It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

VPN Tab

  • Last updated on

The Barracuda Firewall Admin VPN tab provides information on all VPN connections configured on the CloudGen Firewall. Go to the VPN tab in the ribbon bar for live information on all site-to-site and client-to-site VPN tunnels.

The VPN tab provides three separate pages:

  • Site-to-Site
  • Client-to-Site
  • Status

Site-to-Site

The Site-to-Site page lists all TINA and IPsec site-to-site VPN tunnels.

Go to VPN > Site-to-Site.

vpn_s2s1.png

The standard columns in the table provide the following information:

  • Name – The name of the VPN tunnel.
  • Tunnel – The type of VPN tunnel, either TINA or IPsec.
  • Local IP – The local VPN point of entry.
  • Peer IP – The remote VPN point of entry.
  • Transport – The VPN tunnel transport protocol.
  • Encryption – The tunnel encryption method.
  • Compression – The current compression rate and type of TINA VPN tunnel.
  • bit/s – The current transfer speed in bits per second.
  • Start – The duration of VPN connection in minutes (m) or days (d).

To show or hide additional columns, right-click in the window, select Columns, and then either select or deselect the columns you want displayed or hidden.

The following additional columns are available:

  • SD-WAN – The SD-WAN transport class IDs.
  • Info – Depending on the tunnel type, this column displays either the tunnel type, the state, or the certificate subject. As soon as a tunnel is passive and down, DOWN (passive) is displayed. For group tunnels with a certificate, the x.509 subject is displayed.
  • Auth. – The packet authentication method.
  • Total (Byte) – The total amount of traffic.
  • Idle – The time (in seconds) passed since the last activity within the connection.
  • Duration – Displays how long the tunnel is up and running.
  • Key – The age of issued key in minutes (m) or days (d).
  • Internal – Information about the tunnel name.
  • Effective Bandwidth Inbound [bit/s] – Effective bandwidth of inbound traffic in bits per second as measured by Dynamic Bandwidth and Latency Detection.
  • Effective Bandwidth Outbound [bit/s] – Effective bandwidth of outbound traffic in bits per second as measured by Dynamic Bandwidth and Latency Detection.   
  • Latency – The traffic latency (round-trip time) in seconds as measured by Dynamic Bandwidth and Latency Detection.
  • Dynamic Bandwidth State Local – Last Dynamic Bandwidth and Latency Detection probing state for the firewall acting as the local VPN endpoint.
  • Dynamic Bandwidth State Peer – Last Dynamic Bandwidth and Latency Detection probing state for the remote firewall.
  • Dynamic Bandwidth Detection – This column shows if Dynamic Bandwidth and Latency Detection is enabled for the VPN transport.

To reset the columns to default, select Default Columns.

Context Menu

To open the context menu, right-click a VPN tunnel.

The following operations can be selected:

  • Show Details – Opens a window with detailed information about the selected VPN tunnel.
  • Show Transport Details – Opens a window with detailed information about the selected VPN transport.
  • (TINA only) Last VPN Access – Opens a window with a detailed VPN access and connection history.
  • (TINA only) Monitor Traffic – Provides two monitors for SD-WAN features for TINA UDP transports.
  • (TINA only)  Trigger Active Probing – Initiates probing for TINA UDP transports for which Bandwidth and Latency Detection is enabled.
  • Show VPN Run-Time Info – Opens a window with details for the VPN service this VPN tunnel is using.
  • Show Sessions – Displays information about the VPN sessions.
  • Show on Status Page – Opens the VPN Status window and highlights the corresponding VPN tunnel.
  • Enable Tunnel – Enables the selected VPN tunnel or transport.
  • Temporary Enable Tunnel – Enter the desired time period in minutes for which the VPN tunnel or transport should be enabled.
  • Disable Tunnel – Permanently disables the selected VPN tunnel or transport. Use Enable Tunnel to re-enable the VPN tunnel or transport. 
  • Initiate Tunnel – Manually re-establishes the selected VPN tunnel.
  • (TINA only) Terminate Tunnel – This method kills Phase2 of the IPsec tunnel. Phase2 is re-initialized immediately.

  • (IPsec only) Terminate Phase 1 – This method kills Phase1 of the VPN tunnel. Because there is no exchange between the tunnel partners, Phase1 can only be re-established if the partner kills its own Phase 1.

    Do not use the Terminate Phase 1 function unless it is absolutely necessary. In case of doubt, please contact Barracuda Networks Technical Support to get assistance.

    After terminating Phase1, the tunnel can be re-initiated either manually or with the next re-keying.

  • (IPsec only) Terminate Phase 2 – This method kills Phase2 of the IPsec tunnel. Phase2 is re-initialized immediately.

For more information about the standard context menu, see Barracuda Firewall Admin.

Client-to-Site

The Client-to-Site page lists all client-to-site VPN tunnels configured on the firewall.

Go to VPN > Client-to-Site.

vpn_c2s.png

The standard columns in the table provide the following information:

  • Name – The name of the VPN tunnel.
  • Tunnel – The type of VPN tunnel, either PGRP, PPTP, L2TP, or IPsec.
  • Local IP – The local VPN point of entry.
  • Peer IP – The remote VPN point of entry.
  • Virtual IP – The assigned virtual IP address.
  • Transport – The VPN tunnel transport protocol.
  • Encryption – The tunnel encryption method.
  • Compression – The current compression rate and type of VPN tunnel.
  • bit/s – The current transfer speed in bits per second.
  • Start – The duration of VPN connection in minutes (m) or days (d).

To show or hide additional columns, right-click in the window, select Columns, and then select or unselect the columns you want displayed or hidden.

The following additional columns are available:

  • Type – The type of network used for the VPN client.
  • Group – The group that the logged-in VPN user belongs to.
  • Info – Either a person's name (defined during configuration) and an IP address assigned by the license, separated by "@" (the "at" character), or the certificate subject.
  • Auth. – The packet authentication method.
  • NAC – Displays information if the VPN tunnel is established by the Barracuda Network Access Client.
  • Total (Byte) – The total amount of traffic.
  • Idle – The time (in seconds) passed since the last activity within the connection.
  • Duration – How long the tunnel is up and running.
  • Key – The age of issued key in minutes (m) or days (d).
  • Internal – Information about the tunnel name.
  • CN Name – Displays the certificate CN name.

For more information about the standard context menu, see Barracuda Firewall Admin.

Context Menu

To open the context menu, right-click on a VPN tunnel.

The following operations can be selected:

  • Show Details – Opens a window with detailed information about the selected VPN tunnel.
  • Show Transport Details – Opens a window with detailed information about the selected VPN transport.
  • Last VPN Access – Shows the time passed since the last access.
  • Trigger Active Probing – I nitiates probing for TINA UDP transports for which Bandwidth and Latency Detection is enabled.
  • Show VPN Run-Time Info – Opens a window with details for the VPN service this VPN tunnel is using.
  • Show Sessions – Displays information about the VPN sessions.
  • Show on Status Page – Opens the VPN Status window and highlights the corresponding VPN tunnel.
  • Enable Tunnel – Enables the selected VPN tunnel.
  • Disable Tunnel – Permanently disables the selected VPN tunnel. The VPN tunnel will be established again by clicking Enable Tunnel within the context menu.
  • Initiate Tunnel – Manually re-establishes the selected VPN tunnel.
  • Terminate Tunnel – This method kills Phase2 of the IPSEC tunnel. Phase2 can be re-initialized immediately.

Filter Options

The VPN page provides several filtering options.

filter_select.png

Click the Selection icon to open the Selection menu, which provides the following options:

  • Site to Site – Select the following options to filter for site-to-site tunnels:
    • TINA – Allows a filter to be set for TINA tunnels.
    • IPSec IKEv1 – Allows a filter to be set for IPSec IKEv1 tunnels.
    • IPSec IKEv2 – Allows a filter to be set for IPSec IKEv2 tunnels.
  • Client to Site – Select the following options to filter for client-to-site tunnels:
    • Barracuda Group – Allows a filter to be set for Barracuda Group tunnels.
    • IPSec Group – Allows a filter to be set for IPSec tunnels.
    • PPTP/LTPD – Allows a filter to be set for PPTP/LTPD tunnels.
    • Barracuda Client Connect – Allows a filter to be set for Barracuda Client Connect tunnels.

Click the Filter icon in the ribbon bar to open the Filter menu, which provides the following options:

  • Name – Allows a filter to be set for a specific tunnel name.
  • Group – Allows a filter to be set for a specific VPN group.
  • Local – Allows a filter to be set for the local tunnel IP address.
  • Peer – Allows a filter to be set for the local tunnel peer IP address.
  • Virtual – Allows a filter to be set for a shared IP address.
  • Info – Allows a filter to be set for content in the Info column.

To apply a filter and / or selection, click the Refresh icon on the top right of the service bar.

Status

The Status page lists all configured VPN connections on the given system. It consists of four sections, which you can access via the main screen or by clicking the corresponding icons in the ribbon bar:

  • Status section
  • Access Cache section
  • Drop Cache section
  • VPN Client Downloads section

Go to VPN > Status.

vpn_status.png

Status Section

The Status section is the upper section of the Status page and lists the status of all configured VPN tunnels. 

The table provides the following information:

  • Tunnel – The description of the VPN tunnel.
  • Name – The name of the VPN tunnel.
  • Type – The type of the VPN tunnel.
  • Group – The group that the VPN tunnel belongs to.
  • Info – (optional) Displays additional information.
  • State – The status of the VPN connection (ACTIVE, Ready, or Disabled).
  • Succ. – The number of successful connections.
  • Fail – The number of failed connections.
  • Last Access – The time passed since the last access.
  • Last Peer – The client IP address of the last connection.
  • Last Info – The most recent information concerning the connection (e.g., Access Granted, Disconnect, etc.).
  • Last Duration – The duration of the last connection.
  • Last Client – The client (including version number) used for the last connection.
  • Last OS – The operating system (including kernel number) used by the last connection’s client.
  • Last WSC – The WSC information.
  • CN Name – The certificate CN name.

To enable, disable, or temporarily enable a tunnel, right-click a connection. The context menu opens. You can then select the option you need. If selecting "Temporarily Enable Tunnel", enter the period (in minutes) for which the tunnel should be enabled.

For each entry in the Status section, colored icons indicate the current status of a VPN tunnel:

  • green – Tunnel is terminated, but ready.
  • blue – Tunnel is active.
  • gray – Tunnel is disabled.

Within the Type column, the type of VPN tunnel is indicated. The icons indicate information as follows:

  • 1 user – Personal VPN tunnel.
  • 2 users – Group VPN tunnel.
  • Server lock – Firewall-to-firewall VPN tunnel.
Access Cache Section

The Access Cache section displays the history of successful VPN connection attempts for site-to-site and client-to-site VPN connections. To open the Access Cache section, click the Access Cache icon in the ribbon bar.
ac_icon.png

Double-click a specific VPN tunnel for detailed information.

vpn_ac.png

Drop Cache Section

The Drop Cache section shows details about unsuccessful VPN connection attempts.To open the Drop Cache section, click the Drop Cache icon in the ribbon bar.

dc_icon.png

vpn_dc.png

VPN Client Downloads Section

The VPN Client Downloads section allows you to copy Network Access Client update files to the firewall. To open the VPN Client Downloads section, click the Client Downloads icon in the ribbon bar. Please note that this feature is limited to the Barracuda Network Access Client and is not available with the Barracuda VPN Client only.

cd_icon.png

The next time a Network Access Client connects to the VPN server, you can download the uploaded version:

  1. Click Upload on the right of the section to open the uploading window.
  2. Use the Browse option within this window to select the desired installation file.
  3. Click Upload to store the update file on the Barracuda CloudGen Firewall. 

If an uploaded file becomes obsolete, select it and click Delete to remove the file from the VPN client downloads list.