We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway
Barracuda Email Security Gateway

How to Set Up Your Cloud Protection Layer

  • Last updated on

To use the Cloud Protection Layer, you must have a current Energize Updates (EU) subscription for your Barracuda Email Security Gateway. After setting up your Cloud Protection Layer, see Cloud Protection Layer for how to configure policies at the Cloud Protection Layer level.

Create or Log Into Your Barracuda Cloud Control Account

Begin setup of your Cloud Protection Layer by either creating a Barracuda Cloud Control account or logging in with your existing account. If you already have an account, skip to Configure Cloud Control below.

To create a Barracuda Cloud Control account:

  1. Visit https://login.barracudanetworks.com/ and click the Create a user link.
  2. Enter your name and email address, and click Create User. Follow the instructions emailed to the entered email account to log in and create your Barracuda Cloud Control account.
  3. After submitting your new account information, the Account page displays your account name, associated privileges, username, and Barracuda Networks products you associate with your Barracuda Cloud Control account.

Ensure Connectivity and Redundancy

When using the Cloud Protection Layer, all of your incoming mail should come from the Barracuda IP ranges specified below. If desired, you can restrict incoming mail to only these IP addresses, which will prevent any spammers from sending mail directly to your Barracuda Email Security Gateway:

  • Open your firewall ports to allow the IP address ranges 64.235.144.0/20 and 209.222.80.0/21
  • Block all port 25 traffic except for that originating from the Barracuda Email Security Service IP address ranges 64.235.144.0/20 and 209.222.80.0/21

Configure Cloud Control

  1. Log into your account at https://login.barracudanetworks.com/ by entering your email address and password.
  2. Click Sign In. Once logged in, you can create users in your Barracuda Cloud Control account (see How to Add Users and Configure Product Entitlements and Permissions) and assign various permissions to each user for access to Barracuda Cloud Control.
  3. Click on the Appliance Control link on the left side of the page. If you have not yet connected any appliances or services to your account, click the Set up your Barracuda Cloud Control button. You’ll see the Barracuda Cloud Control Dashboard page and a message indicating that no products have yet been connected.
  4. In another browser tab or window, log into your Barracuda Email Security Gateway. From the product ADVANCED > Firmware Upgrade page, check to make sure you have the latest firmware installed. If not, download and install it now.
  5. From the ADVANCED > Cloud Control page, enter the username and password you created for your Barracuda Cloud Control account. Click Yes for Connect to Barracuda Cloud Control to connect your Barracuda Email Security Gateway to the Barracuda Cloud Control, and then click the Save Changes button. Note that your Barracuda Email Security Gateway can connect with only one Barracuda Cloud Control account at a time.
  6. In the Barracuda Cloud Control window, refresh your browser page. In the Products column on the left side of the page, you should see the Email Security Gateway group with two components, or ‘nodes’ listed: 

    • The Cloud Protection Layer node
    • Each Barracuda Email Security Gateway you have connected, with its serial number

  7. Click on the Cloud Protection Layer link and navigate to the DOMAINS page.

    The MX record for each domain should point to the Barracuda Email Security Gateway so that the Cloud Protection Layer can establish a connection to the system.

     Complete the following steps for each domain for which you want the Cloud Protection Layer to filter email:


    1. For each domain you have configured on the Barracuda Email Security Gateway, enter the Domain Name. In the Mail Server field, enter the external facing (public) IP address of your Barracuda Email Security Gateway. This is typically, but not always, the IP Address from the BASIC > IP Configuration page. The Cloud Protection Layer must be able to establish and confirm a connection to the Barracuda Email Security Gateway in order to receive the required MX records.
    2.  Click Add.
    3. Each of the domains for which you want to filter email must be verified by the Cloud Protection Layer for proof of ownership. To verify the domain, click Verify in the Status column. If you do not verify a domain you add, the Cloud Protection Layer does not process email for that domain.

      Important: If your Barracuda Email Security Gateway is behind a relay or mail proxy, the Cloud Protection Layer may not be able to validate your domains.

      DomainsWithMXRecords.jpg

    4. After adding and verifying the domain, in the Actions column, click Settings to add/configure mail servers, SMTP over TLS, and spooling of mail (in case the Barracuda Email Security Gateway is temporarily unavailable).

    5. The Cloud Protection Layer will verify domain ownership, and, if the Cloud Protection Layer can communicate with the Barracuda Email Security Gateway, the Status of the domain in the table will change from Not Verified to Verified, and you will see a Recommended MX record for that domain on the DOMAINS page. The Cloud Protection Layer must be able to establish and confirm a connection to the Barracuda Email Security Gateway in order to receive the required MX records. If ownership of the domain cannot be verified, the Cloud Protection Layer will not receive email for that domain.

      DomainsWithMXRecords.jpg

  8. Add the Recommended MX record on the DOMAINS page for each domain to your external DNS through your ISP or domain hosting provider. Once the DNS entries have propagated, the Cloud Protection Layer will begin receiving mail immediately.

Configure Cloud Protection Layer Filtering Policies

Important: Initially, most of the configuration on your Barracuda Email Security Gateway will automatically be copied to your Cloud Protection Layer so you do not have to re-configure policy for your existing domains. You can then edit policies in the Cloud Protection Layer if needed.

You can configure most of the same filtering policies and SMTP settings in the Cloud Protection Layer web interface that you can on your Barracuda Email Security Gateway using the INBOUND SETTINGS pages. See Cloud Protection Layer for details.

For greatest security, it is highly recommended that you set Scan Email For Viruses and Use Barracuda Real-Time System (BRTS) to Yes on the INBOUND SETTINGS > Anti-Spam/Antivirus page in the Cloud Protection Layer.

View Email Statistics

When you click on the top level of the Barracuda Cloud Control products list, you will see statistics for ALL of your products, including the Cloud Protection Layer for your Barracuda Email Security Gateway.

  • Click on the Barracuda Email Security Gateway group to view combined statistics for all connected Barracuda Email Security Gateways. You can then click on each individual appliance to see individual statistics.
  • Click on Cloud Protection Layer to view statistics for all inbound mail through the Cloud Protection Layer.

To see how many messages were blocked by the Cloud Protection Layer:

  1. Click on the Cloud Protection Layer.
  2. On the DASHBOARD page, for Inbound Email Statistics, select Blocked.
    The Dashboard page shows you ONLY statistics for inbound traffic through the Cloud Protection Layer. Use these traffic profiles along with the MESSAGE LOG page to determine how to best tune your spam policies.

To see how many messages were blocked by one or more of your Barracuda Email Security Gateways:

  1. Expand the Email Security Gateway link and click on the system you want to view.
  2. Navigate to the BASIC > Dashboard page.

Monitor Incoming Emails

Once email is flowing through the Cloud Protection Layer, the administrator can view the MESSAGE LOG page of the service to get an idea of how many messages are being blocked by the Cloud Protection Layer, with reasons for each of those actions. Reviewing the log will give an idea of how current Cloud Protection Layer (as well as Barracuda Email Security Gateway) settings are filtering messages.

Integration With the Barracuda Email Security Gateway

The Cloud Protection Layer MESSAGE LOG fully integrates inbound email activity processed by the Cloud Protection Layer with inbound email activity processed by the Barracuda Email Security Gateway. The Delivery and Reason columns in the Cloud Protection Layer MESSAGE LOG are the key to seeing how the Cloud Protection Layer blocks spam and virus threats before they reach your network.

The Delivery column indicates the following:

  • Not Delivered For messages blocked in the Cloud Protection Layer that never reach the Barracuda Email Security Gateway.
  • Rejected For messages passed through the Cloud Protection Layer to the Barracuda Email Security Gateway, which blocked the message.
  • Delivered For messages allowed by the Cloud Protection Layer and the Barracuda Email Security Gateway.
    Messages allowed by the Cloud Protection Layer may be quarantined, redirected, or encrypted by the Barracuda Email Security Gateway.

The Reason column in the log indicates why Cloud Protection Layer blocked the message. Click the ? on the Message Log page for details.

CPLMessageLog.jpg

The Status column to the left of the From column indicates the following:

  • Green – Allowed by the Cloud Protection Layer
  • Red  Blocked by the Cloud Protection Layer
  • White  Deferred by the Cloud Protection Layer

Remember that only the Barracuda Email Security Gateway can tag or quarantine messages. Messages that are Delivered passed through filters in both the Cloud Protection Layer and the Barracuda Email Security Gateway.


Last updated on