Access notification settings assign notification types to each Barracuda CloudGen Firewall service or otherwise relevant system service (for example, sshd or console login). The service uses the login ID attempting access to verify its legitimacy on the system. Next, it determines the associated notification scheme for the login ID with the service default constituting a fallback option. Finally, it determines the service-specific notification type from the applicable notification scheme and generates an appropriate event. There are two simple scenarios:
- Login attempts with an unknown login ID trigger Event-ID 4100 User Unknown.
- The authentication process fails for some other reason, creating Event-ID 4110 Authentication Failure Notice.
Authentication failure on the second login attempt generates Event-ID 4111 Authentication Failure. - If the maximum number of authentication attempts (usually 3) is exceeded, a Event-ID 4112 Authentication Failure Alert notification is generated. This is only possible if an internal system error has occurred.
Configure Access Notifications
You can configure the following access notification types:
- Silent – (Automatically assigned to invisible users ha and primary) Suppresses notifications for successful access attempts. Unsuccessful attempts are treated according to the Service Default scheme.
- Notice – Generates a Notice event.
- Warning – Generates a Warning event.
- Alert – Generates an Alert event.
- Go to CONFIGURATION > Full Configuration > Box > Advanced Configuration > Access Notification.
- Click Lock.
- In the Command Line Access section, select the notification types for the following access settings:
- Console Login – The notification type for a successful login. Note that login here denotes direct system access via the console.
- SSH Login - The notification type for a successful system access via the SSH protocol.
- SSH Remote Execution - The notification type for an access via the SSH protocol for remote command execution. Note that remote copy (scp) and secure FTP (sftp) would also fall into this category.
- System Command: su – The notification type for the su (Substitute User) command-line tool. The notification settings used are not those of the system user invoking su but the system user whose identity is adopted.
With the exception of the SSH: rexec setting, the services do not have adjustable settings for failed access attempts. Access failures at the operating system level are always recorded.
- Click Send Changes and Activate.
Configure the Message Board
Configure the messages to be displayed at login time via SSH, the Barracuda Firewall Admin GUI, and on the console.
- Go to CONFIGURATION > Full Configuration > Box > Advanced Configuration > Message Board.
- Click Lock.
- In the Message Display Policy section, select when to display a message.
- In the Displayed Message section, adjust the message as required. Use only:
- Alphabetic characters
- Numerics
- # ! _ , .
Empty breaks, repeated spaces, and a single period (.) in an empty line will be ignored.
- Click Send Changes and Activate.
It is recommended that you check the display of the message at the login after editing.