We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Attention

Barracuda CloudGen Firewall version 8.0 is a cloud-only version. It is currently not available for on-premises deployments and can only be deployed in Microsoft Azure, Amazon Web Services, or Google Cloud Platform public clouds.

Barracuda Reporting Server (BRS) Integration

  • Last updated on

The Barracuda Reporting Server (BRS) is a hardware appliance purpose-built for rapidly generating aggregated / dedicated reports for Cloud Generation firewalls while maintaining or improving the accuracy of reporting data. Unlike a firewall which retents data for a maximum of 7 days, the Reporting Server caches data up to 12 months. Creating reports is done using schedules. The BRS enables Cloud Generation firewalls to use less disk space on their internal SSDs an therefore contributes to longer SSD lifetimes. It also provides an aggregate view of data for customers with multiple connected devices.

Host names for stand-alone firewalls used on the BRS must be unique. When using the BRS in connection with more than one Control Center, the range IDs of the Control Centers must not overlap. This restriction does not apply to managed firewalls. HA clusters are displayed as a single unit on the BRS using the name of the primary firewall. The authentication data is transmitted encoded via port 2400 TCP; the log stream is transmitted encoded using port 8001 TCP. The minimum firmware version of the BRS must be 1.0.3.480 in order to work with CloudGen firmware 7.2.1.

The following logs are sent to the BRS: the box_Firewall_Activity.log, the box_Firewall_threat.log and the web log. Since the web log is not stored in a file, the log is directly streamed to the BRS.

Before You Begin

  • You must provide a shared secret that was configured on the BRS beforehand. The shared secret will serve for authenticating the firewall to the BRS.

The shared secret can consist of small and capital characters, numbers, and non alpha-numeric symbols, except the hash sign (#).

  • Your BRS must be running and be reachable via the network for all local CloudGen firewalls.

Step 1. (optional, Virtual Firewalls only) Enter Serial Number for the Firewall to Enable Streaming to the Barracuda Reporting Server

  1. Go to CONFIGURATION > Configuration Tree > Box > Box Properties.
  2. Click Lock. 
  3. In the left navigation menu, click Switch to Advanced mode.
  4. In the Product and Model section, enter the Serial Number of your virtual firewall to enable streaming to the Barracuda Reporting Server.

Step 2. Enable Application Logs

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Service > General Firewall Configuration.
  2. Click Lock.
  3. In the left navigation menu, click Switch to Basic mode.
  4. In the left menu, click Audit and Reporting.
  5. In the Log Policy section, select Log-All-Applications for Application Control Logging.
  6. Activity Log Information – If you have changed any setting that differs from its default value, the respective data may not be included in the reports. Click Clear to reset to defaults.
  7. Ensure that Log Level is set to Cumulative Logging unless you want to have redundant data to be transmitted to the BRS.
    enable_application_logs.png
  8. Click Send Changes.
  9. Click Activate.

Step 3. (optional) Enable SCADA Logs

If you are using SCADA, application logs must be (re-)activated.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Service > General Firewall Configuration.
  2. Click Lock.
  3. In the left navigation menu, click Switch to Basic mode.
  4. In the left menu, click Application Detection.
  5. In the Supervisory Control and Data Acquisition (SCADA) section, select Enable without Parsing Log for SCADA Protocol Detection.
    enable_SCADA_logs.png
  6. Click Send Changes.
  7. Click Activate. 

Step 4. Enable Streaming to the Barracuda Reporting Server

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.
  2. In the left navigation bar, click Barracuda Reporting Server.
  3. Click Lock.
  4. Select the Enable check box.
  5. Enter the Hostname ot IP address of the reporting server.
  6. Enter the Shared Secret from your BRS in the New edit field.
  7. Re-enter the Shared Secret into the Confirm edit field.
  8. (optional) Enter the BRS Serial Number.
    brs_enable.png
  9. Click Send Changes and Activate.

Your firewall will now send data to the Barracuda Reporting Server.

Last updated on