Network Policies

Last updated on 2024-11-27 07:34:35

Create access control lists (ACLs) for your connected edge services (gateways) and sites, using either predefined applications or a custom application. With access control lists, you can either allow or deny access based on source and destination. Doing so enhances the security of your network and secures users and entities within the network Network ACLs are used. All of these network security policies are managed through the SecureEdge management portal called Barracuda SecureEdge Manager. To configure access control and security policies, click the Security Policy icon on the left and navigate through the configuration menu.

ACLs are NOT evaluated on the Site or Edge Service the SecureEdge Agent is connected to, but will be evaluated on the SecureEdge next-hop. For example, when the agent can connect to two Edge Services, and one of the Edge Service ACLs is blocking certain traffic, sending such traffic across this Edge Service will result in a block on the Edge Service (remote gateway), whereas sending such traffic across the other Edge Service that the site is connected to will pass. For more information, see SecureEdge Access.

With access control lists, you can use either the predefined applications or a custom application. For more information on custom applications, see How to Create Custom Applications.

The following access control lists are available:

Edge Service ACL

Network policies can be applied separately to your deployed Edge Services or Sites. With Edge Service access control lists, you can either allow or deny access based on source and destination. An Edge Service ACL can be used to allow or deny traffic to flow across Edge Services, connected Sites, and enrolled SecureEdge Access Agents. An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resources.

For more information on Edge Service ACL, see How to Create an Edge Service ACL.

Site ACL

A Site ACL is an access control list for traffic related to your connected sites, using either predefined applications or a custom application. For example, Edge Service ACLs can be set to allow all and to block only defined exceptions, whereas Site ACLs can also be set to block all and to allow only defined exceptions, or vice-versa.

For more information on Site ACL, see How to Create a Site ACL.

Ingress NAT

Ingress traffic means any form of network traffic or data communication from external networks to destinations inside the host or company network. Ingress NAT is the port forwarding feature of SecureEdge. Barracuda SecureEdge allows administrators to create ingress NAT rules for Sites and Private Edge Services. Ingress NAT rules allow network traffic from external networks to destinations inside your company network.

For more information on Ingress NAT rules, see How to Create an Ingress NAT Rules.

Further Information

For more information on users or groups from user directories (such as Microsoft Entra ID, LDAP, Google Workspace, Okta, and Barracuda Cloud Control) in network policies, see SecureEdge Identity Management.
For more information on users and groups from the user directory BCC-linked Microsoft Entra ID in network policies, see How to Connect Microsoft Entra ID with Barracuda Cloud Control.
For more information on users or groups from the user directory BCC-linked LDAP directory in network policies, LDAP Active Directory and Microsoft Entra ID.