If your Internet connection is using static IP addresses or entire network ranges assigned by your ISP, you must create routing entries on box level and then assign the IP address(es) to the virtual server. Choose the network type Untrusted to automatically create a default route (0.0.0.0/0) for the connection.
Before You Begin
Connect the network equipment installed by your provider to an unused port (not the management port) of your Barracuda CloudGen Firewall.
Step 1. Add a Direct Route
Create a direct attached route entry to create the network on box level of the CloudGen Firewall. Be sure to create the route on the port the ISP is plugged into.
- Go to CONFIGURATION > Configuration Tree > Box > Network.
- In the left menu, select Routing.
- Click Lock.
- In the Main Routing Table, click + to add a new route.
- Enter a Name for the route and click OK.
- Enter the IP address of the target network in the Target Network Address field. E.g.,:
62.99.0.0/24
- Select directly attached network as the Route Type.
- Select the port the ISP is connected to from the Interface Name list. E.g.,: port 2.
- If the default route will be introduced in an environment where multiple dynamic links are available, specify a Route Metric.
- Select Untrusted as the Trust Level.
- Enter the Default Gateway IP address. E.g.,:
62.99.0.254
- Click OK.
- Click Send Changes and Activate.
Step 2. Perform a Network Activation
After you create or change basic network configurations such as routing, you must activate your new network configurations.
- Go to CONTROL > Box.
- In the left menu, expand the Network section and click Activate new network configuration.
- Select Failsafe.
Your route is now displayed as a disabled route (grey X icon) in CONTROL > Network.
Step 3. Add the Static IP Address to a Virtual Server
Assign the individual WAN IP addresses you want to use to the virtual servers on the firewall. By introducing the external IP addresses on the virtual server, you can use a high availability (HA) cluster to transfer the WAN address to the secondary unit and still be reachable under the same IP address. In our example, you would enter 62.99.0.221
in the virtual Server Properties (CONFIGURATION > Full Configuration > Virtual Servers > your virtual server ) as the First-IP, Second-IP or Additional IP address.
For more information, see Virtual Servers and Services.
Verify the Network Configuration
Open the CONTROL > Network page to verify that all network routes have been introduced successfully. Verify the WAN IP addresses are displayed with a green status icon and that the introduced routes are available in the tables Main and Default and that the default route is directing traffic through your ISP connection.