Dynamic firewall rules can be present in multiple rulesets, so it may be necessary to set time restrictions for these rules to be active and enabled. Administrators can also prevent certain users from enabling firewall rules in one ruleset but allow it in another ruleset. User groups that are allowed to use the Dynamic Firewall Rules resource can then enable and/or disable the rules via the SSL VPN portal, via CudaLaunch as configured in the Dynamic Firewall Rules settings, or via the REST API for Dynamic Firewall Rules. Admins can also apply time restrictions to dynamic rules and, to prevent users from enabling a rule forever, set a time frame by entering a minimum and maximum time for the rule to be enabled.
Before You Begin
Configure SSL VPN for the CloudGen Firewall. For more information, see How to Configure the SSL VPN Service.
Create a dynamic access or application rule. For more information, see How to Create and Activate a Dynamic Access Rule.
Create the Dynamic Rule Resource for SSL VPN. For more information, see How to Activate Dynamic Firewall Rules for Remote Connections via SSL VPN.
Set Restrictions to Dynamic Firewall Rules
Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > SSL-VPN.
In the left menu, select Dynamic Firewall Rules.
Click Lock.
In the Firewall Rule Activation table, edit the rule you wish to apply the restrictions to. The Firewall Rule Activation window opens.
(You can also click + to add a new entry for a dynamic rule. For more information, see How to Create and Activate a Dynamic Access Rule).Verify the Active check box is selected.
In the Allowable Actions section, select which actions should be allowed for the user group who can access the dynamic rule resource:
Allow Enabling – Allow users to enable the rule.
Allow Enabling with Time – Allow users to enable the rule for a specified time frame.
Allow Disabling – Allow users to disable the rule.
(Optional) When selecting Allow Enabling with Time, set a minimum and/or maximum time for the rule to be enabled:
To allow a maximum time in days, hours, and minutes:
Select the Allow Maximum Time check box.
Enter the maximum time for the rule to be enabled:
Days – Enter a value from 0 - 999.
Hours – Enter a value from 0 - 23.
Minutes – Enter a value from 0 - 59.
To allow a minimum time in days, hours, and minutes:
Select the Allow Minimum Time check box.
Enter the minimum time for the rule to be enabled:
Days – Enter a value from 0 - 999.
Hours – Enter a value from 0 - 23.
Minutes – Enter a value from 0 - 59.
Click OK.
Click Send Changes and Activate.
Users that are allowed to use this Dynamic Firewall Rule resource can now enable and/or disable the firewall rule according to the configured settings, in Barracuda Firewall Admin, from the SSL VPN web portal, and on CudaLaunch.
For more information, see SSL VPN Web Portal User Guide, CudaLaunch for Windows and macOS and REST API.