It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SecureEdge

How to Create a Site ACL

  • Last updated on

The Barracuda SecureEdge Manager allows you to create access control lists (ACLs) for your connected sites, using either predefined applications or a custom application. With access control lists, you can either allow or deny access based on source and destination. 

Note that ICMP via the Barracuda SecureEdge Agent is always set to allow for configured ZTNA resources. For example, you can ping an internal resource via SecureEdge Agent if a policy for it exists. For more information on SecureEdge Access, see SecureEdge Access.

Before You Begin

  • If you want to use the users or groups from user directories (such as Microsoft Entra ID, LDAP, Google Workspace, Okta, and Barracuda Cloud Control) in network policies, you must first connect your SecureEdge Identity Management in order to synchronize users and groups. For more information, see Identity Management

  • If you want to select users or groups from user directories such as BCC-linked Microsoft Entra ID or the BCC-linked LDAP directory in network policies, you must first connect your directory with Barracuda Cloud Control in order to synchronize users and groups. For more information, see LDAP Active Directory and Microsoft Entra ID and How to Connect Microsoft Entra ID with Barracuda Cloud Control.

Create a Site ACL

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon and select the workspace containing your site.

  3. Go to Security Policy.

  4. Expand the Network ACL menu on the left and select Site ACL.

    goto-site acl.png

  5. The Site ACL window opens. To create a new rule, click Add Rule

    SiteACL-AddRule.png

  6. The Add New Rule window opens. Specify values for the following:

    • Scope – Select the scope of this rule from the drop-down menu.

    • Name – Enter a unique name for a rule.

    • Description – Enter a brief description. 

    • Action – Select the action from the drop-down menu. You can choose between Allow and Block.

    • ICMP – Select the ICMP value from the drop-down menu. You can choose between Allow and Block

      • If you select Action = Allow, you can choose an ICMP value of either Allow or Block.

      • If you select Action = Block, the ICMP field is disabled and set to Block

    • In the SOURCE CRITERIA section, specify the following:

      • Type – Select a source type. You can choose between IP/Network, Private Edge Service, Site, and User/Group.

        • IP/Network – Enter the IP address or network, and click +.

    • In the DESTINATION CRITERIA section, specify the following:

      • Type – Select a destination type. You can choose between Application, IP/NetworkSite, and Private Edge Service

      • Application – Select an application from the drop-down menu, or type to search.

        AddRule-SiteACL.png

  7. Click Save.

After the configuration is complete, you can either allow or deny access based on source and destination. For example, when the Action and ICMP fields are set to Allow, you can send a ping from the source to the destination. If no Site ACL rule matches, the Default Action will be applied. 

Select the Default Action

You can configure the site ACL to either allow or block traffic by default. 

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon and select the workspace containing your site.

  3. Go to Security Policy.

  4. Expand the Network ACL menu on the left and select Site ACL

  5. The Site ACL page opens. Select the Default Action.

    DefaultAction-SiteACL.png

Edit an Existing Site ACL 

  1. In the left menu, click the Security Policy.

  2. Expand the Network ACL menu on the left and select Site ACL.

  3. The Site ACL window opens. Click on the pencil icon next to the rule you want to edit.

    Edit-SiteACL.png

  4. The Edit Rule window opens. Edit the value you are interested in. 

  5. Click Save.

Remove an Existing Site ACL 

  1. In the left menu, click the Security Policy.

  2. Expand the Network ACL menu on the left and select Site ACL.

  3. The Site ACL window opens. Click on the trash can icon next to the rule you want to remove.

    Del-SiteACL.png

  4. The Delete Rule window opens.

    DelSiteACL.png

  5. Click OK to confirm.

Further Information