It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Shared Networks and IPs

  • Last updated on

To use user-specific services, they must be made available on interfaces connected to the environmental networks.

Step 1. Configure the Shared Network and IPs

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.

  2. Click Lock.

  3. Scroll down to the section Shared Network and IPs.

  4. Click +.

  5. The Shared Networks and IPs window opens.

  6. Enter the name for the new shared network.

  7. Click OK.

  8. The Shared Networks and IPs <your shared network name> window opens.

  9. For Interface, select the interface on which the shared network must be reachable, e.g., eth2.

  10. Enter the Network Address with an address mask for the network on the selected interface.

shared_networks_and_ips_main_window_shared_networks.png

If you have configured a Bridged Interface Group for your required bridge, and interfaces eth0 and eth1 are used for that bridge with the virtual name myBridge, then you still must use the real interface names of that bridge (eth0 OR eth1) instead of the virtual bridge interface (myBridge) for assigning shared IP addresses.

For more information on how to configure routed layer 2 bridging, see How to Configure Routed Layer 2 Bridging.

Step 2. Configure the Shared IPs in the Shared Network for the IPv4 Network

A configured shared IP will be available for assignment to a special service later on. Repeat the following steps until you have configured all necessary shared IP addresses.

  1. For Shared IPs in the Network, click +.

  2. The Shared IPs in this Network window opens.

  3. Enter a valid IP Address within the Shared Network address.

  4. For Alias for this IP, select either First IP, Second IP, or leave the default value unchanged.

  5. If necessary, set Responds to Ping to yes.

shared_networks_and_ips_window_shared_ips.png
  1. [Only in Firewall Admin Advanced Mode]: For Trust Level (sometimes also referred to as ‘realm’), select the one that applies best.
    NOTE: The trust level is only a descriptive attribute for grouping and identifying networks easier that belong to a specific class.
    Chose one of the following options:

    1. Trusted – Networks regarded to be trustworthy. Networks attributed by this class will show up in the list of network objects under the category Trusted LAN Networks or Trusted LAN.

    2. DMZ – DMZ is the identifier for a group of network addresses that provide an organization's network services to an untrusted network, i.e., the Internet. Networks attributed by this class will show up in the list of network objects under the category DMZ Networks.

    3. Untrusted – Apply this attribute to networks that are regarded to be untrustworthy.

    4. Unclassified – Apply this attribute to networks that cannot be classified under any of the given categories.

    5. Internal01 – Apply this attribute to networks that are regarded to belong to a specific internal group.

    6. Internal02 – Apply this attribute to networks that are regarded to belong to a specific internal group.

      If you want to list configured trust levels via the command line, see How to List Configured Trust Levels for IP Addresses and Networks for more information.

  2. Click OK.

  3. The shared IP address is added to the list of Shared IPs in this Network.

shared_networks_and_ips_main_window.png

(optional) Step 3. Configure Direct Internet Access

In case the network address has been assigned by an Internet provider, you can classify the shared network address to have direct Internet access, e.g., 62.99.0.0/24. You then have to configure a gateway as a forwarder for the traffic, e.g., 62.99.0.254.

  1. For Direct Internet Access, select the check box.

  2. The following fields are activated for further interaction:

    1. Provider Name – You can enter a name to signify the line to your provider.

    2. Provider Class – Select the quality class of your connection. Select from Bulk, Quality, and Fallback.

    3. Default Gateway – If set, a default route 0.0.0.0/0 via this IP address is created. The IP address must be within the configured network address.

    4. Route Metric – Set an individual preference for prioritizing multiple routes among each other.

shared_network_IPs_and_direct_Internet_access_01.png
  1. Verify that Active is set to yes at the bottom of the configuration area.

(optional) Step 4. Configure IPv6 Shared Networks and IPs

  1. For IPv6 Shared Networks and IPs, click +.

  2. The IPv6 Shared Networks and IPs window opens.

  3. Enter the name for the new shared network.

  4. Click OK.

  5. For Interface, select the interface on which the shared network must be reachable, e.g., eth1.

  6. Enter the Network Address with an address mask for the network on the selected interface.

(optional) Step 5. Configure the Shared IPs in the Shared Network for the IPv6 Network

A configured shared IP will be available for assignment to a special service later on. Repeat the following steps until you have configured all necessary shared IP addresses.

  1. For Shared IPs in the Network, click +.

  2. The Shared IPs in this Network window opens.

  3. For Alias for this IP, select either First IP, Second IP, or leave the default value unchanged.

  4. If necessary, set Responds to Ping to yes.

  5. Click OK.

  6. The shared IP address is added to the list of Shared IPs in this Network.

Step 6. Finalize the Configuration

  1. Click OK.

  2. The Shared Networks and IPs window closes.

  3. Click Send Changes and Activate.

You can now activate and assign a special service to your firewall and use the configured service IP addresses. For more information, see How to Assign Services.

For Interface, select the interface on which the shared network must be reachable, e.g., eth2. If the shared network or IP should be assigned to a bridge, then one of the underlying bridged interfaces must be selected.