To restrict rules to specific times and intervals, configure schedule objects and use them as an additional matching criteria. Schedule objects provide time granularity in minutes. When schedule objects are evaluated, the time of the firewall it is running on is used. The F-Series Firewall, the client running NextGen Admin, and, if applicable, the NextGen Control Center must use the correct time for their respective time zones. Using NTP is highly recommended. A schedule object consists of two time configuration elements that can be combined or used separately:
- Recurring schedule – Configure the schedule to be active during specific days and intervals by selecting weekdays and time from a list.
- Restrict to time interval – Configure the schedule to be active during a specific interval by specifying a date and time span.
For information on how to create schedule objects, see How to Create and Apply Schedule Objects.
You can restrict the schedule to a specific day and time interval, e.g., every week from Monday at 09:00 until Wednesday at 15:30, by selecting the Enable Recurring Schedule check box. Selecting this option expands the configuration and provides the Recurring Schedule table, where you specify the days and times for the schedule to be active.
Selecting the Restrict to time interval checkbox lets you restrict the schedule to a date and time span by specifying the dates and times in the fields provided by the section.
Schedule object options
- Terminate existing sessions – By default, sessions that match the rule using the schedule object stay active until they are closed or time out. Selecting the Terminate existing sessions check box immediately terminates active sessions as soon as the time restriction configured in the schedule applies. Sessions are not terminated between two time intervals that directly follow each other. (E.g, Tue 8:00 - Tue 9:00 and Tue 9:00 - Tue 10:00)
- Block if schedule does not match – When you enable this option, the connection is blocked when the time schedule does not match, since no further access rule will be evaluated.
Legacy time restriction settings for access rules
Existing Time Restrictions (Edit Rule > Advanced > Miscellaneous > Time Restriction) for an access rule override the schedule objects of an access rule. Barracuda Networks recommends configuring schedule objects instead of time restrictions in an access rule. Barracuda NextGen Firewall F-Series firmware 6.1 or later no longer supports legacy time restrictions. Use schedule objects instead.