Understanding Assigned Services
On the CloudGen Firewall, special services can be configured and activated to extend its network functionality. These services are assigned and bound to the firewall they are created on.
In order to understand the concept of Assigned Services, see Understanding Assigned Services.
Services are software modules running on the service layer of the firewall. Each service provides a piece of network functionality. Depending on which service you start, it might require additional services or be limited to one service per device. The services below are available on stand-alone and managed firewalls.
Before a service can be configured, it must be created. For more information, see How to Assign Services.
For how to configure a special service, see the following services:
Access Control Service
The Access Control service defines security policies for network users (e.g., VPN clients) and provides a range of features, such as registry checks and repairs on a client. Create access control objects with policy rulesets specifying the required system and service settings to let the CloudGen Firewall perform identity and health checks on connecting clients and groups.
For more information, see Access Control Service.
The DHCP service automatically assigns IP addresses to clients in the same network. For clients requiring special DHCP options, combine the DHCP server with the DHCP Relay service to share a DHCP server across multiple network segments.
The CloudGen Firewall can act as an authoritative DNS server. The DNS service returns definitive answers to DNS queries for domain names and IP addresses. Use split DNS to return different answers depending on the source IP of the DNS query. This allows you to redirect internal clients to an internal IP address of a server.
For more information, see DNS.
Dynamic Routing Protocols (OSPF/RIP/BGP)
Dynamic Routing enables the CloudGen Firewall to learn and select the optimal route to a destination IP address, detects changes to the network topology, and advertises these changes to other neighboring routers. Three dynamic routing protocols are supported - OSPF, RIP (V1 and V2), and BGP.
For more information, see Dynamic Routing Protocols (OSPF/RIP/BGP).
The Forwarding Firewall handles all traffic for which the destination does not match a listening socket on the firewall - in other words, all traffic passing through the CloudGen Firewall. The firewall service includes all Application Control features such as virus scanning, mail security, and file content filtering.
For more information, see Firewall.
The HTTP Proxy service provides content filtering and caching, antivirus and malware protection, and access control. You can configure the HTTP Proxy in forward, reverse, and transparent mode.
For more information, see HTTP Proxy.
The SIP Proxy server allows the CloudGen Firewall to act as a (transparent) proxy for SIP and RTP connections.
For more information, see SIP Proxy.
The Barracuda Web Filter (URL Filter) can be used by the HTTP Proxy service and in combination with application control. URLs are categorized according to content.
For more information, see URL Filter.
The Virus Scanner service provides virus protection, archive scanning, malware detection, and HTTP multimedia streaming. The Virus Scanner service can be configured using the integrated Avira or ClamAV virus scanning engine. Using the Virus Scanner service requires a subscription that can be renewed annually.
For more information, see Virus Scanner.
The VPN service supports site-to-site, client-to-site, and SSL-VPN VPN connections. CloudGen Firewalls support multiple encryption methods, SD-WAN, and WAN Optimization when using the TINA protocol.
For more information, see VPN.
For administration of Wi-Fi networks, the Wi-Fi service provides configuration settings for the local access point. The service also supports user authentication in large networks via RADIUS and EAP.
For more information, see Wi-Fi.
On a high-availability pair of firewalls, services are mirrored to the the secondary firewall. If the primary firewall goes down, all services are immediately activated on the secondary firewall. Pools of IP addresses and/or interfaces can be monitored to ensure and maintain the connectivity of services. In order to understand the concept of HA monitoring, see HA-Monitoring.