It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see for further information on our EoS policy.

How to Activate Dynamic Rules via SSL VPN

  • Last updated on

You can enable or disable dynamic access and application rules through the SSL VPN portals or CudaLaunch. If a timeout is set, the rule will automatically expire after the set time. To use existing dynamic rules with the SSL VPN, Dynamic Firewall Rules resources must be created. For each resource, you can select the rules and also the allowed user groups to limit access of this feature to authorized users.

In this article:

Before you Begin

Create a Dynamic Rule Resource

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > SSL-VPN.
  2. In the left menu, select Dynamic Firewall Rules.
  3. Click Lock.
  4. In the Firewall Rule Activation table, click + to add an entry.
  5. Enter a descriptive Name for the dynamic rule and click OK. The Firewall Rule Activation window opens.
  6. Select the Active check box to make the rule visible to SSL VPN users.
  7. Enter a Visible Name for the rule.
  8. In the Link Description window, enter a description of the rule for SSL VPN users.
  9. In the Dynamic Rule Selector table, delete the asterisk (*) that is included by default.

  10. Click +, and add the names of the dynamic rules that you created for the SSL VPN.  Make sure that you correctly enter the rule names; otherwise, the rules will not be activated for use over SSL VPN connections.

    If you are using a dynamic rule in a cascaded rule list, enter the name of the rule list. Format the rule list name as <rulelist>:.

    You can also enter the asterisk (*) as a wildcard character or the question mark (?) as a single character wildcard.


  11. In the Allowed User Groups table, delete the asterisk (*) and add the names of the MSAD groups for administrators. E.g., *OU=admins*.
  12. Click OK.
  13. Click Send Changes and Activate.

Enable and Disable the Dynamic Rule

While you are connected to the SSL VPN via the desktop portal, go to FIREWALL > Dynamic. Enable dynamic access and application rules for a specified length of time. If you do not specify a length of time for a rule, it stays enabled until you manually disable it.

For more information on activating dynamic rules, see How to Create and Activate a Dynamic Rule

Last updated on