We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
Accept
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Network Objects

  • Last updated on

Use network objects to reference networks, IPv4 and IPv6 addresses, hostnames, geolocation objects, or interfaces when you create firewall rules. A network object can also include other existing network objects. Network objects are stored in the host and forwarding firewall. If the Barracuda NG Firewall is managed by a Barracuda NG Control Center, it also inherits all network objects in the Global, Range, and Cluster Firewall Object stores.

Firewall rule management is simplified with the use of network objects instead of explicit IP addresses. For example, if an IP address changes, you do not have to edit it in every rule that references it; you must only change the IP address in the network object. The IP address is then automatically updated for every rule that references the network object.

Unified networks objects cannot contain both IPv4 and IPv6 addresses. For more information, see How to Use IPv6.

Network Object Types

A network object may consist of the following: 

  • Generic Network Objects – You can add network addresses of all types. All network objects that are available on Barracuda NG Firewall systems by default are configured as generic network objects.
  • Single IP Address – A single IP address.
  • List of IP Addresses – Multiple single IP addresses and/or references to other single IP address objects. For example: 10.0.10.1, 10.0.10.10, 10.0.10.127
  • Single Network Address – A single network. For example: 10.0.10.0/25
  • List of Network Addresses – Any combination of multiple networks, IP addresses, and/or references to other network address objects. For example: 10.0.10.0/25, 172.16.0.10

  • Hostname (DNS Resolved) – A single DNS resolvable host name. For example: myhost.test.com

    If the hostname used in the network object is not resolvable, any firewall rules that use it will never be matched to traffic. For a detailed description of configuration options, see Hostname (DNS Resolvable) Network Objects.

  • Single IPv6 Address – A single IPv6 address.

  • List of IPv6 Addresses – Multiple IPv6 addresses and/or references to other single IPv6 address objects.
  • Single IPv6 Network – A single IPv6 network.
  • List of IPv6 Networks – Any combination of multiple IPv6 networks, IPv6 IP addresses, and/or references to other IPv6 network address objects.

  • Excluded Entries – Specific networks that are excluded from the network object.

    For transparency and consistency, other network objects cannot be referenced in the Excluded Entry section.

  • Enable L3 Pseudo Bridging – When bridging is activated on an interface, host routes and PARPs are automatically created by the Barracuda NG Firewall. In this section, you can specify the information required for this task. The Bridging section is only available in the Local Networks list of the Forwarding Firewall service. Select Bridging enabled (Advanced Settings) from the list (default: Bridging not Enabled) if you want to configure bridging details.

    The configuration options in the Bridging section are only applicable for Layer 3 Bridging. For more information, see How to Configure Layer 3 Bridging.

     

    • Interface Address Reside – The name of the interface on which bridging is to be enabled (for example, eth1).
    • Parent Network – The superordinate network from which the bridged interface has been separated.
    • Introduce Routes  Introduces host routes to the IP addresses to be separated from the superordinate network (IP addresses listed in the network object) automatically.
    • Restrict PARP to Parent Network – Restricts the Proxy ARP to only answering ARP requests within the parent network.

Network objects cannot be deleted if they are referenced by other objects. You can delete network objects when they are only referenced in configuration files. Before you delete a network object, verify that it is not used anywhere. The Referenced By column in the Network Objects listing displays where a network object is currently referenced.

Last updated on