It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda NextGen Firewall X
Overview Documentation Materials

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

Pre-Installed Access Rules

  • Last updated on

The Barracuda NextGen Firewall X-Series comes with a set of pre-installed access rules. Initially, you can use the appliance without any changes to these rules. Eventually, you might want to customize the rules or enable the pre-installed rules that are disabled initially. Understanding the pre-installed rules can help you create your own rules.

 On the FIREWALL > FIREWALL RULES page, you can view the following pre-installed firewall access rules:

Firewall RuleDescription

P1-P3-BRIDGE

This rule creates a bridge between port p1 and port p3. All traffic passes between the two ports. The rule is useful when you first get the X-Series Firewall and want to evaluate the appliance at your desk. Follow the instructions in the Barracuda NextGen Firewall X-Series Quick Start Guide to connect port p1 to the LAN and port p3 to your PC. This configuration gives the firewall access to the Internet, lets you look at traffic, and lets you continue to use your PC for other purposes during the evaluation period.

When you are finished with your evaluation and move the firewall into production, you can delete this rule.

LAN-2-BARRACUDA-SERVERS

This rule allows the traffic from the trusted LAN to reach the Barracuda Networks update servers. The rule is required for initial activation as well as ongoing firmware and security updates.

LOCALDNSCACHE-WIFI

This rule automatically redirects all DNS requests from a separate Wi-Fi network on interface ath0 to the local caching DNS service of the firewall. The rule is useful for reducing the amount of DNS traffic over the WAN connection and improving DNS resolution speed as well as security.

If you configure a DNS server in your local network, create a firewall rule that allows TCP and UDP traffic on port 53 from the IP addresses of your local DNS servers to the Internet. Place this rule above the LOCALDNSCACHE and LOCALDNSCACHE-WIFI rules.

LOCALDNSCACHE

This rule automatically redirects all DNS requests from the trusted LAN to the local caching DNS service of the firewall. The rule is useful for reducing the amount of DNS traffic over the WAN connection and improving DNS resolution speed as well as security.

If you configure a DNS server in your local network, create a firewall rule that allows TCP and UDP traffic on port 53 from the IP addresses of your local DNS servers to the Internet.  You should place this rule above the LOCALDNSCACHE and LOCALDNSCACHE-WIFI rules.

TRANSPARENT-PROXY-WIFI 

If enabled, this rule automatically redirects all HTTP requests on TCP port 80  from a separate Wi-Fi network on interface ath0 to the local proxy of the firewall. Depending on the proxy configuration (NETWORK > Proxy), web traffic is either scanned by Barracuda Web Security Flex or forwarded to a different proxy service.

TRANSPARENT-PROXY

If enabled, this rule automatically redirects all HTTP requests on TCP port 80 to the local proxy of the firewall. Depending on the proxy configuration (NETWORK > Proxy), web traffic is either scanned by Barracuda Web Security Flex or forwarded to a different proxy service.

LAN-2-INTERNET-SIP

If enabled, this rule automatically redirects all SIP requests from the trusted LAN to the local SIP proxy. It allows SIP communication through the firewall.

INTERNET-2-LAN-SIP

If enabled, this rule automatically redirects all SIP requests from any IP address to the local SIP proxy. It allows SIP communication from the Internet through the firewall.

LAN-2-INTERNET

This rule allows network traffic for all types of data from the trusted LAN to the Internet. It allows unrestricted access to the Internet for all hosts within the trusted LAN segment.

WIFI-2-INTERNET

This rule allows traffic from the Wi-Fi network coming in through interface ath0 unrestricted access to the Internet.

LAN-2-LAN

This rule allows network traffic for all types of data from one trusted LAN to another. It allows unrestricted network traffic between hosts residing in different LAN segments that are classified as trusted.

VPNCLIENTS-2-LAN

This rule allows unrestricted access for VPN clients coming in through interface pvpn0 to the trusted LAN. This includes PPTP-based access.

VPN-SITE-2-SITE

This rule allows unrestricted access to remote networks connected to the firewall via site-to-site VPN connection.

WIFI-2-LAN

This rule allows unrestricted access from the Wi-Fi network coming in through interface ath0 to the trusted LAN.

BLOCKALL

This rule blocks all incoming and outgoing network traffic that is not handled by the access rules that are placed above it in the rule set.