It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen WAN

How to Create a SAML Endpoint in Microsoft Azure and Basic User Connectivity & Personal Security Configuration

  • Last updated on

For Barracuda CloudGen WAN User Connectivity & Personal Security, you must configure a SAML endpoint in Microsoft Azure. In order to save the SAML configuration in Barracuda CloudGen WAN, you must also provide basic configuration details for User Connectivity & Personal Security.

Step 1. Create a SAML Endpoint in Microsoft Azure

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click Enterprise applications.
    ent_app.png
  5. In the Enterprise applications blade, click Overview.
    ent_app_overview.png
  6. In the Overview blade, click + New application.
    new_app.png
  7. The Add an application blade opens. Select Non-gallery application.
    non_gallery.png
  8. The Add your own application blade opens. Enter a name for the application, e.g., Campus-SAML-Endpoint and click Add .
    own_app.png
  9. After the deployment of the application is finished, open your application.
  10. In the Enterprise applications blade, click All applications.
  11. Click on the application you just created, e.g., Campus-SAML-Endpoint.
  12. The application Overview blade opens. Click 2. Set up single sign on .
    setup_sso.png
  13. The Single sign-on blade opens. Click SAML .
    sso_saml.png
  14. Copy the App Federation Metadata Url to your clipboard.
    app_fed_data_url.png

 

Step 2. Basic Configuration in Barracuda CloudGen WAN 

  1. Go to https://cloudgenwan.barracudanetworks.com/  and log in with your existing Barracuda Cloud Control account.
  2. Click USERS.
    main_menu.png
  3. The USERS window opens. Specify values for the following:
    • Enable Point-to-Site VPN - Click to enable.
    • Enable Site Autentication - Cick to enable. Site authentication allows devices physically located within the network to authenticate against the Barracuda CloudGen WAN service to enforce Security Policies.
    • Client Network - Enter the network used for the clients.
    • Pool Bitmask - Enter the bitmask of the network pool to allocate to each VPN access point.

      Barracuda recommends you to allocate an address space that is twice as large as the number of desired clients because the client network is automatically divided into pools. The pools are assigned equally to the gateways and must therefore be sized according to the largest number of clients. For example: If you have 2 gateways in 2 regions, and a large headquarters and a small branch office, both will receive an equal number of pools. For this reason, the client network must be sized according to the size of your headquarters location.


    • Primary DNS - Enter a primary DNS address for the VPN clients to use or leave blank to use the standard configuration.
    • Secondary DNS -  Enter a secondary DNS address for the VPN clients to use, or leave blank to use the standard configuration.
    • User Connectivity Routing -  Select either Internal Network or Internet Access from the drop-down menu.  The option Internal Network routes only the networks learned via BGP through the CloudGen WAN gateway, and the option Internet Access sends all traffic through the gateway. Internet Access can be used to inspect all traffic by CloudGen WAN.
    • Enterprise App Federation Metadata Url* - Paste the App Federation Metadata Url retrieved in Step 1.
      users_basic_config.png
  4. Click Save.
  5. Stay in the USERS window.
  6. Click DOWNLOAD METADATA.
    download_meta82.png
  7. Save the file to your local disk.

Step 3. Finalize SAML Configuration in Microsoft Azure

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click  All services  and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click Enterprise applications.
  5. In the Enterprise applications blade, click All applications.
  6. Click on the application you created in Step 1, e.g., Campus-SAML-Endpoint.
  7. In the left menu, click Single sign-on .
  8. The Single sign-on blade opens.
  9. Click Upload metadata file.
    upload_metadata.png
  10. Select the file downloaded in Step 2 and click Add .
    add_file.png
  11. Click Save.
    basic_saml.png
  12. The Enterprise applications blade opens. 
  13. Click Properties and set User assignment required? to No.
    saml_prop.png
  14. Click Save.
    save_saml.png

Further Information

Last updated on