It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Set Up the Transparent VPN Client for Windows

  • Last updated on

The Barracuda NextGen F-Series SSL VPN Client (Transparent Agent) for MS Windows operating systems is a powerful VPN client that lets you establish transparent network access (Layer 3) to internal company network infrastructures. The client is fully integrated into the SSL VPN Portal and can be executed by starting the my Network applet. It supports the following authentication schemes: 

  • X.509 certificate
  • user/password
  • X.509 certificate & user/password
  • license file

After installing the Barracuda NextGen F-Series SSL VPN Client, complete the steps in the following section to set it up.

Set Up the SSL VPN Client

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > SSL-VPN.
  2. In the left menu, select NextGen F-Series SSL VPN Client.
  3. In the Configuration Mode menu, select Switch to Advanced View.
  4. Click Lock.
  5. In the NextGen F-Series SSL VPN Client table, add or edit settings for the SSL VPN client. For each entry, you can specify the following settings:

    ActiveSelect the Active check box. This setting enables the my Network link in the SSL VPN web portal for fully transparent network access. This feature uses the Barracuda NextGen F-Series SSL VPN Client applet to establish a client-to-site connection to a Barracuda Networks VPN service, using the SSL VPN web portal. This requires a configured and running VPN service and client-to-site access.
    VPN-Server Listen IPs

    The listen IP address for SSL VPN. By default, the listen IP address of the VPN service is selected from this list. You can also select:

    • First-IP – Uses the First-IP address that is specified in the VPN service properties.

    • Second-IP – Uses the Second-IP address that is specified in the VPN service properties.

    • First+Second-IP – Uses the First-IP and Second-IP addresses that are specified in the VPN service properties.
    • explicit – To use explicit IP addresses that you enter in the Explicit Listen IP's table, select this option.
    To verify the IP addresses that are specified for the VPN service, open its Service Properties page (Config Full Config > Box Virtual Servers > your virtual server Assigned Services > VPN-Service).
    Explicit Listen IPsIf you select explicit from the VPN-Server Listen IPs list, enter the IP addresses for  the SSL VPN in this table.
    Advanced OptionsIf required, enter advanced options for the transparent agent in this field.
    Connection Type

    The client-to-site connection type. You can select:

    • External CA – Provides single sign-on to SSL VPN users.
    • Barracuda VPN CA
    Show GUITo open a license file selection window before login, select this check box.
    Must be HealthyIf the connected user must perform a health check before transparent network access is granted, select this check box.
    Allowed User Groups

    To restrict transparent network access to defined user groups only, add the distinguished name of allowed user groups in this table. For example: *OU=admins*

  6. Click OK.
  7. Click Send Changes and Activate.

If the Barracuda NextGen F-Series SSL VPN Client network access is to be granted in combination with a NextGen F-Series Group VPN, make sure that the NextGen F-Series SSL VPN Client is selected in the Peer Condition settings for the Group Policy Condition. Otherwise, the VPN policy will not be assigned to the SSL VPN user.

To configure the SSL VPN service, continue with How to Configure the SSL VPN Service.

Last updated on