We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

SC Deployment via VPN Deployment Mode

  • Last updated on

If you do not have physical access to the Secure Connector, you can configure the SC to connect to the SAC and Control Center by using a passphrase-authenticated VPN tunnel in VPN deployment mode. After the connection is established, the Control Center pushes the configuration to the SC. Now that the SC has the necessary certificates, the VPN tunnel is automatically switched to operational mode.

Before You Begin

Configure the SAC and Control Center. For more information, see Secure Access Concentrator and Control Center Deployment.                   


An SC using Templates where the VPN mode is set to Operative cannot be switched to Deployment Mode. Exempt the VPN Mode setting from the template, or use a "VPN deployment" template and move the SC to the "production" template after it has successfully connected.

Step 1. Configure the SC on the Control Center

Configure the SC using the Secure Connector Editor. Configure the VPN in Deployment mode. The configuration must be saved for the automatically filled information (blue background) to be visible.

For more information, see How to Add a Secure Connector Configuration.

Step 2. Get Required Information from the SC Configuration

The following information from the SC configuration is necessary to configure the SC via web interface.

  1. Go to your cluster > Cluster Settings > Secure Connector Editor.
  2. Double-click on the SC configuration.
  3. The following web UI settings must be filled with the values of their corresponding Secure Connector Editor settings:
    • Box Unique Identifier – In the SC configuration, go to Identification SettingsUnique Identifier.
    • Virtual IP – In the SC configuration, go to VPN Settings > Virtual IP.
    • Entry Point Address – In the SC configuration, go to VPN Settings > Server Name or Address
    • Entry Point Port – In the SC configuration, go to VPN Settings > Server Port.
    • Tunnel Mode – In the SC configuration, go to VPN Settings > Tunnel Mode.
    • Encryption – In the SC configuration, go to VPN Settings > Encryption.

Step 3. Enable VPN Deployment Mode for the SC

Enable VPN deployment mode for the SC. If you are not using a template and the VPN mode is already set to Deployment Mode you can skip this step.

  1. Go to your cluster > Cluster Settings > Secure Connector Editor.
  2. Click Lock.
  3. In the SC List, right-click the SC and select Set VPN Mode.
  4. From the Operative Mode drop-down list, select Deployment Mode.
  5. Enter the Deployment passphrase.
  6. Click OK.
  7. Click Activate.

Step 4. Configure the SC to Connect to the SAC

The SC listens on on the LAN port. You must configure your client PC to connect to the SC and then use the web interface to configure the WAN and VPN connection.

  1. Change your client PC IP address to:
    • IP address –
    • Netmask –
    • Gateway –
  2. Connect your client PC to the LAN port of the SC.
  3. Open a browser and go to
  4. Log into the Secure Connector:
    • Username – Enter admin
    • Password – Enter admin.
  5. Click Sign In.
  6. Click Retrieve Lock.
  7. Go to CONFIGURATION > Network.
  8. Configure the WAN connection. For more information, see SC WAN Connections.
  10. Configure the VPN:
    • Enabled – Select Enabled.
    • Box Unique Identifier – Enter the Unique Identifier from the SC configuration. 
    • Sever Mode – Select Deployment Mode
    • Deployment Password – Enter the deployment passphrase set in Step 3. 
    • Virtual IP  – Enter the Virtual IP address assigned to the SC by the Control Center. 
    • Entry Point Address – Enter the public IP address through which the SAC can be reached. 
    • Entry Point Port – Enter the port on the border firewall that forwards the SC VPN traffic to the SAC. 
    • Tunnel Mode – Select the tunnel mode set in the SC configuration.
    • Encryption – Select the encryption set in the SC configuration.
  11. Click Save Changes.
  12. Click Activate Configs.

The SC now automatically connects to the SAC and automatically receives the configuration from the Control Center. Any existing configuration locks are overridden by the Control Center. As the SC applies the configuration, the VPN connection is terminated and reestablished in operational mode using certificate authentication. Existing configuration locks on the SC are overridden during this process.

Last updated on