It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure VPN GTI Settings for a VPN Service

  • Last updated on

Before adding VPN services to the VPN group, you must configure GTI VPN settings for each service. This information is then used by the GTI Editor when creating VPN tunnels.

  • Transport Source IP – The IPv4 or IPv6 address the VPN service is listening on.
  • Transport Listening IP – The external IPv4 or IPv6 addresses the VPN service can be reached at.

Step 1. Add the On-premises Networks

Add the on-premises networks you want to make available through the VPN tunnel to the server properties.

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > your virtual server > Server Properties.
  2. In the left menu, select Network.
  3. Click Lock.
  4. Enter the local IPv4 networks you want to be available over the VPN in the Server/GTI Networks table. E.g., 10.0.10.0/25
  5. Click Send Changes and Activate.

Step 2. Configure the VPN GTI Settings

Configure the IP addresses the VPN service is listening on and the IP addresses through which the VPN service can be reached from the outside. Enter all configured IP addresses. You can remove them later when configuring the VPN tunnel in the GTI Editor as needed.

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > your virtual server > Assigned Services > VPN Service > VPN GTI Settings.
  2. Click Lock.
  3. Configure the IPv4 Transport Settings:
    1. Select the Transport Source IP:
      • All Service IPs – Use all IP addresses defined in the Service Properties of the VPN service.
      • First-IP – Use the first IP address of the virtual server. Service properties of the VPN service must be configured to use the first IP address.
      • Second-IP – Use the second IP address of the virtual server. Service properties of the VPN service must be configured to use the second IP address.
      • Dynamic (via routing) – Source IP address is chosen via routing lookup. 
      • Explicit – Select Explicit and enter the IP addresses in the Explicit Transport Source IP table.
    1. Select the Transport Listening IP:
      • Use Transport Source IP
      • First-IP – Use the first IP address of the virtual server. Service properties of the VPN service must be configured to use the first IP address.
      • Second-IP – Use the second IP address of the virtual server. Service properties of the VPN service must be configured to use the second IP address.
      • Dynamic (via routing) – Source IP address is chosen via routing lookup. 
      • Explicit – Select Explicit and enter the IP addresses in the Explicit Transport Listening IP table.

        If you are only using active VPN connections from this VPN service, you can disable the transport listening IP by entering 127.0.0.1 in the Explicit Transport Listening IP table.

        gti_settings_01.png

  4. Configure the IPv6 Transport Settings:
    1. Select the Transport Source IP:
      • All Service IPs – Use all IPv6 addresses defined in the Service Properties of the VPN service.
      • Dynamic (via routing) – Source IP address is chosen via routing lookup. 
      • Explicit – Select Explicit and enter the IPv6 addresses in the Explicit Transport Source IP table.
    1. Select the Transport Listening IP:
      • Use Transport Source IP
      • Explicit – Select Explicit and enter the IP addresses in the Explicit Transport Listening IP table.

      gti_settings_02.png
  5. Click Send Changes and Activate.

Next Step

Add the VPN service to a VPN group and create VPN tunnels using the GTI Editor. For more information, see How to Create a VPN Tunnel with the VPN GTI Editor.