It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

User Objects

  • Last updated on

User objects restrict firewall rules to specific users and user groups. You can apply user objects to forwarding firewall rules and specify user conditions such as login names, groups, and policy role patterns. You also have the option to include VPN groups in the object configuration.

User objects are populated by querying the external authentication servers or the local authentication service on the Barracuda NG Firewall. For VPN, users objects can also query X.509 certificate patterns.

User Conditions

When you create a new user object, configure the following settings in the User Condition configuration window to define the users that the user object applies to:

user_object_cn.png

  • Authentication Pattern – The group assignments of the users, according to the affected external authentication scheme (MSAD, LDAP, or RADIUS).

  • Policy Roles Patterns – The policy role patterns for VPN users when using the Barracuda Network Access Client. You can select:
    • healthy
    • unhealthy
    • untrusted
    • probation
  • X509 Certificate Pattern – The certificate conditions for VPN users and groups:
    • Subject/Issuer – The subject/issuer of the affected X.509 certificate. If multiple subject parts (key value pairs) are required, separate them with a forward slash (/). For example, if OU=test1 and OU=test2 are required, select OU and enter test1/test2.

  • Policy/AltName – The ISO number and the SubjectAltName according to the certificate.

  • VPN User Pattern  – The VPN login and VPN group policy that the object has to apply to in the  VPN Group  field.
  • Authentication Method – In this section, you can specify the following settings:
    • Origin – Defines the type of originator. The following originators are available when configured:
      • VPNP (PersonalVPN)
      • VPNG (GroupVPN)
      • VPNT (Tunnel)
      • HTTP (Browser login)
      • Proxy (Login via proxy)

    • Server/Service/Box  Allows enforcing authentication on a certain server/service/box.

Create a User Object

Last updated on
Previous Article Next Article