It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Configure Network Objects for AWS and Azure Datacenter Networks

  • Last updated on

To be able to accurately reference the networks used by AWS and Azure, these networks can be imported automatically in a dynamic network object. Initial creation is triggered by command line script. After they are created, the network objects are automatically updated every hour. Note, however, that after they are created, it is only possible to disable the network objects in Barracuda Firewall Admin. Deleting the network objects is not possible. Importing dynamic network objects does not work with the Distributed Firewall service.

Before You Begin

Select the network object you want to create:

  • Cloud – Create network objects for all data centers in AWS and Azure.
  • Azure – Create network objects for all Azure data centers.
  • AWS – Create network objects for all AWS data centers.
  • Datacenter Specific – To create network objects for specific AWS or Azure regions, list all network objects names:
/opt/phion/bin/external-netobj-tool list

cloud_network_objects_01.png

For automatic updates to work, you must enable network object updates on the firewalls units:

  1. Log into the CloudGen Firewall.
  2. Go to Box > Infrastructure Services > General Firewall Configuration.
  3. In the left menu, select Operational.
  4. Click Lock.
  5. Set On-demand network objects update to yes.
  6. Click Send Changes and Activate.

Importing Azure and AWS Data Center Network Ranges

To import network objects from the cloud servers on a CloudGen Firewall, a command line tool must be executed manually on the firewall.

Importing network objects on managed firewalls requires you to execute the tool with the following arguments:

  1. Log into the Control Center via SSH.

  2. Create the dynamic network objects:

    • For all firewall services on the Control Center:

      /opt/phion/bin/external-netobj-tool create PREDEFINED_CLOUD_NETWORK_OBJECT_NAME

      cloud_network_objects_02.png

    • For all firewall services in a range:

      /opt/phion/bin/external-netobj-tool create -r RANGE PREDEFINED_CLOUD_NETWORK_OBJECT_NAME

      cloud_network_objects_03.png

    • For all firewall services in a cluster:

      /opt/phion/bin/external-netobj-tool create -r RANGE -c CLUSTER PREDEFINED_CLOUD_NETWORK_OBJECT_NAME

    • For a specific firewall service:

      /opt/phion/bin/external-netobj-tool create -r RANGE -c CLUSTER -s SERVER_SERVICE PREDEFINED_CLOUD_NETWORK_OBJECT_NAME

The cloud data center network objects are now available in the firewall services. It can take up to one hour for the network objects to be populated.

cloud_network_objects_04.png