The guest access confirmation page allows you to control access to the Internet or other networks by only allowing authenticated users. Unauthenticated users are redirected to a customizable confirmation form on the Barracuda CloudGen Firewall. After clicking Proceed a user in the form LP-<IP Address> is created. Users who have already been authenticated or have been identified by the Barracuda DC Agent are not prompted to log in. The authentication expires after 20 minutes.
Step 1. Enter the Guest Access Confirmation Text
Customize the confirmation message the users have to acknowledge when they get redirected to the confirmation page.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Settings.
- Click Lock.
- In the left menu, click Guest Access.
- (optional) Modify the Renew Confirmation After (min.) entry to configure a longer or shorter authentication expiration time.
- (optional) Modify the Auto Renew Confirmation (min.) entry. During this time span (in minutes) the user is automatically logged in again without having to re-authenticate.
- Navigate to the section Confirmation Page Customization.
- Enter a Custom Text. You can use HTML tags.
- (optional) If you want to redirect the guest to a custom webpage:
- In the left menu bar, click Switch to Advanced.
- From the list Redirection URL, select Explicit.
- Enter a valid URL into the edit field for Explicit Redirection URL.
- Click Send Changes and Activate.
Step 2. Create a Certificate for Authentification
For authentication, you must create a certificate and a private key.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Settings.
- In the left menu, select Authentication.
- Click Lock.
Import or create the Default HTTPS Certificate and Default HTTPS Private Key.
- Click Send Changes and Activate.
Step 3 Create an App Redirect Access Rule and Pass Access Rule
Create an app redirect access rule that redirects the user to the FWauth daemon on Port TCP 446 on the Barracuda CloudGen Firewall, which displays the confirmation page and redirects the user afterwards. Additonally, create a pass access rule that allows HTTP and HTTPS access for authenticated users only. If your access rule set already contains a pass rule that allows Internet access for HTTP/HTTPS traffic, make sure to modify it according to the settings below and place it above the app redirect access rule.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
- Click Lock.
- Create an App Redirect access rule:
- Action – Select App Redirect.
- Source – Select the source network(s).
- Service – Select HTTP+S. Since the user has to use a browser to access the confirmation page, limit the service to HTTP and HTTPS.
- Destination – Select the destination. E.g., Internet.
- Redirection – Enter
127.0.0.1:446
- Authenticated User – Select Any.
- Click OK.
- Create an Pass access rule:
- Action – Select Pass.
- Source – Select the source network(s).
- Service – Select HTTP+S.
- Destination – Select the destination. E.g., Internet.
- Connection Method – Select Dynamic Source NAT
- Authenticated User – Select All Authenticated Users.
- Click OK.
- Place the access rule so that it is the first rule to match for HTTP+S and unauthenticated users, but after the rule allowing DNS access if the DNS server is not in the local network.
- Verify the correct access rule order.
- Click Send Changes and Activate.
Log in Using the Guest Access Confirmation Page
- Open the browser and enter an URL.
- If you are unauthenticated, you are redirected to the confirmation page.
- Click Proceed.
- You are now redirected to the original URL.