We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure Inline Firewall Authentication

  • Last updated on

Inline authentication intercepts unauthorized users HTTP or HTTPS connections and redirects them to a login page on the Barracuda NG Firewall. After successful authentication the user is forwarded to the original destination. This type of authentication is used to allow HTTP/HTTPS access to authenticated users. Access rules using inline authentication do not block non HTTP or HTTPS traffic even from unauthorized users. To avoid browser certificate errors, use a signed SSL certificate or install the root certificate of the self-signed certificate on all client computers using Inline Authentication.

In this article:

Before you Begin

Choose and configure the authentication scheme. For more information, see Authentication.

Step 1. Configure the Firewall Authentication Settings

For a basic configuration, only a default HTTPS certificate and the corresponding key is required. Download and install the root certificate on all client computers to avoid browser certificate errors.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Settings.
  2. In the left menu, select Authentication.
  3. Click Lock.
  4. To configure the firewall authentication, HTTP, and HTTPS settings, click Edit next to Operational Settings.
  5. Click the Operational Settings Edit button. The Operational Settings window opens.
  6. (optional) Set Refresh auth every ... min to the number of minutes the authentication is valid for. Default: 5
  7. (optional) Set Refresh auth tolerance ... min to the number of minutes that a peer does not have to authenticate again after reconnecting.
  8. Click OK.
  9. Import or create the Default HTTPS Private Key and Default HTTPS Certificate.

    The Name of the certificate must be the IP address or a FQDN resolving to the IP address of the Barracuda NG Firewall. This value is used to redirect the client to the authentication daemon.

  10. In the Metadirectory Authentication section, select a previously configured Authentication Scheme. For more information, see Authentication.
  11. Click Send Changes and Activate.

Step 2. Create the Access Rule for Inline Authentication

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
  2. Create an access rule that allows HTTP+S connections to the web server.
  3. In the left menu of the rule editor window, click Advanced.
  4. In the Miscellaneous section, select Login+Password Authentication from the Authentication list.
  5. In the left menu, click Rule.
  6. In the Authenticated User section, specify the users this rule should match for. You can either define a user group object or create an explicit user condition for this rule.
    • To grant access to all authenticated users, select All Authenticated Users.
    • To create an explicit user condition:
      • Select <explicit-user> .
      • Right-click the table and select Edit.
      • In the Edit/Create User Object window, click New.
      • In the User Condition window, specify all authenticated users that are allowed access to the web server.
      • Click OK.
  7. Click Send Changes and Activate.
Last updated on