When deploying Barracuda Firewall Insights, you must configure basic settings before the system can be used in production. Complete the steps below to make your Firewall Insights ready for production and to connect your first CloudGen Firewall devices.
Before You Begin
- Verify that you have completed all steps from Deployment.
- To get familiar with log retention periods, see Understanding Data Retention and Storage Capacity.
- Connect your network interface card again, or connect it to the correct network if it is a KVM Hypervisor.
- Verify that the following ports are not blocked by your CloudGen Firewall:
| Port | Direction | Protocol | Function |
|---|---|---|---|
| 2400 | In/Out | TCP | Authentication of devices |
| 8001 | In | TCP | Data streaming |
| 443 | In | TCP | Web UI – HTTPS |
| 22 | Out | TCP | Remote diagnostics and Technical Support services; see also Required Outbound Connections for Barracuda Networks Appliances. |
| 25 | In/Out | TCP | Email notifications and alerts – SMTP |
| 53 | Out | TCP/UDP | Domain Name Server (DNS) |
| 80 / 443 | Out | TCP | Firmware and Energize Updates (unless configured to use a proxy) |
| 123 | In/Out | UDP | Network Time Protocol (NTP) |
| 389 | In/Out | TCP | LDAP server port |
| 21 (Optional) | Out | TCP | Reports and data backups on FTP servers |
| 445 (Optional) | Out | TCP | Reports and data backups on SMB servers |
For general information on required outbound connections, see Required Outbound Connections for Barracuda Networks Appliances.
Step 1. Licensing
For Barracuda Firewall Insights you need:
- A license for Barracuda Firewall Insights
- A subscription for Barracuda Firewall Insights on every CloudGen Firewall you want to connect to your Firewall Insights
Enter a License Token for Barracuda Firewall Insights
- For Barracuda Firewall Insights you need a valid license token before you can continue.
- To enter the license token for Barracuda Firewall Insights, follow the instructions in How to Configure Network Settings and Licensing on First Boot.
- Open your web browser and enter
https://<ip address of Firewall Insights> - The license agreement is shown. Please read it.
- Scroll down. Type in your name, email address and company, and click Accept to finish.
- It may take some time until the process is finished. Afterwards, you can log into your Barracuda Firewall Insights again.
Step 2. Change Your Password
- Open your web browser and enter
https://<ip address of Firewall Insights> - Log in:
- Username:
admin Password: The numeric part of the Barracuda Firewall Insights serial. E.g., for BNG-1234567, enter
1234567.- Under New password, enter a password of your choice. The password must consist of at least 8 characters.
Re-enter the new password in the field below.
Click Sign in.
- Username:
- The Basic > General tab is displayed.
(Optional) To re-change your password in Firewall Insights later, go to Basic > Administration.
Step 3. Configure Email Notifications
- Go to Basic > Administration.
- Scroll down to the Email Notification section.
- Enter the configuration for the email address you want Firewall Insights to use to send email notifications from:
- SMTP Host – Enter the SMTP host of the email address.
- SMTP Port – Enter the SMTP port.
- Connection Security – Select your connection security from the drop-down menu.
- Username and Password – Provide username and password of the email account you want to use.
- System Alerts Email Address – Enter the email address that will receive Firewall Insights system alerts next to. If you enter more than one email address, separate them with a comma.
- From Email – Enter the email address that Firewall Insights sends its emails from.
- Test SMTP Configurations – To test your email configuration, enter an email address where you would like to send a test mail to next to and click Send Test Email.
Step 4. Provide Time and NTP Server Settings
- Go to Basic > Administration.
- In the Time section, select your time zone from the drop-down menu next to Time Zone.
- In the NTP Server section, you can choose to enable a sync with an NTP server you specify.
- To enable, click Yes next to Enable NTP Sync.
- Provide an NTP server IP address or hostname of an NTP server in the field next to NTP Servers.
- To disable, click No next to Enable NTP Sync.
- To enable, click Yes next to Enable NTP Sync.
Step 5. Configure the Web Interface Settings
- Go to Basic > Administration.
Specify the web interface settings for the web interface of your Barracuda Firewall Insights in the Web Interface Settings section.
Web Interface Certificate – Select either Default certificate or User-defined certificate.
If you select User-defined certificate, you can choose between:Single Certificate in PEM FILE – Upload the certificate file using the Browse button. Click the Upload button after you select your certificate file.
All other PEM Certificates – Upload the certificate file and the certificate key file using the Browse button. Provide the certificate password and click Upload.
PKCS12 Token – Upload the signed certificate file using the Browse button. Provide the certificate password and click Upload.
- Session Expiration Length – Time of inactivity, in minutes, before users are required to log on again to access the web interface.
Minimum value: 1 minute. Default setting: 20 minutes. Update Dashboard Every 30 Minutes – Select Yes to automatically refresh the dashboard so you can see the most recent information.
If you select Yes, as long as you leave the dashboard up as the active screen, you will not be logged out of the dashboard, and it will continue to display updated information every 30 minutes. When you switch to a different tab, if the Session Expiration Length is exceeded, you will be logged out.
If you select No, the Session Expiration Length will apply to the Dashboard along with the rest of the tabs.
Step 6. Configure a Log Retention Period and a Shared Secret
- Go to Basic > Administration.
- In the Connected Devices section, you can define a shared secret and a log retention period.
- Next to Log Retention Period, choose the log retention period from the drop-down menu. You can choose between 1, 2, 3, 6, 9, and 12 months. The default log retention period is 6 months.
- Next to Shared secret, enter the shared secret.
Step 7. Save the Configuration
- To save the configuration, click Save Changes in the upper-right corner.
- Some settings are mandatory before you can save the configuration. If one of these settings is not configured, you will receive a notification. Provide the missing settings and click Save Changes again to save the configuration.
Step 8. Connect CloudGen Firewall Devices
- Verify that the firmware of your CloudGen Firewall supports Firewall Insights. See Supported CloudGen Firewall Firmware.
Connect your CloudGen Firewall with Barracuda Firewall Insights following the steps in Barracuda Firewall Insights Integration.
- (optional) If your CloudGen Firewall is in a remote network, follow these steps: How to Stream Data to Firewall Insights via a Remote Management Tunnel.
- Open your web browser and enter
https://<ip address of Firewall Insights> - Navigate to the BASIC > Administration page, then scroll down to the Connected Devices section to confirm that the connection was successful. The devices connect automatically.
Further Information
- To create a snapshot, see Backing Up Your Virtual Machine System State.
- To create a configuration backup, see Backups.