Teridion Connect provides numerous PoPs (Points of Presence) across the globe, including China, to allow access to their network backbone. The Barracuda CloudGen Firewall can connect to the TCR (Teridion Cloud Router) deployed in one of the PoPs by using IPSec or GRE tunneling to leverage their backbone to improve the connectivity. In addition, BGP can be used as a dynamic routing protocol to learn and propagate networks. For more information, visit the Teridion website.
Connect a Barracuda CloudGen Firewall to the Teridion Network via GRE Tunnel
Before You Begin
- Deploy and set up your Teridion infrastructure. For assistance on the Teridion setup, please contact Teridion.
Step 1. Collect Site Information
Log into your Teridion portal and collect the following information:
- From the Site Configuration, collect the information on the PoE IP from the site you need to connect to.
- Tunnel Type
- High Availability (optional)
- Gateway IPs
- Static Routing
- GRE Monitoring – Must be deactivated.
- IPSec IKEv2 Settings
In this example, we have collected the following settings:
- PoE (IP Teridion Router): 158.101.193.191
- Gateway #1 IP (Firewall Public IP): 82.150.198.170
- Routed Network: 10.20.0.0/16
Step 2. Configure IP Tunneling
On the Barracuda CloudGen Firewall, do the following:
- Go to Configuration > Configuration Tree > Box > Network.
- In the left menu, select IP Tunneling.
- Click Lock.
- In the IP Tunneling section, click +.
- Provide a meaningful Name for the GRE Tunnel.
- Configure the remaining settings according to your setup:
- Encapsulation Mode – Select GRE(47).
- Source IP Type – Select Box IP.
- Source IP – Use one of the box IP addresses that reside in the Network (Static Routing – 4) window of the Teridion setup (e.g:
10.20.0.5
) . - Source Mask – Select single host.
- Remote End IP – Enter the public IP of PoE, e.g,
158.101.193.191
- Check Reachability – Select yes.
- Local End IP – Enter the public IP of your CloudGen Firewall, e.g.,
82.150.198.170
- Trust Level – Select Trusted or configure a firewall policy to allow the traffic
- Target Networks – Add networks that are are reachable through GRE tunnel /Teridion Network, e.g.,
10.2.0.0/16