It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure Inline Firewall Authentication

  • Last updated on

Inline authentication intercepts unauthorized users HTTP or HTTPS connections and redirects them to a login page on the Barracuda CloudGen Firewall. After successful authentication the user is forwarded to the original destination. This type of authentication is used to allow HTTP/HTTPS access to authenticated users. Access rules using inline authentication do not block non HTTP or HTTPS traffic even from unauthorized users. To avoid browser certificate errors, use a signed SSL certificate or install the root certificate of the self-signed certificate on all client computers using Inline Authentication.

Before You Begin

Choose and configure the authentication scheme. For more information, see Authentication.

Step 1. Configure the Firewall Authentication Settings

For a basic configuration, only a default HTTPS certificate and the corresponding key is required. Download and install the root certificate on all client computers to avoid browser certificate errors.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Settings.
  2. In the left menu, select Authentication.
  3. Click Lock.
  4. Click the Operational Settings Edit button. The Operational Settings window opens.
  5. (optional) Set Refresh auth every... min to the number of minutes the authentication is valid for. Default: 5
  6. (optional) Set Refresh auth tolerance... min to the number of minutes that a peer does not have to authenticate again after reconnecting.
  7. Click OK.
  8. Import or create the Default HTTPS Private Key and Default HTTPS Certificate.

    The Name of the certificate must be the IP address or a FQDN resolving to the IP address of the Barracuda CloudGen Firewall. This value is used to redirect the client to the authentication daemon.

  9. In the Metadirectory Authentication section, select a previously configured Authentication Scheme. For more information, see Authentication.
  10. Click Send Changes and Activate.

Step 2. Create the Access Rule for Inline Authentication

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  2. Create an access rule that allows HTTP+S connections to the web server.
    inline_auth01.png
  3. In the left menu of the rule editor window, click Advanced.
  4. In the Miscellaneous section, select Login+Password Authentication from the Inline Authentication for HTTP and HTTPS list.
    inline_auth02.png
  5. In the left menu, click Rule.
  6. In the Authenticated User section, specify the users this rule should match for. You can either define a user group object or create an explicit user condition for this rule.
    • To grant access to all authenticated users, select All Authenticated Users.
    • To create an explicit user condition:
      • Select <explicit-user>.
      • Right-click the table and select Edit.
      • In the Edit/Create User Object window, click New.
      • In the User Condition window, specify all authenticated users that are allowed access to the web server.
      • Click OK.
  7. Click Send Changes and Activate.