We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Secure Connector Deployment via VPN Deployment Mode

  • Last updated on

If you do not have physical access to the Secure Connector use VPN Deployment mode to connect to the Access Concentrator and Control Center by using a passphrase-authenticated VPN tunnel. After the connection is established, the Control Center pushes the full configuration to the Secure Connector including the necessary certificates that allows the Secure Connector to automatically switch over to the certificate authenticated operational mode.

Before You Begin

Configure the Access Concentrator and Control Center. For more information, see Secure Access Concentrator and Control Center Deployment.                   

Limitations

A Secure Connector using templates where the VPN mode is set to Operative cannot be switched to Deployment Mode. To use templates with VPN deployment mode, exempt the VPN Mode setting from the template, or use a special VPN deployment template. After the initial connection is successful move the Secure Connector to the production template.

Step 1. Configure the Secure Connector on the Control Center

Configure the Secure Connector using the Secure Connector Editor. Configure the VPN in deployment mode. The configuration must be saved for the automatically filled information (blue background) to be visible.

For more information, see How to Add a Secure Connector Configuration.

Step 2. Get Required Information from the Secure Connector Configuration

The following information from the Secure Connector configuration is necessary to configure the Secure Connector via web interface.

  1. Go to your cluster > Cluster Settings > Secure Connector Editor.
  2. Double-click on the Secure Connector configuration.
  3. The following web UI settings must be filled with the values of their corresponding Secure Connector Editor settings:
    • Box Unique Identifier – In the Secure Connector configuration, go to Identification Settings > Unique Identifier.
    • Virtual IP – In the Secure Connector configuration, go to VPN Settings > Virtual IP.
    • Entry Point Address – In the Secure Connector configuration, go to VPN Settings > Server Name or Address
    • Entry Point Port – In the Secure Connector configuration, go to VPN Settings > Server Port.
    • Tunnel Mode – In the Secure Connector configuration, go to VPN Settings > Tunnel Mode.
    • Encryption – In the Secure Connector configuration, go to VPN Settings > Encryption.

Step 3. Enable VPN Deployment Mode for the Secure Connector

Enable VPN deployment mode for the Secure Connector. If you are not using a template and the VPN mode is already set to Deployment Mode you can skip this step.

  1. Go to your cluster > Cluster Settings > Secure Connector Editor.
  2. Click Lock.
  3. In the SC List, right-click the Secure Connector and select Set VPN Mode.
    set_vpn.png
  4. From the Operative Mode drop-down list, select Deployment Mode.
  5. Enter the Deployment passphrase.
  6. Click OK.
  7. Click Activate.

Step 4. Configure the Secure Connector to Connect to the Access Concentrator

The Secure Connector listens on 192.168.200.200 on the LAN port. You must configure your client PC to connect to the Secure Connector and then use the web interface to configure the WAN and VPN connection.

  1. Change your client PC IP address to:
    • IP address – 192.168.200.100
    • Netmask –  255.255.255.0
    • Gateway – 192.168.200.200
  2. Connect your client PC to the LAN port of the Secure Connector.
  3. Open a browser and go to https://192.168.200.200.
  4. Log into the Secure Connector:
    • Username – Enter admin
    • Password – Enter admin.
  5. Click Sign In.
  6. Click Retrieve Lock.
  7. Go to CONFIGURATION > Network.
  8. Configure the WAN connection. For more information, see FSC WAN Connections.
  9. Go to CONFIGURATION > VPN
  10. Configure the VPN:
    • Enabled – Select Enabled.
    • Box Unique Identifier – Enter the Unique Identifier from the Secure Connector configuration. 
    • Sever Mode – Select Deployment Mode
    • Deployment Password – Enter the deployment passphrase set in Step 3. 
    • Virtual IP  – Enter the Virtual IP address assigned to the Secure Connector by the Control Center. 
    • Entry Point Address – Enter the public IP address through which the Access Concentrator can be reached. 
    • Entry Point Port – Enter the port on the border firewall that forwards the Secure Connector VPN traffic to the Access Concentrator. 
    • Tunnel Mode – Select the tunnel mode set in the Secure Connector configuration.
    • Encryption – Select the encryption set in the Secure Connector configuration.
    sca_deploy_vpn_01.png
  11. Click Save Changes.
  12. Click Activate Configs.

The Secure Connector now automatically connects to the Access Concentrator and automatically receives the configuration from the Control Center. Any existing configuration locks are overridden by the Control Center. As the Secure Connector applies the configuration, the VPN connection is terminated and reestablished in operational mode using certificate authentication. Existing configuration locks on the Secure Connector are overridden during this process.

Last updated on