The Barracuda CloudGen Firewall F-Series can parse authentication information contained in the syslog stream of supported wireless access points. Wi-Fi access points typically use authentication services such as RADIUS servers to authenticate users before allowing them to connect. The Barracuda CloudGen Firewall F-Series monitors the syslog files sent by the Wi-Fi access points for the username and the associated IP address of logged-in users. Depending on the access point, the Barracuda CloudGen Firewall F-Series receives login and/or logout information.
Supported Wi-Fi access points
- Aerohive (login only) 
- Ruckus (login and logout) 
- Aruba (login only) 
- Aruba Instant (login only) 
Video
Watch the following video to see the Barracuda CloudGen Firewall F-Series receive user information via Wi-Fi Access Point authentication from an Aerohive Access Point:
 
     
        Videolink:
https://campus.barracuda.com/Before you Begin
Configure the Wi-Fi access point to stream the syslog to the Barracuda CloudGen Firewall F-Series. For more information, see:
Step 1. Configure a Box Level IP Address
Add an IP address to the box level that can be reached by the wireless access point.
- Go to CONFIGURATION > Configuration Tree > Box > Network. 
- Click Lock. 
- Click + to add an Additional Local IP. 
- Enter a Name. 
- Select the interface from the Interface Name drop-down list. 
- Enter the IP Address and Associated Netmask. 
- Click OK. 
- Click Send Changes and Activate. 
Step 2. Configure Wi-Fi AP Authentication
If the Wi-Fi access point is using an SSL-encrypted connection, the certificate can be imported from a PEM or PKCS12 file. For non-standard Wi-Fi Access Point syslog streaming ports, change the port in Advanced View and edit the port in the BOX-AUTH-WIFI-SYNC rule accordingly.
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication. 
- Click Lock. 
- In the left menu, click Wi-Fi AP Authentication. 
- Set Activate Scheme to yes.  
- Click + to add a Wi-Fi AP Endpoint. The Wi-Fi AP Endpoints window opens. 
- Enter the Source IP. This is the IP address of your Wi-Fi access point. 
- Select the Protocol used by the Wi-Fi access point to send the syslog. - UDP 
- TCP 
- SSL 
 
- (SSL only) Enter the Certificate Subject Alternative Name for the SSL certificate. 
- (SSL only) Click Ex/Import and import the Certificate File. 
- Select the manufacturer of your Wi-Fi access point from the Wi-Fi AP Model drop-down list.  
- Click OK. 
- Click Send Changes and Activate. 
You can now use the authentication information from your Wi-Fi access point. Go to Firewall > Users. All users with Wi-Fi-AP in the Origin column are authenticated via the Wi-Fi access point.
