We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Firewall Access Rules

  • Last updated on

The firewall service compares the incoming traffic to the access rules until it has found a match and then executes the policy defined in the matching rule. The following article explains the configuration and interaction of access rules on the Barracuda NextGen Firewall F-Series.

Access Rule Settings

For each access rule you can configure the following settings:

  • Name – The name of the access rule. This name is displayed on the Firewall > Liveand History pages.
  • Description – An additional field in which you can enter a description of the access rule, to help you and others determine the purpose of the access rule in case the rule must be edited it later. 
  • Action – Specifies how the firewall handles network traffic that matches the criteria of the rule. The following actions are available:
    • Pass – All traffic matching the access rule is forwarded.
    • Block – All traffic matching the access rule is ignored. Matching connection attempts are not answered.
    • Deny–  All traffic matching this access rule is dismissed. Matching network sessions are terminated by replying TCP-RST for TCP requests, ICMP Port Unreachable for UDP requests, and ICMP Denied by Filter for other IP protocols.
    • Dst NAT – The firewall rewrites the destination IP address, network, or port to a predefined network address.
    • Map – The firewall rewrites IP ranges or networks to a predefined network or IP range.
    • App RedirectThe firewall redirects the traffic locally to one of the services running on the F-Series Firewall.
    • Broad Multicast –  Broadcasts matching this rule are forwarded. This is used for bridged networks.
    • Cascade – Jump to and evaluate a different rule list.
    • Cascade Back – Jump back to the global rule list and resume evaluation the access rules below the cascade rule.
  • Service – The protocol and protocol/port range of the matching traffic. You can define one or more services for the access rule. You can select a predefined service object or create your own service objects (see: Service Objects).
  • Source – The source IP address/netmask of the connection to be handled by the rule. You can select a network object or explicitly enter a specific IP address/netmask.
  • Destination – The destination IP address/netmask of the connection that is affected by the rule. You can select a network object or explicitly enter a specific IP address/netmask.
  • Connection Method – The outgoing interface and source (NAT) IP address for traffic matching the access rule, using connection objects (see below).

Connection Objects

The following table lists the five default connection objects.

Predefined Connection Object
Outgoing Interface and IP Address Determined by
Dynamic SNAT (Source-based NAT)
Change the source IP address of network packets to the IP address to that of the matching interface with the lowest metric according to the routing table.
No SNAT (No Src NAT - Client)
Connection is established using the original source IP address.
SNAT with DSL IPSource NAT with the IP address of the ppp1 device
SNAT with 3G IP Source NAT with the IP address of the ppp5 device (3G uplink)
SNAT with DHCP IPSource NAT with the IP address of the dhcp device (DHCP uplink)
NAT TablesSource NAT for networks or IP ranges. Multiple rewrite conditions can be configured per connection object.
Application Based Link selection Connection ObjectsSource NAT based on application type.

You can also create custom connection objects. For more information, see Connection Objects.

Troubleshooting Blocked Connections Video

To get a feel for how to use access rules, and how NextGen Admin allows you to determine which rules to create, watch the following video:

Last updated on