Configure NGF local authentication to locally administer users and groups on the Barracuda CloudGen Firewall. With NGF local authentication, you can refer to local users and groups when creating firewall rules, VPN tunnels, and services.
Configure the Firewall Authentication Settings
Set the HTTPS private key and certificate to activate firewall authentication.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Settings.
- In the left menu, click Authentication.
- Click Lock.
- (optional) Edit the Operational Settings.
- Upload or create the HTTPS Private Key and Certificate.
- Select the Authentication Scheme from the list, e.g., NGF Local. For more information, see Authentication.
- Click Send Changes and Activate.
Configure NGF Local Authentication
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- In the left navigation pane, select NGF Local Authentication.
- Click Lock.
- Enable NGF Local Scheme as authentication scheme.
- In the Users table, add an entry for each user that you are administrating with the local authentication scheme. For each entry, you can configure the following settings:
- Username – Authentication name of the user.
- Password – Initial user password.
- Mail address – Email address for the user.
- If group information is queried from a different authentication scheme, select the scheme from the User Info Helper Scheme list. For example, select LDAP if group information must be queried from an LDAP directory.
Click Send Changes and Activate.
Changing User Passwords
When using NGF local authentication, you can also provide users the option of managing and changing their passwords. This is done by creating an access rule to redirect HTTP/S requests (port 80/443) to the local web server of the system.
Create an App Redirect firewall rule with the following settings:
- Action – App Redirect
- Source – Trusted LAN (LAN network users)
- Service – HTTP+S
- Destination – Choose a custom IP address to be entered by the user to access the web interface. For example:
- Redirection – IP address of the local web server, together with the HTTP/S port. For example:
After you create and activate this firewall rule, users can enter
http://22.214.171.124/cgi-bin/ngflocalpasswd into a web browser to change their password.