We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

FSC Deployment via VPN Deployment Mode

  • Last updated on

If you do not have physical access to the Secure Connector, you can configure the FSC to connect to the FSAC and Control Center by using a passphrase-authenticated VPN tunnel in VPN deployment mode. After the connection is established, the Control Center pushes the configuration to the FSC. Now that the FSC has the necessary certificates, the VPN tunnel is automatically switched to operational mode.

Before You begin

Configure the FSAC and Control Center. For more information, see Secure Access Concentrator and Control Center Deployment.                   

Limitations

An FSC using templates where the VPN mode is set to Operative cannot be switched to Deployment Mode. Exempt the VPN Mode setting from the template, or use a special VPN deployment template. Move the FSC to the production template after it  connects successfully.

Step 1. Configure the FSC on the Control Center

Configure the FSC using the Secure Connector Editor. Configure the VPN in deployment mode. The configuration must be saved for the automatically filled information (blue background) to be visible.

For more information, see How to Add a Secure Connector Configuration.

Step 2. Get required information from the FSC configuration

The following information from the FSC configuration is necessary to configure the FSC via web interface.

  1. Go to your cluster > Cluster Settings > Secure Connector Editor.
  2. Double-click on the FSC configuration.
  3. The following web UI settings must be filled with the values of their corresponding Secure Connector Editor settings:
    • Box Unique Identifier – In the FSC configuration, go to Identification SettingsUnique Identifier.
    • Virtual IP – In the FSC configuration, go to VPN Settings > Virtual IP.
    • Entry Point Address – In the FSC configuration, go to VPN Settings > Server Name or Address
    • Entry Point Port – In the FSC configuration, go to VPN Settings > Server Port.
    • Tunnel Mode – In the FSC configuration, go to VPN Settings > Tunnel Mode.
    • Encryption – In the FSC configuration, go to VPN Settings > Encryption.

Step 3. Enable VPN deployment mode for the FSC

Enable VPN deployment mode for the FSC. If you are not using a template and the VPN mode is already set to Deployment Mode you can skip this step.

  1. Go to your cluster > Cluster Settings > Secure Connector Editor.
  2. Click Lock.
  3. In the SC List, right-click the FSC and select Set VPN Mode.
    set_vpn.png
  4. From the Operative Mode drop-down list, select Deployment Mode.
  5. Enter the Deployment passphrase.
  6. Click OK.
  7. Click Activate.

Step 4. Configure the FSC to connect to the FSAC

The FSC listens on 192.168.200.200 on the LAN port. You must configure your client PC to connect to the FSC and then use the web interface to configure the WAN and VPN connection.

  1. Change your client PC IP address to:
    • IP address – 192.168.200.100
    • Netmask –  255.255.255.0
    • Gateway – 192.168.200.200
  2. Connect your client PC to the LAN port of the FSC.
  3. Open a browser and go to https://192.168.200.200.
  4. Log into the Secure Connector:
    • Username – Enter admin
    • Password – Enter admin.
  5. Click Sign In.
  6. Click Retrieve Lock.
  7. Go to CONFIGURATION > Network.
  8. Configure the WAN connection. For more information, see FSC WAN Connections.
  9. Go to CONFIGURATION > VPN
  10. Configure the VPN:
    • Enabled – Select Enabled.
    • Box Unique Identifier – Enter the Unique Identifier from the FSC configuration. 
    • Sever Mode – Select Deployment Mode
    • Deployment Password – Enter the deployment passphrase set in Step 3. 
    • Virtual IP  – Enter the Virtual IP address assigned to the FSC by the Control Center. 
    • Entry Point Address – Enter the public IP address through which the FSAC can be reached. 
    • Entry Point Port – Enter the port on the border firewall that forwards the FSC VPN traffic to the FSAC. 
    • Tunnel Mode – Select the tunnel mode set in the FSC configuration.
    • Encryption – Select the encryption set in the FSC configuration.
    sca_deploy_vpn_01.png
  11. Click Save Changes.
  12. Click Activate Configs.

The FSC now automatically connects to the FSAC and automatically receives the configuration from the Control Center. Any existing configuration locks are overridden by the Control Center. As the FSC applies the configuration, the VPN connection is terminated and reestablished in operational mode using certificate authentication. Existing configuration locks on the FSC are overridden during this process.

Last updated on