To integrate Barracuda Web Application Firewall, do the following:
- Enable the Barracuda WAF integration.
- Install the XDR Collector.
- Configure the Firewall.
- Open port on the XDR Collector Host.
Enable Barracuda Web Application Firewall
- In Barracuda XDR Dashboard, navigate to Administration > Integrations.
- On the Barracuda Web Application Firewall card, click Setup.
- Select the Enabled check box.
- Click Save.
Install the XDR Collector
- In Barracuda XDR Dashboard, click Infrastructure > Collectors.
- In the Policies table, locate the On-Prem policy, then click Action > Install.
Configure the firewall
To add a syslog server, do the following:
- Go to the ADVANCED > Export Logs page.
- In the Export Logs section, click Add Export Log Server. The Add Export Log Server window opens. Specify values for the following:
- Name – Type
Barracuda XDR Collector
as the name for the syslog server. - Log Server Type – Select Syslog NG.
- IP Address or Hostname – Type the IP address or the hostname of the system hosting the XDR Collector.
- Port – Type port
9256
. - Connection Type – Select UDP.
- Validate Server Certificate – Do one of the following:
- Set to Yes to validate the syslog server certificate using the internal bundle of Certificate Authority's (CAs) certificates packaged with the system. If you choose this option, send the certificate to XDR support so they can do the necessary additional configuration.
- Set to No to accept any certificate from the syslog server.
- Client Certificate – Set to Yes so the Barracuda Web Application Firewall presents the certificate while connecting to the syslog server. Send the certificate to XDR support so they can do the necessary additional configuration.
Certificate – Select a certificate for the Barracuda Web Application Firewall to present when connecting to the syslog server.
- Log Timestamp and Hostname – Set to Yes.
- Name – Type
- Click Add.
The Barracuda Web Application Firewall documentation is available here.
Open the port on the XDR Collector Host
- Identify the firewall software running on your system and run the necessary command:
- Linux
Iptables:sudo iptables -A INPUT -p udp --dport 9256 -j ACCEPT
firewalld:sudo firewall-cmd --add-port=9256/udp
- Windows
netsh advfirewall firewall add rule name=“Barracuda WAF Events” dir=in action=allow protocol=UDP localport=9256
- Linux