We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure the Intrusion Prevention System (IPS)

  • Last updated on

IPS policies define how the IPS engine scans traffic. You can create default and custom IPS policies to apply to your firewall rules. IPS can automatically receive the latest intrusion prevention and security updates from Barracuda Central, an advanced 24/7 security operations center that works to continuously monitor and block emerging Internet threats. Exploit signatures are regularly updated at Barracuda Central and are automatically delivered to your system via Energize Updates. If your system is managed by a Barracuda NG Control Center, the IPS pattern updates are done by the Barracuda NG Control Center. As soon as the Barracuda NG Control Center receives IPS pattern updates, these patterns are delivered to all attached Barracuda NG Firewalls. 

Enabling IPS can decrease the overall throughput of your system. By default, all firewall rules use the default IPS policy. For specific firewall rules, you can disable IPS.

In this article:

Before you Begin

To use IPS, make sure that you have a valid Energize Updates subscription installed on your Barracuda NG Firewall or Barracuda NG Control Center.

Enable IPS

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > IPS Policies.
  2. Click Lock.
  3. Select the Enable IPS check box.
  4. If you want malicious traffic to be reported without being dropped, select the Report only check box.
  5. Click Send Changes and Activate.

View and Edit IPS Signature Policies

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > IPS Policies.
  2. Click Lock.
  3. In the Default Policy section, click Edit explicit actions to view the list of IPS signatures and how they are handled.
  4. To view the details for an IPS signature, double click it. 
  5. To edit the settings for an IPS signature, right click it and choose Edit Selected.
  6. In the Change Action for Explicit Signatures window, define how the IPS signature is handled and reported. To use the default IPS policy, select the Reset to default action check box.
  7. Click OK and exit the list.
  8. Click Send Changes and Activate.

Create New IPS Policies

Create new IPS policies to be applied to your access rules. 

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > IPS Policies.
  2. Click Lock.
  3. In the Custom Policies table, click + to add a new entry for your policy.
  4. Select an ID for your policy and click OK.
  5. Enter a Name and Description for the policy.
  6. If you want to apply your settings to the default IPS policy, click Copy to Default Policy.
  7. Click Send Changes and Activate.

Create IPS Exceptions

If you want to exempt specific IPS signatures from the default or custom IPS policies, create IPS exceptions.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > IPS Exception Database.
  2. Click Lock.
  3. Click the + icon. 
  4. In the Select IPS Signatures window, select the required IPS signatures and click Add. To remove a signature, select it and click Remove
  5. Click OK. Your override is listed in the table on the IPS Exception Database page.
  6. Click Send Changes and Activate.

Apply an IPS Policy to an Access Rule

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > IPS Policies.
  2. Click Lock.
  3. Edit the access rule you wish to apply the policy to.
  4. Under Policy, select the policy from the IPS Policy list. If you want to disable IPS for the rule, select No Scan.

Managing IPS on a Barracuda NG Control Center

On the Barracuda NG Control Center, IPS pattern version information is displayed in the lower section of the File Updates page while successful or failed IPS pattern updates for attached NG Firewalls are listed in the upper section.

Adjusting global file update settings may be necessary if your Barracuda NG Control Center needs to have Internet access through a corporate HTTP proxy server. If your Barracuda NG Control Center is not able to download IPS patterns, increase the Log Level for better troubleshooting.

  1. Go to the CONTROL tab and click File Updates in the ribbon bar.
  2. Click the Set Area Config button.
  3. In the Time Settings section, set the Download Interval (default: 60)
  4. In the Proxy Settings section, specify the settings for the proxy server.
  5. Click OK.

If a Barracuda NG Control Center-managed unit is reinstalled, the IPS pattern database must be updated after the installation process because the database is not stored within the PAR file.

Last updated on