Global firewall objects are available to all firewall services managed by the Barracuda Firewall Control Center. You can override global firewall objects by enabling firewall objects on the range or cluster level. You can create the following global objects:
- Network objects
- Service objects
- Application objects
- User Group objects
- File Content Policy objects
- User Agent objects
Schedule objects
Connection objects
Global Firewall Objects vs. Range/Cluster Firewall Objects
For a more granulated definition of firewall objects, global firewall objects can be overridden by range or cluster firewall objects of the same name. An object that overrides a globally defined object is indicated by a server icon with a red arrow.
Site-specific Network Objects
To define network objects for IP addresses or networks which differ for each CloudGen Firewall, define a site-specific network object. The values for these network objects must be entered for each box on the Network > IP Configuration page and can then be used in the Forwarding Firewall ruleset.
For more information, see How to Create a Site-Specific Network Object.
Global GTI Objects
When tunnel endpoints are created in the VPN GTI Editor, corresponding dynamic network objects are created at the same time (How to Create a VPN Tunnel with the VPN GTI Editor). These objects are named boxname_clustername_range with a prefixed GTI Server accordingly. Global GTI objects are inherited as references by local and forwarding firewall rulesets of each Firewall service related to the tunnel endpoint and may be used for rule specification. Every time a new tunnel endpoint is inserted into the Global VPN GTI Editor, the GTI Objects must be reloaded in the Global Firewall Objects window in order to become available in the configuration dialogs. Global GTI objects can not be edited or renamed.