What's New in Version 9.0.1
SafeSearch Enforcement
The SafeSearch enforcement feature is now available in the Barracuda SecureEdge Manager. It allows you to enforce SafeSearch per workspace for internet search engines.
Supported search engines:
- Yahoo
- Bing
- YouTube
- DuckDuckGo
For more information, see How to Enable Safe Search in Barracuda SecureEdge.
Silent Ad Blocking
The Barracuda SecureEdge Manager allows you to create a web policy per workspace that silently blocks online advertisements and banners.
For more information, see How to Enable Silent Ad Blocking.
Web Monitoring Policies
The Barracuda SecureEdge Manager allows you to configure Web Monitoring policies, so that suspicious keywords can be detected in search engines such as Google, Yahoo, Bing, DuckDuckGo, and YouTube.
For more information, see How to Configure Web Monitoring in Barracuda SecureEdge.
Custom Categories
You can now create your own custom categories to filter traffic from specific domains, specific categories, or a combination of domains and categories.
For more information, see How to Create Custom Categories.
Additional Policy Modes
The Barracuda SecureEdge Manager allows administrators to configure Web Filter policies to protect against potential threats and enforce corporate policies. The Web Filter policies now also offer the actions Alert and Warn. With the enhanced Web Filter rule, you can also either alert or warn users against suspicious traffic.
For more information, see Web Filter Policies and How to Create an Explicit Web Filter Policy.
SecureEdge Dashboard
A new, enhanced Barracuda SecureEdge dashboard is now available. The main dashboard of SecureEdge consists of three customizable pages: a general dashboard, an SWG dashboard, and a security dashboard.
For more information, see Dashboard and How to Customize a SecureEdge Dashboard.
Bridging Features
The Barracuda SecureEdge Manager allows you to create a switch bridge for Private Edge services and sites. In addition, you can also create an inline bridge that is available only for stand-alone sites, which includes both HA and non-HA pairs.
For more information, see:
- Bridging
- How to Create a Switch Bridge
- How to Create an Inline Bridge on an Existing Stand-Alone Site
- How to Create an Inline Bridge on a Stand-Alone Site
Health Check for WAN Interfaces
For selected sites or Private Edge services, you can configure health check for WAN interfaces.
For more information, see How to Enable Health Check for WAN Interfaces.
ICMP for Access Control Lists
The Barracuda SecureEdge Manager allow you to configure access control and security policies via the Security Policy icon in the Cloud UI. With access control lists, you can now configure ICMP either to allow or deny access based on source and destination.
For more information, see Network Policies.
- For information on Edge Service ACL, see How to Create an Edge Service ACL.
- For information on Site ACL, see How to Create a Site ACL.
Updated Syslog Streaming Capabilities
The Barracuda SecureEdge Manager allows administrators to configure syslog streaming. New log files have been added such as the web alert log, web security log, web warn log, and web monitor alert log.
For more information, see How to Configure Syslog Streaming in SecureEdge.
Barracuda XDR
The SecureEdge Manager allows you to stream logs to the Extended Detection and Response (XDR) service. You can integrate the Barracuda XDR service via the SecureEdge Manager and stream logs for security threats.
For more information, see How to Configure Barracuda XDR in SecureEdge.
IPsec VPN
Barracuda SecureEdge can establish IPsec VPN tunnels to any standard-compliant third-party IKEv2 IPsec VPN gateway. The IPsec VPN protocol is the industry-standard VPN protocol and allows you to create site-to-site IKEv2 VPN tunnels to third-party VPN gateways.
For more information, see How to Configure a Site-to-Site IPsec IKEv2 VPN Tunnel on SecureEdge Using Static Routing.
For more information on Teridion Integration in SecureEdge, see How to Connect Barracuda SecureEdge to Teridion via IPsec Static Routing and How to Connect Barracuda SecureEdge to Teridion via Dynamic Routing (BGP) over IPsec.
Available Hotfixes
Hotfix 1099 - Cumulative 9.0.0 for CloudGen Firewall and SecureEdge.
Summary:
This hotfix now bonds interfaces to have the correct MAC addresses.
The VPN service no longer produces errors when forward error correction is used in combination with bandwidth probing.
Fixes CVE-2023-2650 (OpenSSL).
TINA site-to-site transports no longer malfunction if a PPPoE provider has been configured.
To download the package, go to https://dlportal.barracudanetworks.com/#/packages/5682/cumulative-1099-9.0.0-187145908.tgz.
To download the new update package including the hotfixes, go to https://dlportal.barracudanetworks.com/#/packages/5684/update.GWAY-9.0.0-0511+2hotfixes.tgz
Hotfix 1104 - SecureEdge Security
Summary:
This hotfix now fixes a kernel crash in VPN with enabled FEC.
Hotfix 1102 - Cumulative 9.0.0 for CloudGen Firewall and SecureEdge.
Summary:
This hotfix now includes syslog streaming and Barracuda XDR capabilities for SecureEdge.
Fixes a kernel crash caused by configuration changes and session re-evaluations.
Hotfix 1110 - SecureEdge Security
Summary:
Fixes a routing issue on Azure Virtual WAN Edge Services.
- Allows configuration of several PPPoE devices.
- This hotfix now allows site-to-site traffic for IPsec tunnels with static routing over SecureEdge Azure Services.
Known Issues 9.0.1
- Authentication – The AzureAD user authentication via SecureEdge Manager does not work if the AzureAD user does not have a group affiliation. [BNNGF-92162]
- IPsec VPN – The IPsec IKEv2 VPN tunnel does not work with SD-WAN PIN policies. [BNNGF-92515]
- Re-imaging boxes via a USB drive with two ISO images does not work. The newest ISO image does not override the older one and makes the /art directory full. [BNNGF-92603]
- Bridge – Reconfiguring a WSG Bridge, leads to broken ARP negotiation and causes internet outages. [BNNGF-92703]
- SecureEdge Access Agent – The SecureEdge Access Agent does not work when the VPN service is not listening on fallback port 443. [BNNGF-93219]
Known Issues Related to Azure Log Analytics (OMS)
On boxes with Azure Log Analytics (OMS) activated, the phibs service does not restart automatically after update. To get the service running, a reboot is required.