It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Firewall Rule Tester and Test Reports

  • Last updated on

Barracuda Firewall Admin provides you with a few tools to test your access rule set: 

  • Check for Overlapping Rules – Highlights access rules with criteria that matches those of a selected access rule and helps you determine the best order for your access rules.
  • Rule Tester – Tests the access rule set with the specified connection settings. Also verifies the consistency of your access rule set.
  • Test Report – Contains settings and results that are saved from a rule test. Notifies you if any later changes to the access rule set result in an unsuccessful connection request with the saved settings.

Check for Overlapping Rules

Because a connection request can match the criteria of multiple access rules, the order of the rules is important. To help you identify access rules with criteria that matches those of a selected rule, use the overlap checker.

  1. Open the Forwarding Rules page (CONFIGURATION > Configuration Tr ee > Box > Assigned Services > Firewall).
  2. Right-click a access rule and select Select Overlapping.

Any access rules with matching criteria are highlighted. In most cases, the overlap is a harmless outcome of a very openly defined firewall object such as Any.

Test the Access Rule Set

To test your access rule set, you can simulate a specific connection by entering the network data in the rule tester. The rule tester then determines which access rule would match this connection attempt.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  2. In the left menu, expand the Rule List Verification section and click  Rule Tester.
  3. In the TEST CONNECTION section, enter the network parameters you want to test:   
    • Proto – Protocol
    • Day/Hour – (Optional) Day of week and time
    • Date – (Optional) Month, day, and year
    • From – Source IP address
    • Port – Source port (default is 2048)
    • To – Destination IP address
    • Port – Destination port
    • SMAC – (optional) Source MAC address
    • Input-IF – (optional) Incoming interface
    • Output-IF – (optional) Outgoing interface
    • Srv –  Service

  4. Click Test. The test result is displayed in the TEST RESULT section.

Save the Rule Test to a Test Report

  • To save your access rule test settings and result, click LOCK, enter a name in the Save Result to field and click Save Result to.
    Your test is saved as a test report.
  • To view your saved test results, expand Rule List Verification and click Test Report in the left pane of the rule set page.

Test Reports

On the Test Report page, successful test results are indicated by a green icon. Unsuccessful test results are indicated by a red icon. If you make changes to the access rule set that would cause an unsuccessful test connection for a test report (such as renaming objects or changing the order of access rules), the green icon turns into a red icon.

The new results are added to the test report while the old results are displayed in brackets. You can validate or edit the settings for the failed connection request. If the new results for a failed connection request are correct, you can validate the test report by right-clicking it and selecting Rectify. The red icon for the test report turns into a green icon. If the new results for a failed connection request are incorrect, you can edit the access rule or the test report settings.

  • To edit the test report, right-click it and select Edit.
  • To edit the access rule, double-click the test report. In the TEST RESULT section, click Edit next to the Rule field.

While editing the test report, you can also use it as a template and save the new settings as a new test report.

Test reports are only saved temporarily. If you want to save test reports, click Send Changes and Activate.