After configuring a VPN tunnel between two Barracuda CloudGen Firewalls, you must create a Pass access rule on both systems to allow traffic through the VPN tunnel.
Before You Begin
- Configure a TINA or IPsec Site-to-Site VPN tunnel. For more information, see How to Create a TINA VPN Tunnel between CloudGen Firewalls or How to Configure a Site-to-Site VPN with IPsec.
Create an Access Rule Allowing Traffic into and out of the VPN Tunnels
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
- Click Lock.
- Right-click on the ruleset and select New. The New Rule window opens.
- Enter a Name. E.g.,
LAN-2-VPN-SITE
- Right-click the ruleset and select New > Rule to create an access rule to match the VPN traffic:
- Action – Select Pass.
- Bi-Directional – Select the check box to apply the rule in both directions.
- Source – Enter all local networks used for the VPN tunnel.
- Service – Select the services allowed to access the tunnel. Default: Any
- Destination – Enter the remote networks behind the VPN tunnel, or select VPN_Networks.
- Connection Method – Select Original Source IP.
- Click OK.
- Reorder the access rule by dragging it to the correct position in the forward firewall's ruleset. Make sure no access rule placed above it will match the traffic for the site-to-site access rule.
- Click Send Changes and Activate.