It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Change the Root Password and Management ACL

  • Last updated on

The root password is used for the superuser root. The user root can log into the basic subsystems and OS. Unless set during deployment, the default root password is ngf1r3wall. The root password must be changed immediately after the first login. Do not use the root user for daily configuration tasks; instead, use a firewall admin account.

Password Requirements

Passwords can consist of small and capital characters, numbers, and non-alpha-numeric symbols, except white spaces. Barracuda Firewall Admin rates the password strength according to the entered characters. A password strength of strong or best is recommended for the root password.

Change the Root Password

  1. Go to CONFIGURATION > Configuration Tree  > Box > Administrative Settings.
  2. In the left menu, click System Access.
  3. Click Lock.
  4. In the Root Password section, enter the password for the root user.

  5. Click Send Changes and Activate.

Management Access Control Lists

Misconfigurations of the Access Control lists cause Barracuda Firewall Admin to not be able to communicate with the firewall. The only way to revert this change is to log into the physical console of the system and follow the instructions from Barracuda Networks Technical Support to manually recover connectivity.

The management ACL specifies which IP addresses can access the system. Use the management access control list to allow-list networks that are allowed to connect via Barracuda Firewall Admin to the CloudGen Firewall or Control Center. Only these allow-listed networks are allowed access to the IPv4 or IPv6 management IPs on TCP ports 22 (secure shell) and 800-820. Access from all other addresses to these port/addresses is denied.

By default, access is allowed from an arbitrary address. Changing the ACL does not terminate active admin sessions. To enforce ACL changes, manually terminate active sessions on the FIREWALL > Sessions page.

When deploying a CloudGen Firewall in Azure, the ACL is enforced only when the interface is changed from dhcp to ethx and assigned a static IP address.

Configure Management Access Control Lists

If you configure only IPv6 networks, verify that an IPv6 management IP address is available. For more information, see How to Add an IPv6 Management IP Address.

  1. Go to CONFIGURATION > Configuration Tree  > Box > Administrative Settings.
  2. In the left menu, click System Access.
  3. Click Lock.
  4. In the Access Control Lists section, click + and add IPv4 networks and/or IP addresses to the ACL for IPv4 list.
  5. Click + and add IPv6 networks and/or IP addresses to the ACL for IPv6 list.
  6. Click Send Changes and Activate.