In certain cases it can be necessary to stream data from a remote firewall to a Barracuda Reporting Server (BRS) that is located behind a local border firewall. In the following setup, streaming data is sent from a remote firewall through the remote management tunnel over the Internet and through the local border firewall to the Control Center, which forwards the traffic to the BRS.
Before You Begin
You must complete all necessary steps for the BRS integration. For more information, see Barracuda Reporting Server (BRS) Integration.
- If you deploy a firewall via the Control Center with a default configuration set from firmware version 7.2, the service object 'BRS', the host access rule 'BOX-BRS-REPORTINGSERVER-MGMT-NAT' and the forwarding access rule 'BOXES-2-LAN-BRS-REPORTINGSERVER' are already preconfigured.
- If you migrate a stand-alone firewall to firmware version 7.2, these items are not preconfigured, and you must create them according to the following description.
Step 1. Add the BRS to the Remote Network Addresses for Tunnels
You must add the BRS to the remote network addresses list as a target in order to forward traffic through the management tunnel.
- Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > your remote box > Network.
- In the left navigation bar, click Management Access.
- Click Lock.
- In the Remote Management Tunnel section, click Show... for Tunnel Details.
- The Tunnel Details window is displayed.
- Click + for Remote Networks.
- Enter the IP address of the BRS to the list, e.g., 10.10.68.107.
Step 2. On the Control Center, Allow BRS Traffic to the BRS by an Access Rule
If you have deployed both your local and remote border firewall with a default configuration set from firmware version 7.2 via the Control Center, the host access rule 'BOXES-2-LAN-BRS-REPORTINGSERVER' is already present and you can omit this step. However, you must activate the access rule 'BOXES-2-LAN-BRS-REPORTINGSERVER' in the list view for forwarding access rules.
To forward the BRS traffic from the Control Center to the BRS, you must create the following access rule:
- Log into your Control Center on box level.
- Go to CONFIGURATION > Configuration Tree > Multi Range > Virtual Servers > Firewall > Forwarding Rules.
- Click Lock.
- Click +.
- Enter the values for the rule:
- Connection Type – Pass.
- Name – BOXES-2-LAN-BRS-REPORTINGSERVER.
- Source – Enter the address for the VIP net used for the remote managed firewall.
Service – Enter
- Destination – Enter the IP address for the BRS, e.g., 10.17.68.107.
- Connection Method – Dynamic NAT.
- Click OK.
- Click Send Changes.
- Click Activate.
The remote firewall can now stream data to the BRS via the remote management tunnel.