Barracuda SecureEdge combines the benefits of next-generation firewalls, secure SD-WAN, and cloud integration and automation to deliver a practical SASE solution. The SecureEdge dashboard provides a comprehensive overview of SD-WAN connections, SD-WAN tunnels, network activity, web and network traffic details, as well as the actionable status and security information of your deployed Barracuda Networks products.
Barracuda SecureEdge Dashboard
Barracuda SecureEdge provides fast and actionable in-product status information and is designed to allow internal and external reporting to stakeholders who do not require access to the web interface. The dashboard provides a customizable status overview with information on SD-WAN connections, security, and transport and traffic details.
You can deploy virtual WANs with multiple edge services and site appliances. Each site is connected to the edge service using TINA, the Barracuda Networks VPN protocol. TINA is a proprietary extension of the IPsec protocol developed to improve VPN connectivity and availability over the standard IPsec protocol, and uses AES256 cipher for the VPN encryption. Barracuda SecureEdge uses BGP for routing.
Barracuda SecureEdge provides the following:
- An aggregate view of data for multiple connected devices
- Information on details and availability of SD-WAN connections
- Drill-down capabilities for a subset of connected devices to see aggregate statistics
- Customizable dashboard monitoring for a quick overview of filtering statistics aggregated across all connected devices
Barracuda SecureEdge Manager
The Barracuda SecureEdge Manager is the cloud-based central management portal. From here, you can manage all your edge services, sites, tunnels, and appliances, and perform various configuration and maintenance actions.
The SecureEdge Manager summarizes information with respect to your selected workspace or tenant and displays details on the status of your associated edge services, sites, tunnels, and configured appliances. Aggregated information on recent system and administrative events can be monitored. In addition, the dashboard provides an active tunnel map, a graphical view that shows where all sites and edge services are being deployed based on their geolocation. Click on a site or edge service in the map to see where it is connected to.
Barracuda CloudGen Firewall Integration
Barracuda CloudGen Firewall appliances can be enrolled with Barracuda SecureEdge as a point of enforcement for resource access policies. The firewall appliances can be either stand-alone or Control Center-managed units. Registration of CloudGen Firewalls on Barracuda SecureEdge is token based. After completing the registration process, the appliance gets enrolled and automatically appears in Barracuda SecureEdge, which indicates that the connection is established. The appliance details can be verified with respect to host name and serial number, using Barracuda Firewall Admin. On Barracuda CloudGen Firewall High Availability (HA) boxes, enrollment is required only on the primary unit.
For more information, see How to Configure a Barracuda CloudGen Firewall in Barracuda SecureEdge.
Ingress NAT Rules
Ingress traffic can be any form of network traffic whose source lies in an external network, in other words, in the public Internet, to destinations residing inside the host network. You must configure a security policy rule to allow the NAT traffic. In the Barracuda SecureEdge network policies configuration, you can define new ingress NAT rules for sites and on-premises edge services by specifying source, destination, and target criteria.
For more information, see How to Create Ingress NAT Rules.
Barracuda SecureEdge Agent
Barracuda SecureEdge allows administrators to enroll users with their respective devices. The Barracuda SecureEdge Agent is a Zero Trust Network Access (ZTNA) agent running on the client that connects to the services offered by Barracuda SecureEdge. The SecureEdge Agent allows users or groups to connect to different resource types, including custom apps or public endpoints such as SaaS services. A single user can enroll multiple devices on the same token. After the enterprise enrollment process is completed, your device protection gets enabled automatically. The Barracuda SecureEdge Agent for Windows, MacOS, iOS, and Android is available from their respective app stores.
For more information, see How to Enroll Users in Barracuda SecureEdge.
Remote Access Policies
Remote access policies are (pre-)defined rules for handling network traffic and are centrally managed through Barracuda SecureEdge. Remote access policies define resources made available to end users of the SecureEdge Agent as well as the associated access criteria. Barracuda SecureEdge allows administrators to create new remote access policies for users or groups that specify access requirements associated with various types of internal and external resources. These policies also define security attributes such as the device posture. When these policies are enabled, you can either enforce compliance or log violations. Certain security features (such as security inspection, firewall enabled, antivirus enabled, block jailbroken devices, and screen lock enabled) can be enabled or disabled with a switch; other update features for the operating system and the SecureEdge Agent can also be enabled/disabled. This action is disabled by default.
For more information, see Zero Trust Access Policies.
Barracuda SecureEdge Access
Barracuda SecureEdge Access lets you implement secure access to internal and external enterprise resources, whether they are on-premises or in the cloud, by using a Zero Trust Network Access (ZTNA) solution. Zero Trust builds upon the assumption that the network is hostile. As a result, network locality is not sufficient for establishing trust, and every flow must be authenticated and authorized in a dynamic fashion. This creates an effective separation between the control plane – the supporting system that implements the flow authentication and authorization according to the defined policies – and the data plane.
For more information, see Remote Access.
SecureEdge Integration with IoT Devices
The Barracuda SecureEdge Manager allows administrators to enroll the Barracuda Secure Connector, an IoT device, with the unified cloud service entity known as SecureEdge. Barracuda Secure Connector is a hardware device that offers large-scale remote access capabilities and allows the ever-growing number of IoT devices and micro-networks to securely connect to the corporate data center via VPN.
For more information, see How to Configure IoT Devices in Barracuda SecureEdge.
Barracuda SecureEdge SD-WAN Connector
The Barracuda SecureEdge SD-WAN Connector establishes a connection between the service and a resource that cannot be reached via routing. Registration of the SecureEdge SD-WAN Connector is token based. After retrieving the token from SecureEdge, you can select the edge service or site the device should connect to. Once registered, each SecureEdge SD-WAN Connector will be assigned a single static IP address within the SecureEdge environment. It also provides a feature in which the admin can configure a list of resources that the SecureEdge SD-WAN Connector can connect to, and each resource can be reached via the Barracuda SecureEdge Agent if a policy for it exists.
For more information, see How to Configure the SecureEdge SD-WAN Connector.
Barracuda XDR
The SecureEdge Manager allows you to stream logs to the Extended Detection and Response (XDR) service. You can integrate the Barracuda XDR service via the SecureEdge Manager and stream logs for security threats.
For more information, see How to Configure Barracuda XDR in SecureEdge.
What's New in Version 9.0.1
SafeSearch Enforcement
The SafeSearch enforcement feature is now available in the Barracuda SecureEdge Manager. It allows you to enforce SafeSearch per workspace for internet search engines.
Supported search engines:
- Yahoo
- Bing
- YouTube
- DuckDuckGo
For more information, see How to Enable Safe Search in Barracuda SecureEdge.
Silent Ad Blocking
The Barracuda SecureEdge Manager allows you to create a web policy per workspace that silently blocks online advertisements and banners.
For more information, see How to Enable Silent Ad Blocking.
Web Monitoring Policies
The Barracuda SecureEdge Manager allows you to configure Web Monitoring policies, so that suspicious keywords can be detected in search engines such as Google, Yahoo, Bing, DuckDuckGo, and YouTube.
For more information, see How to Configure Web Monitoring in Barracuda SecureEdge.
Custom Categories
You can now create your own custom categories to filter traffic from specific domains, specific categories, or a combination of domains and categories.
For more information, see How to Create Custom Categories.
Additional Policy Modes
The Barracuda SecureEdge Manager allows administrators to configure Web Filter policies to protect against potential threats and enforce corporate policies. The Web Filter policies now also offer the actions Alert and Warn. With the enhanced Web Filter rule, you can also either alert or warn users against suspicious traffic.
For more information, see Web Filter Policies and How to Create an Explicit Web Filter Policy.
SecureEdge Dashboard
A new, enhanced Barracuda SecureEdge dashboard is now available. The main dashboard of SecureEdge consists of three customizable pages: a general dashboard, an SWG dashboard, and a security dashboard.
For more information, see Dashboard and How to Customize a SecureEdge Dashboard.
Bridging Features
The Barracuda SecureEdge Manager allows you to create a switch bridge for Private Edge services and sites. In addition, you can also create an inline bridge that is available only for stand-alone sites, which includes both HA and non-HA pairs.
For more information, see:
- Bridging
- How to Create a Switch Bridge
- How to Create an Inline Bridge on an Existing Stand-Alone Site
- How to Create an Inline Bridge on a Stand-Alone Site
Health Check for WAN Interfaces
For selected sites or Private Edge services, you can configure health check for WAN interfaces.
For more information, see How to Enable Health Check for WAN Interfaces.
ICMP for Access Control Lists
The Barracuda SecureEdge Manager allow you to configure access control and security policies via the Security Policy icon in the Cloud UI. With access control lists, you can now configure ICMP either to allow or deny access based on source and destination.
For more information, see Network Policies.
- For information on Edge Service ACL, see How to Create an Edge Service ACL.
- For information on Site ACL, see How to Create a Site ACL.
Updated Syslog Streaming Capabilities
The Barracuda SecureEdge Manager allows administrators to configure syslog streaming. New log files have been added such as the web alert log, web security log, web warn log, and web monitor alert log.
For more information, see How to Configure Syslog Streaming in SecureEdge.
IPsec VPN
Barracuda SecureEdge can establish IPsec VPN tunnels to any standard-compliant third-party IKEv2 IPsec VPN gateway. The IPsec VPN protocol is the industry-standard VPN protocol and allows you to create site-to-site IKEv2 VPN tunnels to third-party VPN gateways.
For more information, see How to Configure a Site-to-Site IPsec IKEv2 VPN Tunnel on SecureEdge Using Static Routing.
For more information on Teridion Integration in SecureEdge, see How to Connect Barracuda SecureEdge to Teridion via IPsec Static Routing and How to Connect Barracuda SecureEdge to Teridion via Dynamic Routing (BGP) over IPsec.
Available Hotfixes
Hotfix 1099 - Cumulative 9.0.0 for CloudGen Firewall and SecureEdge.
Summary:
This hotfix now bonds interfaces to have the correct MAC addresses.
The VPN service no longer produces errors when forward error correction is used in combination with bandwidth probing.
Fixes CVE-2023-2650 (OpenSSL).
TINA site-to-site transports no longer malfunction if a PPPoE provider has been configured.
To download the package, go to https://dlportal.barracudanetworks.com/#/packages/5682/cumulative-1099-9.0.0-187145908.tgz.
To download the new update package including the hotfixes, go to https://dlportal.barracudanetworks.com/#/packages/5684/update.GWAY-9.0.0-0511+2hotfixes.tgz
Hotfix 1104 - SecureEdge Security
Summary:
This hotfix now fixes a kernel crash in VPN with enabled FEC.
Hotfix 1102 - Cumulative 9.0.0 for CloudGen Firewall and SecureEdge.
Summary:
This hotfix now includes syslog streaming and Barracuda XDR capabilities for SecureEdge.
Fixes a kernel crash caused by configuration changes and session re-evaluations.
Hotfix 1110 - SecureEdge Security
Summary:
Fixes a routing issue on Azure Virtual WAN Edge Services.
- Allows configuration of several PPPoE devices.
- This hotfix now allows site-to-site traffic for IPsec tunnels with static routing over SecureEdge Azure Services.
Known Issues 9.0.1
- Authentication – The AzureAD user authentication via SecureEdge Manager does not work if the AzureAD user does not have a group affiliation. [BNNGF-92162]
- IPsec VPN – The IPsec IKEv2 VPN tunnel does not work with SD-WAN PIN policies. [BNNGF-92515]
- Re-imaging boxes via a USB drive with two ISO images does not work. The newest ISO image does not override the older one and makes the /art directory full. [BNNGF-92603]
- Bridge – Reconfiguring a WSG Bridge, leads to broken ARP negotiation and causes internet outages. [BNNGF-92703]
- SecureEdge Access Agent – The SecureEdge Access Agent does not work when the VPN service is not listening on fallback port 443. [BNNGF-93219]
What's New in Version 9.0.2
SecureEdge Access Mass Enrollment
The Barracuda SecureEdge Manager allows administrators for mass enrollment for SecureEdge Access with their respective devices. You can now enroll multiple groups and users at the same time
For more information, see How to Enroll Users in Barracuda SecureEdge.
SecureEdge Access Global and User Settings
As of the 9.0.2 release, administrators can configure additional SecureEdge Access settings on global and user level. You are provided with several new safety features for SecureEdge Access, such as:
- Tamper Proof – User can no longer disable the SecureEdge Access Agent, unenroll the SecureEdge Access Agent, or quit SecureEdge Access Agent by right-clicking on the system tray.
- Device Pre-Logon – Enables numerous accounts on Windows to share the same enrollment link. Administrators can manage user devices running Windows without the user being logged in.
- User Device Limit – Refers to the number of devices the user is allowed to enroll.
In addition, you can now override the global SecureEdge Access/Default settings of the ZTNA features and create settings on a user level.
- User Override – You can override ZTNA features on each user level.
For more information, see How to Configure SecureEdge Access Global Settings and How to Configure SecureEdge Access User Settings.
Application Catalog Entries
The Barracuda SecureEdge Manager allows administrators to define applications to appear in the SecureEdge Access Agent app for quick access.
For more information, see How to Configure Application Catalog Entries
SecureEdge Zero Trust Access Dashboard
A new, Barracuda SecureEdge Zero Trust Access dashboard is now available. The Barracuda SecureEdge Manager allows you to create and customize your own SecureEdge Zero Trust Access dashboards in order to simplify the management of traffic information and status for connected users, resources, and custom applications. 
For more information, see How to Customize a SecureEdge Zero Trust Access Dashboard.
Known Issues 9.0.2
- ACL Rule – Setting up the source or destination criteria to all sites and all private Edge Services results in the same networks configured on the box. [SWCS-3988]
Known Issues Related to Azure Log Analytics (OMS)
On boxes with Azure Log Analytics (OMS) activated, the phibs service does not restart automatically after update. To get the service running, a reboot is required.