We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure Guest Access with a Confirmation Page

  • Last updated on

The guest access confirmation page allows you to control access to the Internet or other networks by only allowing authenticated users. Unauthenticated users are redirected to a customizable confirmation form on the Barracuda NG Firewall. After clicking Proceed a user in the form LP-<IP Address> is created. Users who have already been authenticated or have been identified by the Barracuda DC Agent are not prompted to log in. The authentication expires after 20 minutes.

In this article:

Step 1. Enter the Guest Access Confirmation Text

You can customize the text the user has to acknowledge.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Settings.
  2. Click Lock.
  3. In the left menu, click Guest Access.
  4. (optional) Modify the Renew Confirmation After (min) entry to configure a longer or shorter authentication expiration time.
  5. (optional) Modify the Auto Renew Confirmation (min) entry. During this time span (in minutes) the user is automatically logged in again without having to re-authenticate.
  6. Enter the Confirmation text. You can use HTML tags. 
    CP_confirm01.png
  7. Click Send Changes and Activate.

Step 2. Create an App Redirect Access Rule and Pass Access Rule (Optional)

Create an app redirect access rule that redirects the user to the FWauth daemon on Port TCP 446 on the Barracuda NG Firewall, which displays the confirmation page and redirects the user afterwards. Additonally, create a pass access rule that allows HTTP and HTTPS access for authenticated users only. If your access rule set already contains a pass rule that allows Internet access for HTTP/HTTPS traffic, make sure to modify it according to the settings below and place it above the app redirect access rule.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
  2. Click Lock.
  3. Create an App Redirect access rule:
    • Action  Select App Redirect.
    • Source – Select the source network(s). 
    • Service – Select HTTP+S. Since the user has to use a browser to access the confirmation page, limit the service to HTTP and HTTPS.
    • Destination – Select the destination. E.g., Internet.
    • Redirection  Enter 127.0.0.1:446
    • Authenticated User – Select Any
  4. Click OK
    CP_confirm02.png
  5. Create an Pass access rule:
    • Action  Select Pass.
    • Source – Select the source network(s). 
    • Service – Select HTTP+S.
    • Destination – Select the destination. E.g., Internet.
    • Connection Method – Select Dynamic Source NAT
    • Authenticated User – Select All Authenticated Users
  6. Click OK.

    CP_Auth_Users.png
  7. Place the access rule so that it is the first rule to match for HTTP+S and unauthenticated users, but after the rule allowing DNS access if the DNS server is not in the local network.
  8. Verify the correct access rule order.
     CP_Rule_Order.png
  9. Click Send Changes and Activate.

Log in Using the Guest Access Confirmation Page

  1. Open the browser and enter an URL.
  2. If you are unauthenticated, you are redirected to the confirmation page.
    CP_confirm03.png
  3. Click Proceed.
  4. You are now redirected to the original URL. 
Last updated on