It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Custom External Network Objects

  • Last updated on

If you have a file containing a list of IP addresses or networks, you can import them automatically or manually into the external network objects. On CloudGen Firewalls running in the public cloud, these objects are automatically filled in with information gathered from the cloud provider. It is possible to import both IPv4 and IPv6 network addresses.

File Format

  • IP addresses must be written in CIDR notation.
  • Each IP address must be entered in a separate line.
  • Limited to 10,000 IP addresses per file.
  • The file used for importing IP addresses must be encoded in ASCII or at least UTF-8. Importing files encoded in UTF-8-BOM will not work.

Before You Begin

An admin account with full shell access is required.

Importing an External IP File on a Stand-Alone CloudGen Firewall

Step 1. Copy the File to the Firewall
  1. Copy the file containing the IP addresses to /var/phion/home/. Use a temporary file format to ensure that only data of completely copied files are imported into the network objects. E.g., addresses.dirty
  2. Rename the file after the copy process:

    # mv -f /var/phion/home/addresses.dirty /var/phion/home/addresses
Step 2. Import the File into a Custom External Object

On the command line, enter /opt/phion/bin/CustomExternalAddrImport -i /var/phion/home/addresses -o <External Firewall Object Number> in the Command section. E.g., /opt/phion/bin/CustomExternalAddrImport -i /var/phion/home/addresses -o 1 to import into the Custom External Object 1.

Check the CustomExternalImport firewall log file to verify the import was successful. You can also open the FIREWALL > Forwarding Rules page and click Networks.

Bild 268.png

The IP addresses and networks in the custom external network objects are not displayed on the CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Firewall Rules page. Go to FIREWALL > Forwarding Rules directly on the firewall to see the content of the dynamic network objects.

Step 3. (Optional) Create a Cron Job for Import 

Create a cron job to automatically trigger a periodic import process.

  1. Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > System Scheduler.
  2. Click Lock.
  3. In the left menu, click Daily Schedule.
  4. Click + to add an Interhour Schedule job.
  5. Enter the Name, and click OK.
  6. Enter /opt/phion/bin/CustomExternalAddrImport -i /var/phion/home/addresses -o <External Firewall Object Number> in the Command section.
  7. For High Availability setups, add -h to execute the CustomExternalAddrImport binary located in /opt/phion/bin and import the IP addresses to the Custom Network Object with the index number 1. E.g., CustomExternalObject1
  8. Select every from the Minutely Schedule drop-down list, and enter the period for the Run Every...Minutes parameter.
  9. Click OK.
  10. Click Send Changes and Activate.

On a Barracuda Firewall Control Center

Configure a cron job on the Control Center to copy the address's file to the /var/phion/home/ directory of your managed firewalls. Copying the files through the management tunnels does not require separate authentication because the Control Center already has a trust relationship established with the remote firewalls. On the managed firewalls, create another cron job to import the address's file every 5 minutes.

  • On the Control Center, create a cron job to regularly copy the address's file to the managed firewalls.
  • On the managed firewalls, create a cron job to import the addresses.
  • Do not use the h (HA synchronization flag).
  • The predefined external objects can be copied into the global objects database and used throughout the firewall configuration.