It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Firewall Insights

Administration

  • Last updated on

Use the BASIC > Administration page to take care of administrative tasks such as changing your password; configuring email notifications, time settings, and interface settings; setting up LDAP authentication; and managing log settings for connected devices. This section also allows you to shut down or reboot your Barracuda Firewall Insights device.

If you change any of the settings below, save them by clicking Save Changes in the upper-right corner.

Change Your Password

The default password is intended for initial access only. Use the Password Change section to change the password for the account currently in use.

Passwords should be 5 to 20 characters and can include letters, numbers, and special characters (including periods, hyphens, and underscores).

You must provide a System Alerts Email Address in the Email Notification section and a Shared Secret in the Connected Devices section, which are both located at the Basic > Administration tab, before you can save the new password. Otherwise, follow the steps below.

Configure Email Notifications

In the Email Notification section, specify how and where to deliver system alerts from Barracuda Firewall Insights.

  • All of the fields in this section are required.
  • Your email system must be able to handle large reports as attachments, on both the sending and receiving sides.
  • SMTP Host – Name of your SMTP host to use for sending notifications, not localhost.
  • SMTP Port – Network port for your SMTP host.
  • Connection Security – Select the type of security for your email system, TLS or None.
  • Username  Login username for your email system, if required by your SMTP host.
  • Password – Password corresponding to the username for your email system, if required by your SMTP host.
  • System Alerts Email Address – Type one or more email addresses that receive automated alerts from Barracuda Firewall Insights, including system messages and notifications about available firmware updates. Separate multiple email addresses with a comma.
  • From Email –  Specify the address to use as the From address for system alert emails.
    email_conf.png
  • Test SMTP Configurations – Type an email address to receive a test email. Click Send Test Email to ensure that the email system works.

Set the Time Zone

Use the Time section to change the time zone on your system.  

Specify NTP Server Information

Add NTP (Network Time Protocol) information for clock synchronization with your Barracuda Firewall Insights in the NTP Server section.

  • Enable NTP Sync – Select whether you want to enable automatic NTP synchronization with one or more servers you specify below.
  • NTP Servers – Specify one or more servers to use for NTP synchronization, in order of precedence. Specify one server per line with hostname and/or IP address.
    ntp_conf.png
  • Manual NTP Sync – Click to perform an immediate NTP synchronization. Servers used depend on your selection in the Enable NTP Sync field:
    • If Yes  Synchronization performed using NTP servers you specified, in order of precedence.
    • If No – Synchronization performed using ntp.barracudacentral.com, regardless of whether you specified other NTP servers.

Configure Web Interface Settings

Specify the settings for the web interface of your Barracuda Firewall Insights.

  • Web Interface Certificate – Select either the Default certificate or a user-defined certificate.
    If you select a user-defined certificate, you can choose between:

    • Single Certificate in PEM FILE – Upload the certificate file using the Browse button. Click the Upload button after you select your certificate file.

    • All other PEM Certificates – Upload the certificate file and the certificate key file using the Browse button. Provide the certificate password and click Upload.

    • PKCS12 Token – Upload the signed certificate file using the Browse button. Provide the certificate password and click Upload.

  • Session Expiration Length – Time of inactivity, in minutes, before users are required to log on again to access the web interface.
    Minimum value: 1 minute. Default setting: 20 minutes.
  • Update Dashboard Every 30 Minutes – Select Yes to automatically refresh the dashboard so you can see the most recent information.

    • If you select Yes, as long as you leave the dashboard up as the active screen, you will not be logged out of the dashboard, and it will continue to display updated information every 30 minutes. When you switch to a different tab, if the Session Expiration Length has passed, you will be logged out.  

    • If you select No, the Session Expiration Length will apply to the Dashboard along with the rest of the tabs.
      web_if.png

Viewing Connected Devices

Use the Connected Devices section to specify the shared secret for devices you want to connect, to view devices that are connected to Barracuda Firewall Insights, and to specify their log retention period.

Connected Devices

As part of your configuration process, you set up Barracuda Networks devices to point to Barracuda Firewall Insights. If they connect properly, the device connections will appear in this section. See Getting Started for information on how to connect devices.

  • Log Retention Period – Specify how long you want to retain logs for all connected devices: 1 month, 2 months, 3 months, 6 months, 9 months, or 12 months. One month is defined as 31 days.

    • When storage capacity is reached, the oldest logs are deleted first. Your data will be preserved as much as possible, but some data will be lost.
    • Reducing the log retention period deletes all logs older than the new retention period specified. (For example, changing from 6 months to 1 month deletes all logs older than 1 month.) Consider backing up logs before reducing the retention period.
    • Increasing the log retention period adds new logs to the collection, up to the period specified.
    Note

    Consider upgrading your disk space when increasing the log retention period. Long log retention periods need more free disk space than shorter ones.

  • The Kafka Log Retention period relates to how long the log files received from a firewall are stored on Firewall Insights. For more information, see Understanding Data Retention and Storage Capacity.
  • Shared Secret – Enter the Shared Secret you will use for each device for which you want to collect reports. On every device you want to connect, enter this same shared secret.

    If you change the Shared Secret within Barracuda Firewall Insights, all currently connected devices are disconnected. You must reconnect each device using the new Shared Secret.

The Connected Devices table provides the following information:

  • Device – To have a unique name, the device name must consist of hostname + domain name for the connected device.

    Note

    High availability clusters are displayed as one device with the name of the primary device.

  • Serial – The unique identifier for each device.
  • IP Address – The address of the connected device.

Click Delete to delete the association of this device from Barracuda Firewall Insights. Clicking Delete here does the following:

  • Removes all logs on Barracuda Firewall Insights that are associated with this device.
  • Removes this device from lists of devices on Barracuda Firewall Insights.

To preserve the log data for this device, click Cancel, then back up the logs onto an external device.

Configure LDAP Authentication

Add an LDAP server and configure LDAP Settings for administrators to log in and manage Barracuda Firewall Insights. LDAP is also required for role-based user access to firewalls.

  1. Select Enable LDAP.
  2. In the LDAP Server field, enter domain name or IP address of the LDAP server.
  3. Enter the LDAP Server Port (default: port 389). 
  4. Define the LDAP User Name Format (default: memberof). 
  5. Specify the LDAP User Base DN from where the server should search for users.
  6. Add your LDAP Certificate.

    The LDAP Certificate field must contain the root CA for the LDAP server. The inserted certificate is then regarded as part of the trust store.

  7. In the LDAP Group Attribute in User Data field, enter the name of the attribute field on the LDAP server that contains group information. 

    The attribute fields on the LDAP server are customizable. If you are unsure about the required field name, ask the LDAP server administrator to provide the correct information.

    ldap_settings.png

To test configured access for LDAP users, enter username and password in the fields below the configuration, and click Test access.

You can now configure role-based access for users and groups that should have admin- or read-only access to Barracuda Firewall Insights and connected devices. For information on how to configure role-based access, see Roles

Shutting Down or Restarting the System

Caution

Using these controls temporarily interrupts all Barracuda Firewall Insights operations.

  • Shutdown  Shuts down and powers off Barracuda Firewall Insights.
  • Restart  Reboots Barracuda Firewall Insights.