It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Stream Data to Firewall Insights via a Remote Management Tunnel

  • Last updated on

In certain cases it can be necessary to stream data from a remote firewall to a Barracuda Firewall Insights device that is located behind a local border firewall. In the following setup, streaming data is sent from a remote firewall through the remote management tunnel over the Internet and through the local border firewall to the Control Center, which forwards the traffic to Firewall Insights.

bfi_remote.png

Before You Begin

  • You must complete all necessary steps for Firewall Insights integration. For more information, see Barracuda Firewall Insights Integration.
  • A remote management tunnel must be established. For more information, see How to Configure a Remote Management Tunnel for a CloudGen Firewall.
  • If you deploy a Control Center with a default configuration set from firmware version 8.0.1, the service object 'FIREWALL-INSIGHTS', the network object 'Firewall Insights' and the forwarding access rule 'BOXES-2-LAN-FIREWALL-INSIGHTS' are already preconfigured. You can therefore skip those steps.
  • If you migrate a Control Center to firmware version 8.0.1, these items are not preconfigured, and you must create them according to the following description.

The Remote Firewall, the Border Firewall and the Control Center must have installed firmware version 8.0.1 or higher.

 

Step 1. On the Remote Firewall, Add Firewall Insights to the Remote Network Addresses for Tunnels

You must add Firewall Insights to the remote network addresses list as a target in order to forward traffic through the management tunnel.

  1. Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your remote box > Network.
  2. In the left navigation bar, click Management Access.
  3. Click Lock.
  4. In the Remote Management Tunnel section, click Edit... next to Tunnel Details.
  5. The Tunnel Details window is displayed.
  6. Click + in the Remote Networks section.
  7. Enter the IP address of Firewall Insights to the list, e.g., 10.17.68.107
    brs_add_brs_to_rmts.png
  8. Click OK.
  9. Click Send Changes and Activate.

Step 2. (Optional, only if not preconfigured) On the Control Center, Create Service Object Firewall-Insights

  1. Log into your Control Center on box level.
  2. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > CCFW (Firewall) > Forwarding Rules
  3. In the left navigation bar, click Services
  4. Click Lock.
  5. In the right section where the services are displayed, right-click and select New.
  6. The Edit/Create Service Object window is displayed.
  7. Enter the Name for the service object, e.g., FIREWALL-INSIGHTS.
  8. Enter Firewall Insights ports for Description.
  9. Click New Object... .
  10. The Service Entry Parameters window is displayed.
  11. Verify that 006 TCP is selected for IP Protocol.
  12. For Port Range, enter 2400.
  13. Click OK.
  14. Click New Object... .
  15. The Service Entry Parameters window is displayed.
  16. Verify that 006 TCP is selected for IP Protocol.
  17. For Port Range, enter 8001.
  18. Click OK.
    bfi_service_ports.png
  19. Click Send Changes and Activate.

Step 3. (Optional, only if not preconfigured) On the Control Center, Create Network Object Firewall Insights

  1. Log into your Control Center on box level.
  2. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > CCFW (Firewall) > Forwarding Rules
  3. In the left navigation bar, click Networks.
  4. Click Lock.
  5. In the right section where the networks are displayed, right-click and select New.
  6. The Edit/Create Network Object window is displayed.
  7. For Type select Generic Network Object (IP, Network, Ranges).
  8. Enter Firewall Insights for the name.
  9. Click OK.
    bfi_network.png
  10. Click Send Changes and Activate.

Step 4. On the Control Center, Enter the IP Address of Firewall Insights in the Network Object Firewall Insights

  1. Log into your Control Center on box level.
  2. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > CCFW (Firewall) > Forwarding Rules
  3. In the left navigation bar, click Networks.
  4. Click Lock.
  5. In the right section where the networks are displayed, double-click Firewall Insights.
  6. The Edit/Create Network Object window is displayed.
  7. If the IP address 0.0.0.0 is entered, click the x to remove it.
  8. Click + to enter the IP address of your Firewall Insights device, e.g., 10.17.68.107.
  9. Click Insert and Close.
  10. Click OK.
    bfi_network_ip.png
  11. Click Send Changes and Activate.

Step 5. (Optional, only if not preconfigured) On the Control Center, Allow Firewall Insights Traffic to Firewall Insights by an Access Rule

To forward Firewall Insights traffic from the Control Center to Firewall Insights, you must create the following access rule:

  1. Log into your Control Center on box level.
  2. Go to CONFIGURATION > Configuration Tree > Multi Range > Assigned Services > CCFW (Firewall) > Forwarding Rules
  3. Click Lock.
  4. Click +.
  5. Enter the following values for the rule:
    • Connection TypePass.
    • NameBOXES-2-LAN-FIREWALL-INSIGHTS.
    • Source – Select any from the drop-down menu.
    • Service – Select FIREWALL-INSIGHTS from the drop-down menu.
    • Destination – Select Firewall-Insights from the drop-down menu.
    • Connection Method – Select Original Source IP from the drop-down menu.
  6. Click OK.
    bfi_cc_fw_rule.png
  7. Click Send Changes and Activate.

The remote firewall can now stream data to Firewall Insights via the remote management tunnel.