It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure an ISP with Static IP Addresses

  • Last updated on

If your Internet connection is using static IP addresses or entire network ranges assigned by your ISP, you must create routing entries on box level and then assign the IP address(es) to the box. Choose the network type Untrusted to automatically create a default route (0.0.0.0/0) for the connection.

 st_wan.png

Before You Begin

Connect the network equipment installed by your provider to an unused port (not the management port) of your Barracuda CloudGen Firewall.

Step 1. Add the Static IP Address and a Direct Route

Configure the individual WAN IP address you want to use as a shared IP address. Be sure to create the route on the port the ISP is plugged into. In an HA cluster, these IP addresses will be transferred over to the secondary box in case of a failover.

  1. Go to CONFIGURATION > Configuration Tree > Network > IP Configuration.
  2. Scroll down to the section Shared Networks and IPs.
  3. Click Lock.
  4. For Shared Network and IPs, click + to add the relevant IP addresses.
  5. The Shared Networks and IPs window is displayed.
  6. Enter the name for the entry.
  7. The configuration window for Shared Networks and IPs is displayed.
  8. For Interface, select the interface for the static IP address, e.g., eth1.
  9. For Network Address, enter the network address of the attached network, e.g., 62.99.0.0/24.
  10. Click +.
  11. The Shared IPs in this Network window is displayed.
  12. For IP Address, enter the static IP address assigned by your ISP, e.g., 62.99.0.221.
  13. For Responds to Ping, select yes.
  14. Click OK.
  15. For Direct Internet Access, select the check box.
  16. For Trust Level, select Untrusted.
  17. For Default Gateway, enter the IP address of the gateway, e.g., 62.99.0.254.
  18. If the default route will be introduced in an environment where multiple dynamic links are available, specify a Route Metric.
    add_static_ISP_address.png
  19. Click OK.
  20. Click Send Changes / Activate.

Step 1a. (Optional) Configure Link Monitoring

Configure link monitoring for the static Internet connection. This is important for cases where e.g., the ISP router in front of the firewall does not go down but the uplink beyond does.

To ensure proper functionality of monitoring via ICMP, it is strongly recommended to use a hosted, secured IP address or an address provided by your ISP. Do not use a common public address such as google.com, etc.
  1. Go to CONFIGURATION > Configuration Tree > Network > IP Configuration.
  2. Scroll down to the section Shared Networks and IPs.
  3. In the Configuration Mode menu, select Switch to Advanced View.
  4. Click Lock.
  5. Edit the entry for the ISP in the Shared Network and IPs section.
  6. In the Reachable IPs table, add one or more target IP addresses of hosts that should be reachable for probing. 
  7. Enter commands to be run when the gateway or none of the reachable IP addresses is reachable.
  8. Click OK.
  9. Click Send Changes and Activate.

Step 2. Perform a Network Activation

After you create or change the basic network configurations such as routing, you must activate your new network configurations.

  1. Go to CONTROL > Box.
  2. In the left menu, expand the Network section and click Activate new network configuration.
  3. Select Failsafe.

Verify the Network Configuration

Open the CONTROL > Network page to verify that all network routes have been introduced successfully. Verify that the WAN IP addresses are displayed with a green status icon. In addition, verify that the newly introduced routes are available in the tables Main and Default and that the default route is directing traffic through your ISP connection.

routing_static_01.png