We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How can I configure the Cloud Protection Layer (CPL) for use with my Email Security Gateway?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00005615

This solution applies to the Email Security Gateway, firmware version 5.x and up.

The Cloud Protection Layer provides yet another layer of security by pre-filtering inbound email for spam and viruses in the cloud before it reaches your actual network and/or the Email Security Gateway. Here are some of the great benefits of enabling this feature:

  •   Dual Protection Points - comprehensive onsite and cloud-based threat protection including the Barracuda Anti-Virus Super Computing Grid and Barracuda Advanced Anti-Fraud Intelligence.
  •   Email Burst Handling - email surge suppression during peak traffic and spam spikes, which offloads a significant volume of spam email to be filtered via the cloud.
  •   Immediate Response - automatic updates in real-time leveraging threat intelligence from Barracuda Labs and Barracuda Central to continuously stay ahead of quickly morphing threats.
  •   Email continuity - Optional spooling (queueing) of email for up to four days and backup MX for email rerouting to a separate destination. Ensures seamless disaster recovery capabilities in the event of network downtime or system outage.
Setting up the CPL for use with your physical appliance(s),

       There are some steps we need to take.

  1. If you don't already have an account with Barracuda Networks, visit http://www.barracudanetworks.com and click the Customer Login link in the upper right corner of the page. If you already have an account, log in and skip to step 4.
  2. From the Sign In page, click the Create a new account link. Enter your name and contact information, business name and location. Make a note of your username (email address) and your password.
  3. After submitting your new account information, you'll see the Account > Users page which shows your account name, associated privileges, username and products you've associated with your Barracuda Networks account. Any additional user accounts you add at a later time will be listed on this page.
  4. Click on the Appliance Control tab on the left side of the page.  This will bring you to Basic -> Device Management, under Appliance Control. You'll see a message indicating that no products have yet been connected.
  5. In another browser tab or window, log into your Email Security Gateway. From the product ADVANCED > Firmware Upgrade page, check to make sure you have the latest firmware installed. If not, download and install it now.
  6. From the ADVANCED > Cloud Control page, enter the username and password you created for your Barracuda Networks account. Click Yes for Connect to Barracuda Control Center to connect your Email Security Gateway to the Barracuda Cloud Control, and then click the Save Changes button. Note that your Email Security Gateway can connect with only one Barracuda Cloud Control account at a time.
  7. In the Barracuda Cloud Control window, refresh your browser page. You should see, in the Products column in the left side of the page, the Spam Firewall group with two components listed:
    • The Cloud Protection Layer component
    • All Email Security Gateways
  8. Click on the Cloud Protection Layer link and navigate to the DOMAINS > Domains page. For each domain for which you want the Cloud Protection Layer to filter email, do the following:
    • Enter one of the domains you have configured on the Email Security Gateway using the New Domain Name field on this page.
    • In the Destination Server field, enter the external facing IP address of your Email Security Gateway. This is typically, but not always, the IP Address from the BASIC > IP Configuration page. Important: If your Email Security Gateway is behind a firewall that is blocking the necessary ports or IP ranges, the Cloud Protection Layer will not be able to validate your domains.
    • Add the port of the destination server in the Dest. Port field and click Add Domain. Repeat this step for each domain.
    • To verify a domain MX records for the domain must be pointing to the physical BESG for domains they are trying to add to CPL. They will then be able to verify the domains on the CPL (the status of the domain in the table will change from Verify to Re-verify).
  9. Finally, change the MX Record of each domain in your DNS records you've added to that shown in the Required MX column of the Verified Domains table, and your Email Security Gateway IP address should now show in the Destination Server column.
  10. Optional: Configure the Cloud Protection Layer to spool (queue) email in the event of a network outage or anything else causing the destination server to be unreachable for a domain. To enable or disable spooling, click Edit in the Manage Domains table for a verified domain. In the popup, select On or Off for Email Spooling.

Allowing connections from the Barracuda IP ranges

  • When using the cloud protection layer all your incoming mail should come from our IP ranges. See the following webpage for the IP ranges in your region.
  • If desired you can restrict incoming mail to only these IP addresses which will prevent any spammers from sending mail directly to your Barracuda.

These steps completed, the CPL is configured and being utilized by senders to your domains.

If there are any problems or questions with any of these steps, please contact Barracuda Networks Technical Support.

Link to this page: