Services are software modules running on the service layer of the Barracuda NG Firewall. Each service provides a piece of network functionality. Depending on which service you start, it might require additional services or be limited to one service per virtual server or NG Firewall. The following services are available on standalone and managed Barracuda NG Firewalls:
Access Control Service
The Barracuda NG Firewall Access Control service defines security policies for network users (e.g., VPN clients) and provides a range of features, such as registry checks and repairs on a client. Create access control objects with policy rulesets specifying required system and service settings to let the Barracuda NG Firewall perform identity and health checks on connecting clients and groups.
For more information, see Access Control Service.
The DHCP service automatically assigns IP addresses to clients in the same network. For clients requiring special DHCP options, combine the DHCP server with the DHCP Relay service to share a DHCP server across multiple network segments.
For more information, see DHCP.
The Barracuda NG Firewall can act as an authoritative DNS server. The DNS service returns definitive answers to DNS queries for domain names and IP addresses. Use split DNS to return different answers depending on the source IP of the DNS query. This allows you to redirect internal clients to an internal IP address of a server.
For more information, see DNS.
Dynamic Routing Protocols
Dynamic Routing enables the NG Firewall to learn and select the optimal route to a destination IP address, detects changes to the network topology, and advertises these changes to other neighboring routers. The Barracuda NG Firewall supports three Dynamic Routing protocols - OSPF, RIP (V1 and V2), and BGP.
For more information, see Dynamic Routing Protocols (OSPF/RIP/BGP).
The Forwarding Firewall handles all traffic for which the destination does not match with a listening socket on the Barracuda NG Firewall - in other words, all traffic passing through the NG Firewall. The firewall service in the NG Firewall offers Application Detection 2.0, integrated Virus Scanning, URL Filtering, and an integrated Intrusion Prevention System.
For more information, see Firewall.
The FTP Gateway service of the Barracuda NG Firewall acts as a proxy for an internal FTP server. Policies including authentication settings, permissions, and restrictions for server access and file handling are defined per gateway. You can also create user and group specific profiles.
For more information, see FTP Gateway.
The Barracuda NG Firewall HTTP Proxy service provides content filtering and caching, antivirus, malware protection, and access control. You can configure the HTTP Proxy in forward, reverse and transparent mode.
For more information, see HTTP Proxy.
The Mail Gateway service handles mail traffic according to delivery policies and scans incoming and outgoing mail for viruses and malware. The Mail Gateway also supports extended domains, POP3 scanning, and group patterns for recipient verification. The Mail Gateway interface displays the mail queue from where you can perform operations such as showing processes, logfiles etc.
For more information, see Mail Gateway.
The SSH Proxy service of the Barracuda NG Firewall allows regulating SSH connections. Based on OpenSSH, the SSH Proxy service provides DoS protection, public key support, and configurable SSH protocol support for accessing target systems.
For more information, see SSH Proxy.
To correctly forward SIP traffic, the Barracuda NG Firewall includes a SIP Proxy service. This service will act as a (transparent) proxy for SIP and RTP connections.
For more information, see SIP Proxy.
The Barracuda NG Firewall Spam Filter service identifies spam by using mechanisms such as text analysis, DNS blacklists, and collaborative filtering databases. The spam filter examines the mail header and body against a configured ruleset and a Bayesian filter. To improve the filter mechanisms, the mail filter also regularly collects and processes mail from configured training environments.
For more information, see Spam Filter.
The Barracuda NG Firewall offers the choice between two different web filter engines: the Barracuda Web Filter (CFDEF) or the Barracuda NG Web Filter (IBM/ISS). Both engines can be used by the Barracuda NG Firewall HTTP Proxy service, but only the Barracuda Web Filter can be used in combination with Application Control 2.0. URLs are categorized according to content.
For more information, see URL Filter.
The Virus Scanner service of the Barracuda NG Firewall provides virus protection, archive scanning, malware detection, and HTTP multimedia streaming. The Virus Scanner service can be configured using the integrated Avira or ClamAV virus scanning engine. Using the Virus Scanner service requires a subscription that can be renewed annually.
For more information, see Virus Scanner.
The VPN service supports site-to-site, client-to-site, and SSL-VPN VPN connections. The Barracuda NG Firewall supports multiple encryption methods, traffic intelligence, and WAN optimization when using the TINA protocol. IPsec client-to-site connections also support authentication using pre-shared keys, which is used by iOS and Android clients.
For more information, see VPN.
For administration of Wi-Fi networks, the Wi-Fi service provides configuration settings for the local access point. The service also supports user authentication in large networks via RADIUS and EAP.
For more information, see Wi-Fi.