We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall


  • Last updated on

The primary purpose of a firewall is to apply access and security policies to traffic entering and leaving your networks. Two different firewall services are responsible, depending on the destination of the traffic:

  • Host Firewall – The Host Firewall handles local inbound and outbound traffic. The Host Firewall runs on box level.
  • Forwarding Firewall – The Forwarding Firewall handles traffic passing through the firewall. The Forwarding Firewall runs as a service in a virtual server.


Host Firewall

The Host Firewall runs on the box layer of every CloudGen Firewall and Control Center and cannot be removed. The Host Firewall handles connections in which the target IP address and port number match a listening socket of a service on the firewall. The boxfw is the system process for the Host Firewall. In addition to managing local traffic, the boxfw also manages other traffic handlers such as SIP, RPC, Timer, Audit, and Sync. Restarting the boxfw service reinitializes the service handlers and reloads the ruleset. The boxfw service is always running. You can have only one Host Firewall on a system. Examples of connections that are handled by the Host Firewall are: 

  • An incoming connection from a web browser to the HTTP Proxy service.
  • An outgoing connection from the HTTP Proxy service running on the firewall to a web server on the Internet.
  • Outgoing and incoming VPN traffic from the VPN service to the tunnel endpoint.
  • Outgoing NTP or DNS queries.

The Host Firewall is not accessible for managing access rules through the web interface.

Forwarding Firewall

The Forwarding Firewall runs as a service on a virtual server. It handles all traffic that does not match a listening socket on the firewall. You can create one (forwarding) firewall service on each CloudGen Firewall. This service listens to all IP addresses configured for the virtual server and is responsible for all connections that are transferred over the firewall to a remote host. The access rules for the Forwarding Firewall are maintained in the forwarding ruleset. The Forwarding Firewall is tightly integrated with all Application Control features, such as the Virus Scanner, Advanced Threat Protection (ATP), Intrusion Prevention System (IPS), and the URL Filter. Examples of connections that use the Forwarding Firewall are:

  • A web browser that connects to an external web server without using the HTTP Proxy service.
  • A ping to an external Linux server.
  • Traffic coming out of a VPN tunnel.

For more information, see Forwarding Firewall.

  • Only one Forwarding Firewall service is allowed per CloudGen Firewall.
  • The firewall handles only IP protocols. Non-IP traffic, such as Spanning Tree Protocol or IPX/SPX, is not forwarded.
Last updated on