It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Forwarding Firewall

  • Last updated on

The forwarding firewall service provides a policy framework to direct and manage traffic passing through the Barracuda NextGen Firewall F-Series:

  • Firewall Policies:
    • Firewall Access Rule Set The access rule set contains a list of access rules. Incoming traffic is compared against the matching criteria set within each access rule. When a match is found, the action set in the access rule is executed. You can enable advanced features (Application Control, QoS, IPS) on a per-rule basis.
    • Application Rule Set – If application control is enabled in an access rule that is executed, the application rule set is called. Applications are detected and compared to the list of application rules. Upon a match, the application traffic is either passed or blocked depending on the action set in the application rule. You can add additional policy objects to an application rule to filter URLs, File Content, or User Agents.
  • IPS Policies  – Detect and block network attacks, by comparing incoming traffic with predefined, constantly updated patterns.
  • Traffic Shaping (QoS) Policies – Shape traffic to improve use of the available bandwidth, by prioritizing connections that are important for your business.  
  • User Policies – Allow or block access to network resources based on user information.
  • Schedule (Time) Policies – Allow or block access to network resources based on time or date.

Traditional packet forwarding capabilities are handled by the access rule set while next generation application-aware policies are applied in the dedicated application rule set.


Access Rules

The basic job of the firewall is to manage traffic between various trusted and untrusted network segments. Incoming network traffic is compared to the first access rule in the rule set. If the traffic does not match the criteria set in the rule, the next rule is evaluated, continuing from top to bottom until a matching rule is found. The first matching access rule is executed. If none of the rules match, the default BLOCKALL rule blocks the traffic.

For more information, see Firewall Access Rules.

Next Generation Firewall Capabilities

Application Control (with or without SSL Interception), a tightly integrated Intrusion Prevention System (IPS), URL, File Content and User Agent filtering for content security, and Virus Scanning with ATP in the firewall offer granular control over your network traffic.

For more information, see Application Control

Traffic Shaping (QoS)

You can adjust the QoS band traffic to prioritize business-critical traffic over less important traffic:

  • Traffic shaping protects the available overall bandwidth of a connection. Network traffic is classified and throttled or prioritized within each access rule.

Intrusion Prevention System (IPS)

The tightly integrated Intrusion Prevention System (IPS) monitors the network for malicious activities and blocks detected network attacks. The IPS engine analyzes network traffic and continuously compares the bitstream with its internal signature database for known attack patterns. IPS must be globally enabled on a Barracuda NextGen Firewall F-Series. However, you can enable or disable IPS for each firewall rule.

For more information, see Intrusion Prevention System (IPS).


For more granular control, you can configure access rules that are only applied to specific users or during specific times.

  • Users can be used as a criteria for a rule. To enable the Barracuda NextGen Firewall F-Series to be aware of which connection belongs to a specific user, use the Barracuda DC Agent, Barracuda TS Agent, or the Authentication Client.
    For more information, see User Objects.
  • You can create access rules that are only active for specific times or dates. For example, you can create a time object that only includes Mondays and the hours of 8:00 am to 9:00 am. A access rule including this time object allows traffic only during the time span defined in the time object.
    For more information, see Schedule Objects.

Firewall Objects

Use firewall objects to reference specific networks, services, time and dates, user groups, or connections when creating firewall rules. You can use firewall objects that are preconfigured on the Barracuda NextGen Firewall F-Series or create custom objects to fit your needs. The main purpose for firewall objects is to simplify the creation and maintenance of firewall rules. Firewall objects are re-usable, which means that you can use one firewall object in as many rules as required. Each firewall object has a unique name that is more easily referenced than an IP address or a network range. 

For more information, see Firewall Objects.

Layer 7 Application Control (Legacy)

Barracuda Networks recommends using Application Control.

Layer 7 Application Control is a legacy feature using Deep Packet Inspection (DPI) and behavioral traffic analysis to detect and classify network traffic based on Layer 7 applications and protocols. 

For more information, see Layer 7 Application Control.

Last updated on