It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda XDR

Setting up SOAR for Barracuda CloudGen Standalone Firewall

  • Last updated on

The documentation below outlines the requirements for the Barracuda XDR  Security Orchestration, Automation, and Response (SOAR) for Barracuda CloudGen Standalone Firewall. When you've set this up, all required data is uploaded to the Customer Security Dashboard in the SOAR Settings > Firewalls section.

To configure SOAR for Barracuda CloudGen Standalone Firewall, you must do the following:

  • To send the External IP Address of the Standalone firewall to Barracuda XDR

  • To enable the REST API for HTTPS

  • To create an Admin Account for the REST API

  • To generate an API Token for authentication

  • To create a Firewall Network Object for the Barracuda XDR Automated Threat Response

  • To add the IP addresses 35.155.74.247 and 44.239.173.232 to the Peer IP Restriction list for the REST API Admin

  • To ensure communication is allowed from XDR SOAR IP(s) to the CloudGen firewall

  • To configure XDR Dashboard

To send the External IP Address of the Standalone firewall to Barracuda XDR
  • Send the external IP address of the standalone firewall to the Barracuda XDR team.

To enable the REST API for HTTPS

Reference: https://campus.barracuda.com/product/cloudgenfirewall/doc/96025925/rest-api/

  1. In Barracuda CloudGen, navigate to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service.

  2. Click Lock.

  3. In the HTTP interface window, select Enable HTTPS

  4. In the HTTPS Port field, enter the desired port for API calls.

  5. (Optional) To enable API calls via management IP addresses instead of the loopback interface, select Bind to Management IPs.

  6. Click New Key to create a private key of the desired length or import your personal private key.

  7. Click Ex/import to create a self-signed certificate or import an existing one.
    NOTE If creating a new self-signed certificate, it is recommended to use the public IP of the box as the name. (A hostname can also be used if that correlates with the public IP of the box).

  8. Click Send Changes and Activate.

  9. Provide the port number to the Barracuda XDR team.

To create an Admin Account for the REST API
  1. Go to CONFIGURATION > Configuration Tree > Box > Administrators.

  2. Click Lock.

  3. In the Administrators section, click + to add an administrator account.

  4. Type the name BarracudaXDRAdmin for the account and click OK.
    The Administrators window opens. This account name is used to log into the firewall.

  5. Type the Full Name of the administrator or a description for the account (BarracudaXDRAdmin).

  6. In the Assigned Roles table, add the Manager administrative role for the user.

    For authentication against the REST API, a user with the appropriate permissions must be present either on the Control Center for centrally managed firewalls or on the firewall itself for stand-alone firewalls. In both cases, the user must have the Manager role assigned.

  7. From the System Level Access list, select No OS Login.

  8. For the Authentication Level, choose Password.

  9. When using a password, select the corresponding scheme from the Password Validation list.

  10. Enter the password for the Barracuda Firewall Admin login. When creating an account, the new password must be entered in both the Current and New fields, even though the password has not yet been created. The password must be confirmed by re-entering it in the Confirm field.

  11. Use the Peer IP Restriction table to set an access restriction on IP address and/or subnet level on which Barracuda Firewall Admin runs.

    NOTE Add the IP addresses 35.155.74.247 and 44.239.173.232 to the Peer IP Restriction list. This specifies the IP address the admin can use to access the Barracuda CloudGen Firewall.

  12. From the Login Event list, select Service Default (default).

  13. Click Send Changes and Activate.

To generate an API Token for authentication
  1. Navigate to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service.

  2. Click Lock.

  3. In the left menu, click Access Tokens.

  4. In the Access Tokens section, click +.

  5. Type the name BarracudaXDRAPI for the token and click OK.
    The Access Tokens window opens.

  6. Click Generate new token.

  7. Enter the Admin name for the user used for authentication.

    • This will be the name of the admin account created in To create an Admin Account for the REST API above (BarracudaXDRAdmin).

  8. In the Time to live field, enter the number of days the token should be valid for.

  9. Click OK.

  10. Click Send Changes and Activate.

To create a Firewall Network Object for the Barracuda XDR Automated Threat Response

Create a Firewall Network Object called Barracuda_XDR_Blocked_IPs. Barracuda XDR uses this network object to track of IPs blocked on the firewall. Add the network object to any preexisting firewall rules that were created to block traffic to/from anomalous IP addresses.

  1. Navigate to CONFIGURATION > Configuration Tree > Box > Assigned Services > NGFW (Firewall) > Forwarding Rules.

  2. Click Lock.

  3. In the left menu, scroll down to Firewall Objects and click Networks.

  4. In the Networks section, click + to create a network object.

  5. For the Type, select Generic Network Object.

  6. Type the name Barracuda_XDR_Blocked_IPs for the network object.

  7. (Optional) Enter a description for the Network.

  8. Click OK.

  9. Click Send Changes and Activate.

  10. Add the Network Object to any preexisting firewall policies created to block traffic to/from anomalous IP addresses.

To add the IP addresses 35.155.74.247 and 44.239.173.232 to the Peer IP Restriction list for the REST API Admin
  • For the Admin Account, add the IP addresses 35.155.74.247 and 44.239.173.232 to the  Peer IP Restriction list.

To ensure communication is allowed from XDR SOAR IP(s) to the CloudGen firewall

If you have a firewall in front of your CloudGen device, this could potentially prevent communication from the SOAR endpoint to the CloudGen firewall. If you don’t have a firewall in front of your CloudGen device, you don’t need to follow the procedure below. You can continue directly to To configure the XDR dashboard.

If you have a firewall in front of your CloudGen device, you must set up a NAT port forward rule on the firewall to allow traffic from the SOAR endpoint to the management IP of the Control Center or (if it’s a Standalone FW) the management IP of the box.

The IPs you need to permit are:

  • 35.155.74.247 and

  • 44.239.173.232

The procedure for setting up the NAT port forward rule depends on your firewall – consult the documentation for your firewall for more
information. The procedure below is provided as an example for the CloudGen data source only.

For example, if the firewall in front is also a CloudGen, you could create a destination NAT forwarding rule where:

  • The type – Dst NAT

  • The source is the SOAR endpoint – 44.209.49.222 and 44.239.173.232

  • The service – TCP 8443

  • The destination – firewall’s public IP address

  • The redirection – the management IP of CloudGen Standalone

SOARCloudGenExampleRule.png

To configure XDR Dashboard
  1. In Barracuda XDR Dashboard, click SOAR Settings > Firewalls.

    SOARCloudGenDash.png

  2. Click Config.

  3. In the Edit Config dialog box, enter the following:

    • External IP

    • API Access Port

    • Credential (API Key)

    • Group Name

    • Firewall Type

      SOARCloudGenEditConfig.png
  4. Click Save.

If you need to edit the configuration at any time, follow the Editing XDR SOAR Settings for a Firewall procedure.