It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Create a Pool Object

  • Last updated on

Firewall admins must make intensive use of network and IP addresses at several configuration places. Although configuring addresses manually provides more flexibility, assigning IP addresses automatically can save time.

A Pool Object automatically assigns IP addresses from a configurable range.

Note that a Pool Object can be used on Control Centers only!
Usage and Limitations

Pool Objects can be created on a global, range, or cluster level. The IP addresses taken from a Pool Object can be used at all places where, previously, only predefined single IPv4 address objects were allowed. The main applications for Pool Object IP addresses are Management IP, VIP, and Shared IP.

Although the assignment to a specific box is done automatically, creating a Pool Object must be done manually. Admins must therefore ensure that no overlapping of configured IP addresses in the pool occurs.

When a new IP address is requested from the address pool, the firewall assigns the next available IP address that is higher than the highest, most recently assigned IP address. These automatically assigned IP addresses are subordinated to the STATIC node in the view of network objects.

If a firewall that used an automatically assigned IP address has been deleted, the Control Center puts this IP address back into the pool of unused IP addresses. Therefore, when the highest available IP address has already been assigned, the Control Center checks all unused IP addresses in the pool and can reassign this free IP address on the next request.

Note that only a single network address in CIDR notation is currently evaluated. This network must be configured in the first line of the related configuration area:

pool_object_only_network.png

For more information on how to create network objects, see How to Create Network Objects.

Important Considerations for Using Pool Objects

Before using a Pool Object, carefully plan for the usage of Pool Object-based IP addresses and their associated network addresses. Inappropriate usage can lead to duplicate IP addresses.

Because pool-based IP addresses can be created for VIP networks and are also listed for non-VIP-related fields, selecting the incorrect pool object later for usage can cause problems.

Note that there are no mechanisms in place to prevent the overlapping of pool IP networks!

It is therefore important that you carefully check when selecting a configured pool.

Options for Creating a Pool Object

Pool Objects can be configured on a Control Center at Global Settings > VIP Networks. You can also create a Pool Object by selecting it from the list of available network objects and adding an address range from which automatically provided IP addresses are distributed on demand.

Option 1: How to Create a Pool Object as a Global Firewall Object

Log into your Control Center.

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Global Firewall Objects/Policies.
  2. Click Lock.
  3. Right-click in the main view.
  4. Select New... from the list.
    msp_pool_object_create_new_msp_pool_object.png
  5. The Edit/Create Network Object window is displayed.
  6. Click the list item for Type.
  7. Select Pool Object from the list.
    pool_object.png
  8. For Name, enter the name for the new Pool Object.
  9. Click the '+' symbol to the right of Include Entries.
  10. The Edit/Create Include Entry window is displayed.
  11. Enter the network address in CIDR notation, e.g., 10.0.1.0/30.
  12. Click Insert and Close.
    msp_pool_object_complete_entries_for_msp_pool_object.png
  13. Click OK.

After the configuration, the new network will be displayed in the list of the main view subordinated to the STATIC node. Note that the leading symbol at the beginning of the line indicates that this is an MSP Pool Object:

msp_pool_object_input_completed.png

 

Option 2: How to Create a Pool Object for VIP Networks

To provide IP addresses for VIP networks, perform the following steps:

  1. Log into your Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > VIP Networks.
  3. Click Lock.
  4. Click the green '+' symbol at the top of the list box to add a new VIP network.
  5. The VIP Networks window is displayed.
  6. Enter the name of your new VIP network.
  7. For Network Address, enter the network address.
  8. For Netmask, select the size of the netmask in bits from the drop-down list.
  9. For Generate Pool IP object, select the check box.
    msp_pool_object_create_vip_network.png
  10. Click OK.

The new network will be displayed in the list of configured VIP networks.

msp_pool_object_create_vip_network_created.png

This new network will also be displayed at CONFIGURATION > Configuration Tree > Multi-Rage > Global Settings > Global Firewall Objects/Policies > Networks.

The comment for the new entry has been automatically set to contain the text Auto generated Pool IP object for net VPN01.

msp_pool_object_vip_network_displayed_in_networks.png

Checking the Pool Object IP Addresses that Are in Use

Although you can create new Pool Objects at the two different places described above, you can check all of them in the same view at CONFIGURATION > Configuration Tree > Multi-Rage > Global Settings > Global Firewall Objects/Policies > Networks.

msp_pool_object_complete_overview_of_all_MSP_pool_objects.png

If you want to know which firewall is using an IP address of one of the configured pools, perform the following steps:

  1. Right-click the required line in the list.
  2. In the menu list, click Referenced by... .
  3. The Referenced By window opens.
  4. In the list, you can see what appliances are referencing the MSP Pool Object.

msp_pool_object_list_window_references.png