In this article:
Before you Begin
Connect the network to a port of the Barracuda NG Firewall. Do not use the management port.
Step 1. Configure a Direct Route
Add a route for the direct attached network.
- Open the Network page (Config > Full Config > Box).
- In the left menu, click Routing.
- Click Lock.
- In the Routes table, click + to add a route:
- Name – Enter a name.
- Target Network Address – Enter the network in CIDR format. E.g.,
- Route Type – Select direct attached network.
- Interface Name – Select the interface you used to connect to the network. E..g, eth1
- Trust Level – Select the trust level. Your network will automatically be connected to the corresponding network objects. Use Untrusted for WAN connections, Trusted for LAN connections.
- (optional) Advertise Route – To propagate this network route via the OSPF/RIP/BGP service, select Yes. For more information, see Dynamic Routing Protocols (OSPF/RIP/BGP)
- Click OK.
- Click Send Changes and Activate.
Step 2. Activate the Network Configuration
After you have configured the network route, you must activate your new network configuration.
- Go to the Control > Box page.
- In the left menu, expand Network and click Activate new network configuration.
- Select Soft. The Soft Activation Succeeded message is displayed after your new network configurations have been successfully activated.
The direct attached route is now displayed as pending on the CONTROL > Network page. To make the route active, you must use one of the IP addresses in the network as a virtual server IP address (default) or as an additional IP address (remote units).
- Default: You must use at least one IP address from the network as a virtual server IP address. If you are using a high availability setup, these virtual server IP addresses will be transferred to the secondary NG Firewall in case of a failure.
- In case of remote access: If you are using the Barracuda NG Firewall via remote management tunnel, add the IP address to the Additional IP addresses (Config > Full Config > Network). IP addresses assigned on box level are not synced to the HA partner. When using the IP address on box level, the route will remain active even if the virtual server is running on the other NG Firewall in the HA cluster.