The Barracuda NextGen Firewall X-Series comes with a set of pre-installed access rules. Initially, you can use the appliance without any changes to these rules. Eventually, you might want to customize the rules or enable the pre-installed rules that are disabled initially. Understanding the pre-installed rules can help you create your own rules.
On the FIREWALL > FIREWALL RULES page, you can view the following pre-installed firewall access rules:
Firewall Rule | Description |
---|---|
P1-P3-BRIDGE | This rule creates a bridge between port p1 and port p3. All traffic passes between the two ports. The rule is useful when you first get the X-Series Firewall and want to evaluate the appliance at your desk. Follow the instructions in the Barracuda NextGen Firewall X-Series Quick Start Guide to connect port p1 to the LAN and port p3 to your PC. This configuration gives the firewall access to the Internet, lets you look at traffic, and lets you continue to use your PC for other purposes during the evaluation period. When you are finished with your evaluation and move the firewall into production, you can delete this rule. |
LAN-2-BARRACUDA-SERVERS | This rule allows the traffic from the trusted LAN to reach the Barracuda Networks update servers. The rule is required for initial activation as well as ongoing firmware and security updates. |
LOCALDNSCACHE-WIFI | This rule automatically redirects all DNS requests from a separate Wi-Fi network on interface ath0 to the local caching DNS service of the firewall. The rule is useful for reducing the amount of DNS traffic over the WAN connection and improving DNS resolution speed as well as security. If you configure a DNS server in your local network, create a firewall rule that allows TCP and UDP traffic on port 53 from the IP addresses of your local DNS servers to the Internet. Place this rule above the LOCALDNSCACHE and LOCALDNSCACHE-WIFI rules. |
LOCALDNSCACHE | This rule automatically redirects all DNS requests from the trusted LAN to the local caching DNS service of the firewall. The rule is useful for reducing the amount of DNS traffic over the WAN connection and improving DNS resolution speed as well as security. If you configure a DNS server in your local network, create a firewall rule that allows TCP and UDP traffic on port 53 from the IP addresses of your local DNS servers to the Internet. You should place this rule above the LOCALDNSCACHE and LOCALDNSCACHE-WIFI rules. |
TRANSPARENT-PROXY-WIFI | If enabled, this rule automatically redirects all HTTP requests on TCP port 80 from a separate Wi-Fi network on interface ath0 to the local proxy of the firewall. Depending on the proxy configuration (NETWORK > Proxy), web traffic is either scanned by Barracuda Web Security Flex or forwarded to a different proxy service. |
TRANSPARENT-PROXY | If enabled, this rule automatically redirects all HTTP requests on TCP port 80 to the local proxy of the firewall. Depending on the proxy configuration (NETWORK > Proxy), web traffic is either scanned by Barracuda Web Security Flex or forwarded to a different proxy service. |
LAN-2-INTERNET-SIP | If enabled, this rule automatically redirects all SIP requests from the trusted LAN to the local SIP proxy. It allows SIP communication through the firewall. |
INTERNET-2-LAN-SIP | If enabled, this rule automatically redirects all SIP requests from any IP address to the local SIP proxy. It allows SIP communication from the Internet through the firewall. |
LAN-2-INTERNET | This rule allows network traffic for all types of data from the trusted LAN to the Internet. It allows unrestricted access to the Internet for all hosts within the trusted LAN segment. |
WIFI-2-INTERNET | This rule allows traffic from the Wi-Fi network coming in through interface ath0 unrestricted access to the Internet. |
LAN-2-LAN | This rule allows network traffic for all types of data from one trusted LAN to another. It allows unrestricted network traffic between hosts residing in different LAN segments that are classified as trusted. |
VPNCLIENTS-2-LAN | This rule allows unrestricted access for VPN clients coming in through interface pvpn0 to the trusted LAN. This includes PPTP-based access. |
VPN-SITE-2-SITE | This rule allows unrestricted access to remote networks connected to the firewall via site-to-site VPN connection. |
WIFI-2-LAN | This rule allows unrestricted access from the Wi-Fi network coming in through interface ath0 to the trusted LAN. |
BLOCKALL | This rule blocks all incoming and outgoing network traffic that is not handled by the access rules that are placed above it in the rule set. |