It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Create Interface Groups

  • Last updated on

In a firewall rule, the interface group specifies the interface that the source address is allowed to use. When you create firewall rules, you can use the predefined groups, or if you want to reference custom interfaces that are not in the default list, you can create custom interface groups. 

Predefined Interface Groups

The following table describes the predefined interface groups:

Interface Group
Description
MatchingEnsures that arriving packets are processed through the same interface that is used to forward the corresponding reply packets. The source and destination addresses are the same. This method helps prevent a network attack in which an attacker might try using internal addresses from outside the internal network (IP spoofing).
AnyUses the first interface matching the request, according to the routing table. The packet source is not verified. Reply packets might be forwarded through another interface, if another interface that is capable of doing so is available. In very special configurations, checking the physical source of packets cannot be required. For security reasons, this option should only be used in very limited situations.
DSL/DHCPExplicitly restricts rule processing to the specified dynamic network interface (if installed and configured).
WIFI/WIFI2/WIFI3Explicitly restricts rule processing to the specified Wi-Fi network interface (if installed and configured).
VPNClientsExplicitly restricts rule processing to the specified virtual network interface of a VPN client (if installed and configured).
3GExplicitly restricts rule processing to the specified 3G network interface (if installed and configured).

Create an Interface Group 

To create a custom interface group: 

  1. Go to the NETWORK > Interface Groups page.
  2. In the Interface Group Configuration section, click Add Interface Group
  3. Enter a Name for the new interface group.
  4. From the Interfaces drop down list, select the interfaces you want to include and add them by clicking + after each entry.

  5. Click Save

The custom interface group appears in the Interface Group Configuration section.

Edit a Custom Interface Group 

To edit a custom interface group: 

  1. Go to the NETWORK > Interface Groups page.
  2. In the Interface Group Configuration section, click the edit symbol for the group that you want to edit.
  3. In the Edit Interface Group window, edit the settings for the interface group.
  4. Click Save.

Delete a Custom Interface Group 

To delete a custom interface group:

  1. Go to the NETWORK > Interface Groups page.
  2. In the Interface Group Configuration section, click the trash can icon for the group that you want to delete.
  3. Click OK to delete the custom interface group.