What's New in Version 9.0.2
SecureEdge Access Mass Enrollment
The Barracuda SecureEdge Manager allows administrators for mass enrollment for SecureEdge Access with their respective devices. You can now enroll multiple groups and users at the same time.
For more information, see How to Enroll Users in Barracuda SecureEdge.
SecureEdge Access Global and User Settings
As of the 9.0.2 release, administrators can configure additional SecureEdge Access settings on global and user level. You are provided with several new safety features for SecureEdge Access, such as:
Tamper Proof – User can no longer disable the SecureEdge Access Agent, unenroll the SecureEdge Access Agent, or quit SecureEdge Access Agent by right-clicking on the system tray.
Device Pre-Logon – Enables numerous accounts on Windows to share the same enrollment link. Administrators can manage user devices running Windows without the user being logged in.
User Device Limit – Refers to the number of devices the user is allowed to enroll.
For more information, see How to Configure SecureEdge Access Global Settings.
In addition, you can now override the global SecureEdge Access/Default settings of the ZTNA features and create settings on a user level.
User Override – You can override ZTNA features on each user level.
For more information, see How to Configure SecureEdge Access User Settings.
Application Catalog Entries
The Barracuda SecureEdge Manager allows administrators to define applications to appear in the SecureEdge Access Agent app for quick access.
For more information, see How to Configure Application Catalog Entries.
SecureEdge Zero Trust Access Dashboard
A new, Barracuda SecureEdge Zero Trust Access dashboard is now available. The Barracuda SecureEdge Manager allows you to create and customize your own SecureEdge Zero Trust Access dashboards in order to simplify the management of traffic information and status for connected users, resources, and custom applications.
For more information, see How to Customize a SecureEdge Zero Trust Access Dashboard.
Barracuda DC Client Configuration
The Barracuda SecureEdge Manager allows administrators to configure the DC Agent, which acts as the connector between various Barracuda Networks products and Microsoft domain controllers to transparently monitor user authentication.
For more information, see How to Configure the DC Client in Barracuda SecureEdge.
LDAP Integration in SecureEdge Access
Barracuda SecureEdge Access now allows administrators to select either Microsoft Entra ID or LDAP and sync with Zero Trust access.
For more information, see How to Connect Your Microsoft Entra ID or LDAP with SecureEdge Access.
Multiple IP Support for Static WAN
Barracuda SecureEdge now supports multiple IPs on a static WAN interface. The SecureEdge Manager allows you to add additional IP addresses, in addition to the primary IP address, to a static WAN interface for both Sites and Private Edge Services. Note that when selecting a static WAN interface as the destination of an ingress NAT rule or as the source of an IPsec tunnel, you need to select a single IP configured on this static WAN interface: either the primary IP address or an additional IP address.
For more information, see How to Configure Additional IP Addresses to a Static WAN Interface.
Identity Management
The Barracuda SecureEdge Manager allows administrators to configure identity providers as well as user directories via the Identity > Settings tab. With SecureEdge Identity Management, you can do the following:
Manage and configure your identity providers and user directories
Control your identities and keep your security policies consistent across selected workspaces
Enroll users/groups with their respective devices to create secure remote access to internal and external enterprise resources, whether on-premises or in the cloud with a quick and easy configuration via the SecureEdge Access Agent.
The Barracuda SecureEdge Manager supports the following identity providers and user directories:
Identity Providers | User Directories |
---|---|
Barracuda Cloud Control | Barracuda Cloud Control |
Microsoft Entra ID | Microsoft Entra ID |
Google Workspace | Google Workspace |
OpenID Connect | Okta |
SAML 2.0 | LDAP |
For more information, see Identity Management.
DHCP Relay
As of the 9.0.2 release, administrators can now configure DHCP relay of requests received on specific LAN ports to a specified (central) DHCP server. You must specify the DHCP relay server address and the LANs that should relay DHCP requests to this DHCP server. DHCP relay is configurable only on SecureEdge Sites and Private Edge Services.
For more information, see How to Configure the DHCP Relay Agent in SecureEdge.
Azure Monitor Agent
The Azure Monitor Agent is the official replacement for the OMS Agent that will be deprecated on August 31, 2024. You can now stream logs from SecureEdge Sites/Private Edge services into Azure Monitor. The Azure Monitor Agent is used to stream logs to a Microsoft Log Analytics workspace. Azure Monitor Agent allows you to search, analyse, and visualise machine data generated by your IT systems and incorporated technology infrastructure. Azure Monitor Agent is supported only on SecureEdge appliances such as Sites and Private Edge Services.
For more information, see How to Configure Log Streaming via Azure Monitor Agent in SecureEdge.
Dashboard Filtering Features
The Barracuda SecureEdge Manager now allows you to configure dashboard filtering features. These new SecureEdge dashboard filtering features are a powerful way to dig deeper into the data and gain greater insight into the aggregated information. You can add filters for the Security, Web Filter, and Zero Trust Access dashboards. Note that you cannot add filters for the Status dashboard.
For more information, see Dashboard.
Available Hotfixes
9.0.0 – 9.0.2: Hotfix 1123 - OpenSSH
Summary:
Fixes CVE-2024-6387 (RegreSSHion vulnerability)
Note: After installing the hotfix, you can only update from 9.0.0 to 9.0.2!
To download the package, go to https://dlportal.barracudanetworks.com/#/packages/5919/openssh-1123-9.0.2-220099771.tgz
In addition, the new patch package including the three hotfixes has been released for CloudGen Firewall and SecureEdge that includes: Hotfix-1120, Hotfix-1121, and Hotfix-1123.
To download the new patch package including the hotfixes, go to https://dlportal.barracudanetworks.com/#/packages/5923/patch.GWAY-9.0.2-0230+3hotfixes.tgz
9.0.2: Hotfix 1126 – Firewall
Summary:
Fixes compatibility issues in URL Filtering, Application Detection, and TLS Inspection when using recent versions of Chrome and Firefox that use the Kyber TLS key encapsulation mechanism.
The hotfix replaces the previously released hotfixes 1120 and 1119 because they included a regression that caused the firewall to stop forwarding traffic in rare circumstances.
In addition, the new patch and update packages (including Hotfix-1120, Hotfix-1121, Hotfix-1123, and Hotfix-1126) have been released for CloudGen Firewall and SecureEdge.
For more information, see:
To download the new update package, including the hotfixes: https://dlportal.barracudanetworks.com/#/packages/5928/update.GWAY-9.0.2-0230+4hotfixes.tgz
To download the new patch package, including the hotfixes: https://dlportal.barracudanetworks.com/#/packages/5927/patch.GWAY-9.0.2-0230+4hotfixes.tgz
9.0.2: Hotfix 1128 – Firewall
Summary:
This hotfix addresses a memory leak that can occur when inspecting sessions that use the Kyber TLS key encapsulation mechanism.
To download the package, go to https://dlportal.barracudanetworks.com/#/packages/5931/firewall-1128-9.0.2-224940382.tgz
9.0.2: Hotfix 1131 - OpenSSL 3.0.15
Summary:
This hotfix updates OpenSSL for CloudGen Firewall and SecureEdge to fix a moderate severity bug (CVE-2024-6119).
To download the package, go to https://dlportal.barracudanetworks.com/#/packages/5935/openssl-1131-9.0.2-225448503.tgz
Improvements Included in Version 9.0.2
Authentication – The Microsoft Entra ID (formerly Azure Active Directory) user authentication via SecureEdge Manager now works for the Entra ID users without group affiliation. [BNNGF-92162]
IPsec VPN – The IPsec IKEv2 VPN tunnel now works with SD-WAN PIN policies. [BNNGF-92515]
Re-imaging boxes via a USB drive with two ISO images now works as expected. The newest ISO image now overrides the older one and no longer fills up the /art directory. [BNNGF-92603]
Bridge – Reconfiguring a WSG bridge no longer breaks ARP negotiations and causes internet outages. [BNNGF-92703]
SecureEdge Access Agent – The SecureEdge Access Agent now works correctly when the VPN service is not listening on fallback port 443. [BNNGF-93219]
Known Issues 9.0.2
General Known Issues
ACL Rule – Setting up the source or destination criteria to all sites and all private Edge Services results in the same networks configured on the box. [SWCS-3988]
Identity Management – The Barracuda SecureEdge Identity app for Google Workspace is currently awaiting official approval from Google.
Dashboards – For SecureEdge appliances running firmware < 9.0.3, adding more than one filter may either not apply the extra filter(s) or return no results.
SIP – The use of a SIP proxy with SecureEdge still might require manual adjustments in configuration files depending on the SIP setup. [BNNGF-95603]
Known Issues Related to Azure Log Analytics (OMS)
On boxes with Azure Log Analytics (OMS) activated, the phibs service does not restart automatically after update. To get the service running, a reboot is required.