We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure a Local Bridge

  • Last updated on

To transparently connect your local workstation with the network across a Barracuda NG Firewall use a local bridge. This configuration allows you to explore the Barracuda NG Firewall’s advanced traffic and application inspection features by using traffic that your workstation generates on the LAN. To make the connection transparent you must configure a local bridge and create a firewall rule to allow traffic between the bridged interfaces.

FW_Bridging_localbridge.png

In this article

Before you Begin

Before configuring a local bridge, make sure that the following services are correctly configured– 

  • Firewall – It is assumed that port 1 is the management port and the default management IP 192.168.200.200 listens on this interface.
  • WiFi – For the Barracuda NG Firewall F101/F201/F301, the Country must be selected. Otherwise, IP configurations involving WiFi interfaces are not possible.
  • DHCP Server – Make sure that DHCP server and DHCP client are disabled. By default, both are disabled. 

These instructions also provide example settings that assume that your workstation is connected to port 1 and that you are creating a bridge between port 2 and port 3.

Step 1. Configure the Local Bridge

  1. Open the Network page (Config > Full Config > Box > Network).
  2. For the Barracuda NG Firewall F101, F201, or F301 with Wi–Fi enabled:
    • Select WIFI from the Configuration menu in the left navigation pane.
    • Make sure that the correct Location setting is selected.  
  3. Open the Forwarding Firewall Settings page (Config > Full Config > Box > Virtual Servers > > Assigned Services > Firewall).
  4. From the Configuration menu in the left navigation pane, select Layer 2 Bridging.
  5. Click Lock .
  6. In the Bridged Interface Group table, add a group:
    • Bridged Interfaces – In this table, add all of the interfaces that must be bridged together in this group. For example, add entries for port 2 and 3.
      For each interface, you can specify the following settings:
      • Name – The exact network interface label, as listed in the network configuration. For VLANs, enter the physical VLAN interface and the VLAN tag separated by a dot. For example, eth1.5 .  
      • Allowed Networks (ACL) – Networks that are allowed to communicate over the bridged interface. You can enter complete networks, individual client/server IP addresses, or network ranges. For example, enter 0.0.0.0/0 in the configurations for port 2 and port 3.
      • Unrestricted MACs – List of MAC address for which the Allowed Networks (ACL) does not apply.
      • MAC Change Policy – To specify if the MAC address of the interface can be changed, select Allow–MAC–Change (default). If the MAC address must not be changed, select Deny–MAC–Change.
    • Bridge IP Address – In this table, add an entry or edit an existing entry for the gateway to assign an IP address to this bridging group. In the entry, specify the following settings for the gateway.
      • Bridge IP Address – IP address for the gateway. For example, enter 10.17.11.55 or an IP address that is relative to your network.
      • Bridge IP Netmask – Netmask for the gateway.

        To get the gateway of the LAN before you disconnect your computer from the LAN, go to Control Panel > Network and Sharing > Change adapter settings on your workstation. Select your LAN adapter and click the IPv4 properties. If you have a static IP address, information including the default route and DNS information is displayed. If you have a DHCP address, your information will not display.

        If you have a DHCP address, enter the following at the Windows command line–

        ipconfig/all

        All of the network configurations display on the screen. Scroll to the top and find the Ethernet adapter Local Area Connection settings.

      br_int.png

  7. Click Send Changes and Activate.
  8. Perform a Failsafe Network Activation (Control > Box).

Step 2. Create a Firewall Rule for Local Bridging

After configuring the local bridge, you must create a firewall rule to allow traffic across the bridge and use the advanced traffic inspection features of the Barracuda NG Firewall.

  1. How to Create a Pass Firewall Rule with the following settings:
    • Bi–Directional – Enable
    • Source – Select Any 0.0.0.0/0.
    • Service – Select Any.
    • Destination – Select Any 0.0.0.0/0
    • Connection Method – Select No Src NAT [Client].

    br_pass_new.png

  2. (Optional) Enable Application Control and SSL Interception. For more information, see Application Control 2.0.
  3. Click OK.
  4. Click Send Changes and Activate.
Last updated on