The Barracuda CloudGen Firewall has two types of services. Box services provide functionality required to run the Barracuda CloudGen Firewall system. They are factory-defined and cannot be created or removed by the user. Server services are created and run in a virtual server. Services relying on other services for certain functionality (i.e., firewall and virus scanner service) must be created on the same virtual server. Although possible, it is recommended to only create one service type per virtual server. You can create the following services:
Barracuda CloudGen Firewall Services
Depending on your model, some services may not be available. Consult the datasheet for your appliance for more information on which services are available for your model.
Barracuda Firewall Control Center Services
Create a Service
Step 1. Add a Service to a Virtual Server
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services.
- Right-click Assigned Services and select Create Service.
- Enter a Service Name. The name must be unique and no longer than 30 characters. The service name cannot be changed later.
-
In the Software Module field, select the type of service that you are creating. You cannot change the service type after the service is created.
Step 2. Service IPs and Type of Service
Assign the IP addresses the service listens on.
- In the Service IPs section, enter the IP addresses for the service.
- Select the IP addresses the service listens on from the Service Availability list.
- All IPs – Some services (i.e., firewall) will automatically listen on all available Server IP addresses.
- First + Second-IP – Listen on the first and second virtual server IP address.
- First-IP – Listen on the first virtual server IP address.
- Second-IP – Listen on the second virtual server IP address.
-
Explicit – Add the IP addresses you want to use to the Explicit Service IPs table. Explicit IP addresses must also be added to the Additional IP table in the Server Properties of the virtual server. For more information, see How to Configure Virtual Servers.
- Click Next.
Step 3. Statistics (optional)
Enable statistics settings for the service. By default, all settings are enabled for the service:
In the Statistics Settings section set Generate Statistics to yes.
-
Edit the following settings according to your requirements:
- Src Statistics – Generates IP source-based statistical data for the service. Only the number of connections from IP addresses is recorded. The times at which the connections were made are not recorded.
- Src Time-Statistics – Generates IP source-based statistical data for the service. Both the number of connections made from IP addresses and the times at which the connections were made are recorded.
- Dst Statistics – Generates IP destination-based statistical data for the service. Only the number of connections to IP addresses is recorded. The times at which the connections were made are not recorded.
- Dst Time-Statistics – Generates IP destination-based statistical data for the service. Both the number of connections made to IP addresses and the times at which the connections were made are recorded.
- Src-Dst Statistics – Generates IP source/destination pair based-statistical data for the service. Only the number of connections to and from IP addresses is recorded. The times at which the connections were made are not recorded.
- Click Next.
Step 4. (optional) Access Notification
Configure which events are created for successful and unsuccessful logins. On stand-alone firewalls and on the box level of the Control Center, this setting can only be configured for all administrators. On the Control Center, each type of administrator (Multi-Range > Global Settings > CC Access Notification) can be handled separately: Access notifications are only available for DHCP Server, Firewall, VPN Service and the Mail Gateway service.
The following events are used for login attempts:
- The User Unknown event is generated when the admin ID is unknown to the underlying Barracuda Networks authentication module.
- The Authentication Failure event type is used when the password or key do not match or the admin is not authorized to access the service (multi-admin environment, only in conjunction with a Barracuda Firewall Control Center).
To configure which events are created, complete the following steps:
- In the Notification section, edit the following settings according to your requirements:
-
Success – Select the notification level for a successful login:
- Silent – No event.
- Notice – NGFW Subsystem Login Notice [2420].
- Warning – NGFW Subsystem Login Warning [2421].
- Alert – NGFW Subsystem Login Alert [2422].
-
Failure – Select the notification level for an unsuccessful login:
- Silent – No event.
- Notice – NGFW Subsystem Login Notice [2420].
- Warning – NGFW Subsystem Login Warning [2421].
- Alert – NGFW Subsystem Login Alert [2422].
-
Success – Select the notification level for a successful login:
- Click Finish.
- Click Activate to create the service.
The service is now displayed as active () on the CONTROL > Server page.
Remove a Service
Removing a service is permanent and cannot be undone.
- Expand the Assigned Services node (Configuration > Configuration Tree > Box > Virtual Servers > your virtual server).
- Right-click the service you want to delete and click Lock.
- Right-click the service you want to delete and click Remove Service. A verification popup opens.
- Click Yes.
- Click Activate.
Enable or Disable a Service
- Go to the Service Properties node (CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > your service).
- Click Lock.
- To disable the service set Enable Service to No.
- To enable the service set Enable Service to Yes.
- Click Send Changes and Activate.
Move a Service
You can move services between virtual servers. If you are moving a service on a Barracuda Firewall Control Center, verify that the name of the service is unique in the cluster.
- Expand the Assigned Services node (CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server).
- Right-click the service you want to move and click Lock.
- Right-click the service you want to move and click Move Service. The Select Destination window opens.
- Select the destination virtual server.
- Enter the Name for the New Object.
- Click OK.
- Click Activate.