The Barracuda NG Firewall provides you with a few tools to test your firewall rule set:
- Check for Overlapping Rules – Highlights firewall rules with criteria that matches those of a selected firewall rule and helps you determine the best order for your firewall rules.
- Rule Tester – Tests the firewall rule set with the specified connection settings. Also verifies the consistency of your firewall rule set.
- Test Report – Contains settings and results that are saved from a rule test. Notifies you if any later changes to the firewall rule set result in an unsuccessful connection request with the saved settings.
In this article:
Check for Overlapping Rules
Because a connection request can match the criteria of multiple firewall rules, the order of the rules is important. To help you identify firewall rules with criteria that matches those of a selected rule, use the overlap checker.
- Open the Forwarding Rules page (CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall).
- Right-click a firewall rule and select Select Overlapping.
Any firewall rules with matching criteria are highlighted. In most cases, the overlap is a harmless outcome of a very openly defined firewall object such as Any.
Test the Firewall Rule Set
To test your firewall rule set, you can simulate a specific connection by entering the network data in the rule tester. The rule tester then determines which firewall rule would match this connection attempt.
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
- In the left menu, expand the Rule List Verification section and click Rule Tester.
- In the TEST CONNECTION section, enter the network parameters you want to test:
- Proto – Protocol
- Day/Hour – (Optional) Day of week and time
- Date – (Optional) Month, day, and year
- From – Source IP address
- Port – Source port (default is 2048)
- To – Destination IP address
- Port – Destination port
- SMAC – (optional) Source MAC address
- Input-IF – (optional) Incoming interface
- Output-IF – (optional) Outgoing interface
Srv – Service
- Click Test. The test result is displayed in the TEST RESULT section.
Save the Rule Test to a Test Report
- To save your firewall rule test settings and result, click LOCK, enter a name in the Save Result to field and click Save Result to.
Your test is saved as a test report.
- To view your saved test results, expand Rule List Verification and click Test Report in the left pane of the rule set page.
On the Test Report page, successful test results are indicated by a green icon. Unsuccessful test results are indicated by a red icon. If you make changes to the firewall rule set that would cause an unsuccessful test connection for a test report (such as renaming objects or changing the order of firewall rules), the green icon turns into a red icon.
The new results are added to the test report while the old results are displayed in brackets. You can validate or edit the settings for the failed connection request. If the new results for a failed connection request are correct, you can validate the test report by right-clicking it and selecting Rectify. The red icon for the test report turns into a green icon. If the new results for a failed connection request are incorrect, you can edit the firewall rule or the test report settings.
- To edit the test report, right-click it and select Edit.
- To edit the firewall rule, double-click the test report. In the TEST RESULT section, click Edit next to the Rule field.
While editing the test report, you can also use it as a template and save the new settings as a new test report.