously saved TLS objects using the tls command.
- If you use custom WAF rules reload them into the system using the waf command.
- If you use URL lists reload them into the system using the guard command.
- If you use ssh keys reload them into the system using the admin command.
- If you use SNMP client certificates reload them into the system using the admin command.
- Ask all restricted administrators to change their password using the password command.
Reboot Appliance
To reboot the appliance use the command "reboot". This command may be used remotely using SSH or via the console port. It is also possible to reboot the appliance using the Web administration GUI.
Copyright (C) 2009-2020 CacheGuard - All rights reserved