It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Enable Integration with Barracuda XDR

  • Last updated on

The Barracuda CloudGen Firewall allows administrators to stream relevant security events to the Barracuda XDR platform to detect and provide an incident response to malicious events. A 24x7 SOC team streamlines responses to incidence, which reduces the damage of the attack. For more information on the Barracuda XDR solution, please refer to: https://barracudamsp.com/product-details/extended-detection-and-response-xdr/

  • Starting with firmware 9.0.1, a Firewall Insights subscription is no longer required. 
  • Be aware that streaming events to Firewall Insights and Barracuda XDR at the same time is not possible.

Enable Streaming to Barracuda XDR Platform for Standalone Firewalls

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.
  2. In the left menu, click Reporting.
  3. Expand the Configuration Mode menu and select Switch to Advanced.
  4. Click Lock.

  5. Enable the service and select Generic Logstash

  6. Select the checkbox for Verify Server Certificate.
  7. In the Hostname field, enter the endpoint FQDN: cloudgenfw.ingest.skoutsecure.com:5044

  8. Set Use Remote Management Tunnel to No.

    xdr_int_conf.png

    If the box has Internet access via a remote management tunnel, you can set this parameter to Automatic.


  9. Click Send Changes and Activate.

Enable Streaming to Barracuda XDR Platform for Managed Firewalls

  1. Go to CONFIGURATION > Configuration Tree > Range > Cluster > Boxes > Box > Infrastructure Services > Syslog Streaming.
  2. In the left menu, click Reporting.
  3. Expand the Configuration Mode menu and select Switch to Advanced.
  4. Click Lock.

  5. Enable the service and select Generic Logstash.

  6. Select the checkbox for Verify Server Certificate.
  7. In the Hostname field, enter the endpoint FQDN: cloudgenfw.ingest.skoutsecure.com:5044
    xdr_int_settings.png

  8. Set Use Remote Management Tunnel to No

    If the box has Internet access via a remote management tunnel, set this parameter to Automatic.


  9. Click Send Changes and Activate.
(Optional) Link the Syslog Streaming Node to a Repository
  1. Make sure that repositories are enabled. For more information, see Repositories.
  2. Within the Configuration Tree, right click on the Syslog Streaming node that has been configured, and select Copy to Repository.
  3. Select the repository and enter appropriate object name.
  4. Right-click the created repository object and select Multiple Object Action.
  5. Select all firewalls in your Control Center you want to activate the integration for.
  6. Select Link to Repository as the Action on selected Nodes, and click Go.
  7. Click OK.
  8. On the top-right of the window, click Activate.