It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure VPN Group Policies in the SSL VPN

  • Last updated on

By adding group-policy-based VPN group policies to your CloudGen Firewall SSL VPN resources, you can let end users self-provision the VPN clients on their Windows, macOS, or iOS devices. Users then only need to log into their desktop or mobile portal and click the provisioning link. By default, the VPN group policy uses session and user attributes for single sign-on. The downloaded file automatically configures the Barracuda VPN client or iOS VPN client, depending on the operating system. Currently, VPN files containing personal license files (*.lic) cannot be uploaded.

Before You Begin

Step 1. Export the Client-to-Site VPN Group Policy

Download the VPN group policy (*.vpn) file from the Client-to-Site configuration.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > Client-to-Site.
  2. Click the External CA tab. 
  3. In the Group Policy tab, double-click on the VPN group policy. The Edit Group Policy window opens.
    vpnfiles00.png
  4. Click Export to file. The Export VPN Profile window opens.
    vpnfiles01.png
  5. Enter a new Description.
  6. Enter the IP address of the VPN Server.
  7. Click OK.
    vpnfiles02.png
  8. Save the file.

Step 2. Create a VPN Group Policy Resource

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > SSL-VPN .
  2. In the left menu, select VPN Group Policy.
  3. Click Lock.
  4. Click + to add a new VPN Group Policy.
  5. Enter a Name and click OK. The VPN Group Policy window opens.
  6. Enter the Display Name
  7. (optional) To restrict access to the VPN files by user group, replace the * entry in the Allowed User Groups list. Click + to add new user groups.
  8. Click Ex/Import and select Import from File.
  9. Select the VPN group policy file you exported in step 1.
  10. (SSO only) Enter a session or user attribute for the Username and Password. For more information, see How to Use and Create Attributes.
    vpnfiles03.png
  11. Click Open.
  12. Click OK.
  13. Click Send Changes and Activate

VPN Self-Provisioning

To configure the VPN clients on their desktop or iOS device, users can access the VPN group policies through either the SSL VPN web portals or CudaLaunch. Clicking on the VPN group policy resource adds the policy to the VPN client installed on the device. For CudaLaunch on mobile devices, the VPN connection is fully managed by the app, including updating the VPN profile if the VPN file attached to the group policy in the SSL VPN is changed. For Windows and macOS devices, the VPN connection for the Barracuda VPN Client can be downloaded directly from CudaLaunch or the web portal, but VPN configuration changes are not synced.