This article covers initial steps for getting started with Barracuda Content Shield DNS filtering and creating basic policies, and applies to
- Barracuda Content Shield (BCS) subscriptions
- DNS Filtering feature of Email Protection Premium
- DNS Filtering feature of Email Protection Premium Plus
Barracuda Content Shield (BCS) delivers a powerful web and file threat protection solution along with content filtering. Both multi-tenant (for MSPs) and single-tenant (for non-MSPs) versions are available.
If you received an email with a serial # and a linking code for BCS, and you haven't yet activated your BCS account, you can do so with these steps:
- Log into the BCS Activation Portal with your Barracuda user account credentials at https://www.bcs.barracudanetworks.com/activate .
- Enter your serial number and linking code.
- Click Activate. This action links your new subscription serial number to your Barracuda Cloud Control account. If you need help with the above process, contact Barracuda Networks Support: https://www.barracuda.com/support
- Log into your BCS account at https://www.bcs.barracudanetworks.com/login.
To set the time zone for your BCS instance (note that this setting also applies to ALL of your Barracuda Cloud products), see How to Set the Time Zone.
Step 1. Configure DNS Based Filtering
DNS filtering with your BCS account offers the ability to set a blanket policy for an entire network based on the network's egress IP address. DNS filtering introduces no latency to internet bound traffic, and can control any device type without installing an agent or having administrative control of the device. BCS will not respond to DNS requests from unregistered networks, so the first step is to register your egress IP address with BCS. If you are unsure of your egress IP address, you can use a site like whatismyip.com to determine what it is.
Navigate to the DNS filtering page using the left navigation menu and select ADD LOCATION. Follow steps in the wizard to complete adding the location.
The first step is to configure the IP address, either automatically or manually, in the Getting Started popup:
- Use the Manual setting if your ISP provides a static IP address that does not change. Click Start, and follow the prompts in the wizard.
- Use the Automatic setting if your ISP provides a dynamic IP address. Click Start, and follow the prompts in the wizard. In this case, you must install the Dynamic IP updater on a single machine that permanently resides within the environment. This allows the BCS service to be updated automatically when your IP address changes. The final step of the wizard provides links to download the Dynamic IP updater and installer key.
See How to Configure DNS Filtering and Policies for details.
Step 2. Create a Filtering Policy
In the Add Location screen of the wizard, select one of the preset category policies, or modify one to create a custom policy that meets your requirements. See How to Configure DNS Filtering and Policies for details.
TIP: If you create a custom policy, it is saved in the list of category policies which can be used later if you add additional locations. This allows you to easily duplicate the same policy across your locations in the future, and there is no limit on the number of locations you can add in one BCS account.
When you click Next, you have the opportunity to create any block or allow exceptions to your category policy. These can be made in the form of domains (ex: google.com) or subdomains (ex: mail.google.com) There is no need to specify protocols like HTTP or leading with www. Exceptions take precedence over category policies and can be set to block or allow.
The final step shows the DNS servers that you will provide to all of the clients on the network being filtered. Barracuda Networks recommends initially setting these DNS servers manually on the systems you are going to test policy with. After you are satisfied with your policy, these DNS servers can be added to your DHCP server, which can then pass ou the Barracuda DNS IP address to clients connecting to your network.
Alternatively, if you have your own internal DNS server, you can set that up as a conditional forwarder. This allows your DNS server to resolve any internal resources and forward any requests to BCS for external resources and filtering based on your set policy. See How to Configure a Local DNS Server to Forward to Barracuda DNS Nameservers for details.