While you are connected to the SSL VPN, you can enable or disable dynamic firewall rules for the Barracuda NG Firewall. Only dynamic or timed rules are evaluated. However, you must activate these rules for use with SSL VPN connections. Otherwise, the rules will not be visible to administrators that are connected.
In this article:
Create a Dynamic Firewall Rule
Create a dynamic firewall rule. For example, you can create a firewall rule named box-mgmt-dynamic with the following settings:
- Action – App Redirect
- Dynamic Rule – Select this check box.
- Source –
- Service – NGF-MGMT-BOX (This service object includes all necessary NG Firewall management ports)
- Destination – The WAN IP address.
- Local Address – The box management IP address.
Activate the Dynamic Firewall Rule for SSL VPN
- Open the SSL-VPN page (Config > Full Config > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service).
- In the left menu, click Dynamic Firewall Rules.
In the Firewall Rule Activation table, add an entry for the dynamic firewall rule. For the entry, you can configure the following settings:
Setting Description Active To make the firewall rule visible to SSL VPN users, select this check box. Visible Name The name for the firewall rule. For example,
NG Firewall Management
Link Description A description of the rule for SSL VPN users. For example,
Here you can activate the dynamic firewall rule for management access.
Dynamic Rule Selector
In this table, delete the asterisk (*) that is included by default and add the names of the dynamic firewall rules that you created for the SSL VPN. For example, box-mgmt-dynamic.
Make sure that you correctly enter the firewall rule names; otherwise, the firewall rules will not be activated for use over SSL VPN connections.
Allowed User Groups In this table, delete the asterisk (*) that is included by default and add the names of the MSAD groups for administrators. For example, *OU=admins*.
- Click OK.
- Click Send Changes and Activate.
Enable and Disable the Dynamic Rule
While you are connected to the SSL VPN, go to the Firewall > Dynamic page on the Barracuda NG Firewall. On this page, you can enable dynamic firewall rules for a specified length of time. If you do not specify a length of time for a firewall rule, it stays enabled until you manually disable it.
For more information on activating dynamic firewall rules, see How to Create and Activate a Dynamic Firewall Rule.