To successfully join the Barracuda NextGen Firewall X-Series to a Windows domain, you must first configure DNS, Active Directory authentication, and NTLM authentication. Joining a domain is required for NTLM or MS-CHAP authentication requests to be accepted by the domain controller. This is important for Client-to-Site VPN access and user-based firewall rules.
Step 1. Configure DNS
Because many of the requests for a domain join and subsequent authentication must query the domain controller directly, you must specify your domain controllers in the DNS configuration.
- Go to the NETWORK > IP Configuration page.
- In the DNS Configuration section, enter the IP addresses of your first and second domain controllers.
- Click Save Changes.
- Verify that the X-Series Firewall has a host entry in your Active Directory. By default, the hostname is the product model name. For example, the hostname for a Barracuda NextGen Firewall X200 is
X200
.
Step 2. Configure Active Directory Authentication
To configure Active Directory authentication:
- Go to the USERS > External Authentication page.
- Click the Active Directory tab.
- Add the information for your primary domain controller. It is critical that your settings are correct and match the domain.
- If you want to use group selection with MS-CHAP authentication, enable Cache MSAD Groups.
- For the domain join, you do not need to configure the settings in the Extended section.
Enter the Searching User as:
user@domain
.
- Click Save Changes.
Step 3. Configure NTLM Authentication
To configure NTLM authentication:
- Go to the USERS > External Authentication page.
- Click the NTLM tab.
Configure and save the NTLM settings.
- Click Save Changes.
Step 4. Join the Domain
To join the domain:
- Go to the USERS > External Authentication page and open the NTLM tab.
- In the Windows Domain Username and Windows Domain Password fields, enter the credentials for a user account with permissions to join the domain (such as an administrator). These user credentials are not saved and are only used once during the join attempt.
- Click Join Domain.
- To verify that the join was successful, click Registration Status.