It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Connection Objects

  • Last updated on

Connection objects define the egress interface and source (NAT) IP address with the following Translated Source IP Policies:

  • Dynamic NAT – The firewall uses the routing table to find a suitable interface for routing the packet and uses the IP address of the relevant interface as the new source IP address.
  • Original Source IP  – The source IP address of the packet is not changed.
  • Network Interface – Source NAT using the first IP address assigned to the network interface. Use only for dynamic interfaces such as dhcp or ppp.
  • Explicit IP – Source NAT using the entered IP address as the translated source IP address.

Default Connection Objects

Predefined connection objects cover the most common use cases:

  • Dynamic NATThe firewall uses the routing table to find a suitable interface for routing the packet and uses the IP address of the relevant interface as the new source IP address.
  • Original Source IP – The source IP address of the packet is not modified.
  • Translated IP from WWAN Interface – The first IP address on the ppp5 device is used as the new source IP address.
  • Translated IP from DHCP Interface – The first IP address on the dhcp device is used as the new source IP address.
  • Translated IP from DSL Interface – The first IP address on the ppp1 device is used as the new source IP address.

Custom Connection Objects

Custom connection objects are needed for all connection methods that are not covered by the default connection objects. This also includes connection objects used for failover and load balancing as well as for VPN Traffic Intelligence and dynamic mesh settings.

For more information, see How to Create a Custom Connection Object.

Failover and Link Load Balancing

It is common for locations to use multiple Internet connections and share the bandwidth between them for both outgoing link balancing and failover. If one Internet connection goes down, traffic is simply routed over the other connections that are still running. Basic link failover functionality can be achieved by using different route metrics. A better solution, however, is to use custom connection objects to distribute the load and/or configure failover for different links. Using custom connection objects allows you to decide which Internet connection is used on a per-access-rule basis. The logic of how traffic is distributed over the available interfaces is configured in the Failover and Load Balancing section of the connection object. The policy can be set to:

None

No failover or connection cycling.  When the connection goes down, the route is set to a metric of 65536 or higher. Routes above 65535 are considered to be down. If there is no other matching route, the firewall still attempts to use the route. This most likely results in a connection timeout.

Fallback 

Failover to alternative interface or source IP address. Traffic is rerouted over the next configured alternative until no further options are available.

isp_fallback.png

Weighted Round Robin 

Sequentially cycles through the configured primary and alternative connections. You can influence the distribution by assigning a weight to the source IP or interface. Interfaces with higher weight numbers are used more often. When a link is not available (route is over 65535 or not present at all), the session fails over to the next configured alternative, without regard to the configured weight. To mitigate this problem, group the connections with higher weight numbers together. Doing so will enable you to avoid failure of high bandwidth links causing too much traffic on a slower, alternative link.

isp_rr.png

Weighted Random

Randomizes the source IP addresses or interfaces. Sessions are distributed randomly over all configured source IP addresses/interfaces. You can influence the distribution by assigning a weight to the source IP or interface. Interfaces with higher weight numbers are used more often.

isp_random.png