How to Create Ingress NAT Rules

The Barracuda SecureEdge allows administrators to create ingress NAT rules for sites and on-premise gateways. Ingress traffic means any form of network traffic and data communication from external networks to destinations inside the host network. In the network policies, you can add a new ingress NAT rule by specifying source, destination, and target criteria, edit an existing ingress NAT rule, and remove an existing ingress NAT rule. 

Requirements and Limitations

• For information on the limitation of DNS objects (512 per default), see Hostname (DNS Resolvable) Network Objects in the CloudGen Firewall documentation.

• To enable a security feature against ingress traffic, you must use the same application as target of the ingress rule and as destination of the security feature. Do not use local firewall IPs as redirect targets.

• HA session sync does not work for ingress traffic coming through dynamic ISPs (DHCP).

• It is recommended to use a secondary IP if you configure an Ingress NAT rule redirecting the TCP port 22 (SSH). Support access to the SecureEdge appliance is not possible if the rule is defined otherwise.

Create an Ingress NAT Rule

1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

2. Select the workspace containing your site.

3. In the left menu, click the Security Policy icon. 
   

   

4. Expand the Network ACL menu and select the Ingress NAT. 
   

   

5. The Ingress NAT window opens. To create a new rule, click Add rule.

   

6. In the Add New Rule window, specify values for the following:

   • Name – Enter a name.

   • Description – Enter a description.

   • In the SOURCE CRITERIA section, specify the following:

     • Type – Select a source type. You can choose between Internet and IP/Network.

     • When selecting IP/Network, enter the IP address or network, and click +.

   • In the DESTINATION CRITERIA section, specify the following:         

     • Type – Select a destination type. You can choose between Private Edge and Site.

     • Private Edge –  Select your destination private edge.

     • WAN – Select your destination WAN interface according to the public IP you need.

       • If you select static WAN, specify the value for the following:

         • Address – Select the address from the drop-down menu. You can choose either Primary Address or Additional Addresses.. By default, the primary IP address is used on the static WAN interface. For example, in this case, the selected Primary Address = 15.45.125.5.

           

     • PAT Public Port – Select the destination PAT public port.

   • In the TARGET CRITERIA section, the target is defined as a custom application.

     • Application/Resources –  Select an application.
       

       

7. Click Save.

Edit an Existing Ingress NAT Rule

To edit an existing ingress NAT rule:

1. Expand the Network ACL menu on the left and select the Ingress NAT. The Ingress NAT window opens.

2. Click on the pencil icon next to the rule you want to edit.

   

3. The Edit Rule window opens. Edit the value you are interested in.

4. Click Save.

Remove an Existing Ingress NAT Rule

To remove an existing ingress NAT rule:

1. Expand the Network ACL menu on the left and select Ingress NAT. The Ingress NAT window opens.

2. Click on the trash can icon next to the rule you want to remove.
   

3. The Delete Rule window opens.
   

4. Click OK to confirm.

Filtering Functions

You can add filters to view specific content on the page. Click Add Filter in the top-right corner of a page and select the criteria you wish to search for.

To reset the filter, click Clear Filters.