It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda XDR
Overview Documentation Materials

Setting up SOAR For Barracuda CloudGen Control Center Firewall

  • Last updated on

The documentation below outlines the requirements for the Barracuda XDR Security Orchestration, Automation, and Response (SOAR) for Barracuda CloudGen Control Center Firewall. When you've set this up, all required data is uploaded to the Customer Security Dashboard in the SOAR Settings > Firewalls section.

You'll have to do the following things to prepare your CloudGen Firewall for Barracuda XDR's Automated Threat Response:

  • To create a custom administrative role to access the REST API

  • To create an admin account to access the REST API

  • To create a firewall network object for Barracuda XDR Automated Threat Response

  • To enable the REST API for HTTPS

  • To generate an API token for authentication

  • To ensure communication is allowed from XDR SOAR IP(s) to the CloudGen firewall

  • To configure the XDR Dashboard

To create a custom administrative role to access the REST API

  1. In Barracuda Control Center, navigate to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Administrative Roles.

  2. Click Lock.

  3. In the Roles section, click + to create a new role.

  4. Enter a number for the role in the Name field and click OK.
    The Roles configuration window opens.

  5. Enter the Role Name: BarracudaXDRAdmin.

  6. (Optional) Enter a Description. Ex: Barracuda XDR Automated Threat Response.

  7. Scroll down to add the REST API access rights to the administrative role:

    • In the REST API section, select the Access to REST API check box.

    • Click Set/Edit to configure detailed permissions.

    • Configure the Write Access – Provides write access on the selected interface.

  8. To add the CC Configuration access rights to the administrative role, in the CC Configuration section, select the Access to CC Configuration check box.

  9. Click OK.

  10. Click OK.

  11. Click Send Changes and Activate

To create an admin account to access the REST API

  1. In Barracuda Control Center, navigate to the ADMINS tab.

  2. Do one of the following:

    1. Click + New Admin on the top right of the window.

    2. Right-click the list, and select Create New Admin.
      The Create New CC Admin window opens.

  3. For local authentication, configure the username and password:

    1. Login - BarracudaXDRAdmin

    2. Full Name - BarracudaXDRAdmin

    3. Authentication Level - select Password. Click the cogwheel icon next to the Password field, define a password for the administrative user, and click OK.

  4. Configure the following additional settings:

    1. Assigned Range - This option, in combination with linked ranges, controls which entries an administrator can see in CONFIGURATION > State Info > Sessions, in the Configuration Sessions window.

    2. Login Event – Select Service Default.

    3. ACL - Add the IP addresses 35.155.74.247 and 44.239.173.232 to the Peer IP Restriction list.
      This specifies the IP addresses the admin can use to access the Barracuda CloudGen Firewall.

  5. After creating the Admin account, one or more specific scope(s) must be defined to be associated with the administrator.

  6. In the window, click the Administrator Scopes tab.

  7. Click + next to Instances.
    A new instance of the category Global is displayed.

    Instances step 7.png

  8. Configure the Administrative Scope.

  9. Set the scope to Global, a specific Range, or Cluster. Alternatively, select Ranges and/or Clusters with the Global/Range Link option for the administrative scope.

    Admin Scope step 9.png

  10. Click + to add selected nodes to the Links list.
    The options Global Linked and Range Linked associate the configured administrative rights with any individually selected node (in the Links list) at or below a configured Global Linked or Range Linked node (in the Range list). 

    Admin Scope step 10.png

  11. Configure Administrative Rights.

    • Configuration Level: A configuration level of 2 or lower means write access, 99 or lower means read access. Usually, the write level is lower than the read level. For more information on the configuration level: https://campus.barracuda.com/product/cloudgenfirewall/doc/96026459/control-center-admins .

    • Assign Roles: Click + and add the role created in To Create a Custom Administrative Role to Access the REST API: BarracudaXDRAdmin.

    • Shell Level: Select No.

  12. Click OK.
    The CC admin user you just created can now access the REST API interface for the ranges and clusters assigned to the user.

To create a firewall network object for the Barracuda XDR Automated Threat Response

Create a Firewall Network Object called Barracuda_XDR_Blocked_IPs. Barracuda XDR uses this network object to track of IPs blocked on the firewall. Add the network object to any preexisting firewall rules that were created to block traffic to/from anomalous IP addresses.

  1. In Barracuda Control Center, navigate to Configuration > Configuration Tree > Multi-Range > (Global, Range, or Cluster Level) > Firewall Objects/Policies.
    Based on the customer firewall set up, create a Firewall Network Object within the administrative scope that was chosen for the configuration.

  2. Click Lock.

  3. In the left menu, scroll to Firewall Objects and click Networks.

  4. Click + in the Networks section to create a network object.

  5. For the Type, select Generic Network Object.

  6. Enter the name Barracuda_XDR_Blocked_IPs for the network object.

  7. (Optional) Enter a description for the Network, for example, Barracuda XDR Automated Threat Response.

  8. Click OK.

  9. Click Send Changes and Activate.

  10. Add the Network Object to any preexisting firewall policies created to block traffic to/from anomalous IP addresses.

  11. Save the Network Object Name to use in the To configure the XDR dashboard procedure below.

To enable the REST API for HTTPS

Reference: https://campus.barracuda.com/product/cloudgenfirewall/doc/96025925/rest-api/

To access these settings in Barracuda Control Center, log into the control center like you would with a standalone firewall. These settings cannot be accessed from the multi-range configuration tree.

  1. On the Firewall layer of the Barracuda Control Center, navigate to Configuration > Configuration Tree > Box > Infrastructure Services > REST API Service.

  2. Click Lock.

  3. In the HTTP interface window, select Enable HTTPS interface.

  4. In the HTTPS Port field, enter the desired port for API calls.

  5. (Optional) To enable API calls via management IP addresses instead of the loopback interface, select Bind to Management IPs.

  6. Click New Key to create a private key of the desired length or import your personal private key.

  7. Click Ex/import to create a self-signed certificate or import an existing one.
    NOTE If creating a new self-signed certificate, it is recommended to use the public IP of the box as the name. (A hostname can also be used if that correlates with the public IP of the box).

  8. Click Send Changes and Activate.

  9. Save the port number to use in the To configure the XDR dashboard procedure below.

To generate an API token for authentication

  1. On the Firewall layer of the Barracuda Control Center, navigate to Configuration > Configuration Tree > Box > Infrastructure Services > REST API Service.

  2. Click Lock.

  3. In the left menu, click Access Tokens.

  4. Click + in the Access tokens section.

  5. Type the name BarracudaXDRAPI for the token and click OK.
    The Access tokens window opens.

  6. Click Generate new token.

  7. Enter the Admin name for the user used for authentication.
    This is the name of the Admin Account previously created (BarracudaXDRAdmin)

  8. In the Time to live field, enter the number of days the token should be valid for.

  9. Click OK.

  10. Click Send Changes and Activate.

To ensure communication is allowed from XDR SOAR IP(s) to the CloudGen firewall

If you have a firewall in front of your CloudGen device, this could potentially prevent communication from the SOAR endpoint to the CloudGen firewall. If you don’t have a firewall in front of your CloudGen device, you don’t need to follow the procedure below. You can continue directly to To configure the XDR dashboard.

If you have a firewall in front of your CloudGen device, you must set up a NAT port forward rule on the firewall to allow traffic from the SOAR endpoint to the management IP of the Control Center or (if it’s a Standalone FW) the management IP of the box.

The IPs you need to permit are:

  • 35.155.74.247 and

  • 44.239.173.232

The procedure for setting up the NAT port forward rule depends on your firewall – consult the documentation for your firewall for more information. The procedure below is provided as an example for the CloudGen data source only.

For example, if the firewall in front is also a CloudGen, you could create a destination NAT forwarding rule where:

  • The type – Dst NAT

  • The source is the SOAR endpoint – 35.155.74.247 and 44.239.173.232

  • The service – TCP 8443

  • The destination – firewall’s public IP address

  • The redirection – the management IP of the Control Center

SOARCloudGenExampleRule.png

To configure XDR dashboard

  1. In Barracuda XDR Dashboard, click SOAR Settings > Firewalls.

    Firewall1.png

  2. Click Barracuda CloudGen Firewall.

  3. Click Edit Config.

  4. In the Edit Config dialog box, enter the following:

    • External IP

    • API Access Port

    • Credential (API Key)

    • Group Name

  5. In Firewall Type, select Control Center.

  6. In Group Level, select one of the following options:

    • Range, then type the range name

    • Cluster, then type the range name and the cluster name

    • Box, then type a name for the range, the cluster name, and the service container name

      image.png

  7. Click Save.

If you need to edit the configuration at any time, follow the Editing XDR SOAR Settings for a Firewall procedure.