We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure VPN Traffic Intelligence

  • Last updated on

To use Traffic Intelligence, you must create a multi-transport TINA VPN tunnel. The traffic intelligence settings in the connection method of the matching access rule determine the transport that is used.

Before you begin

Configure a TINA site-to-site VPN tunnel. For more information, see How to Create a TINA VPN Tunnel between F-Series Firewalls..

Step 1. Add a transport to the VPN tunnel

To use Traffic Intelligence, add transports to your VPN tunnel on the local and remote firewalls. To add additional transports to a VPN tunnel, proceed as follows:

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > Site to Site.
  2. Click Lock.
  3. Click the TINA Tunnels tab.
  4. Right-click an existing TINA VPN tunnel and select Add Transport from the context menu.
  5. Select Bulk, Quality or Fallback from the TI Classification drop-down menu and adjust all further settings as needed. For further information on transport classification, see VPN Transport Classification
  6. In the Call Direction section, select one of the following options.
    • ActiveThe transport actively initiates connections, but also accepts connection requests. When the transport is down for a defined time, it cleans its state to accept retries from its partner.
    • Passive A passive transport does not actively initiate a connection. It merely accepts requests from its partner. If the tunnel is down for a defined time, it cleans its state to accept retries from its partner.
    • OnDemand The transport actively initiates a connection and terminates it during the time-outs specified by the On Demand Transport settings in the TI - VPN Envelope Policy tab.
  7. Click OK.
  8. Click Send Changes and Activate.

Step 2. Create a connection object

  1. Create a new connection object.
  2. In the VPN Traffic Intelligence (TI) Settings section of the Edit / Create a Connection Object configuration window, click Edit/Show.

  3. Configure the TI Transport Selection policy:

    • Preferred Transport Class – Select the default transport class for the traffic matching this rule.
    • Preferred Transport ID – Select the default transport ID for the traffic matching this rule. 
    • Second Try Transport Class – Select the backup transport class.
    • Second Try Transport ID – Select the backup transport ID.
    • Balance Sessions – Select how sessions are balanced between transport IDs.
    • Further Tries Transport Selection Policy – Select the transports that are used if the backup VPN transport fails. Depending on the additional available VPN transports, you can define more than one backup path. Select from the following predefined policies:
      • First try Cheaper then try Expensive
      • Only Cheaper
      • Only Expensive
      • Stay on transport (no further tries)

    • TI Learning Policy – Set the client to be the Master or Slave. The slave automatically uses the TI settings configured on the master
    • Allow Bulk Transports | Allow Quality Transports | Allow Fallback Transports – Enable all transport classes that can be used as a backup path in combination with the Further Tries Transport Selection Policy setting.
  4. Configure the TI Traffic Prioritization policies for bandwidth protected VPNs.
    • When using BULK Transports – The priority level for the bulk transport class.
    • When using QUALITY Transports – The priority level for the quality transport class.
  5. Click OK.
  6. Click Send Changes and Activate.

Step 3. Edit access rules matching the VPN traffic

Edit the connection object matching the VPN traffic. Use the custom connection objects with the TI settings configured above to apply the TI policy matching the traffic entering the tunnel.

For more information, see How to Create Access Rules for Site-to-Site VPN Access.

Last updated on