We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X


This Product is Going End-of-Life and End-Of-Support

End-Of-Sales: As of December 1st, 2018, all new sales for Barracuda NextGen Firewall X Series products have ceased. Only renewals of software and hardware subscriptions for a maximum of one year are available for a limited time up to an expiration date of 30th November 2020.

End-Of-Life and End-Of-Support on December 1st 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires, or until Dec 1st, 2020, whichever occurs first. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

Example - Configuring a DNAT Access Rule

  • Last updated on

To reach services running on servers in the DMZ behind the firewall, configure a Destination NAT (DNAT) rule to forward the traffic arriving on the WAN port to the correct server and port in the DMZ.



Watch the video below to see an example DNAT access rule configured on the Barracuda NextGen Firewall X-Series:

Before you Begin

  • Create a new network object containing the IP addresses of all web servers you want to redirect traffic to. If you want to redirect to a different port, you cannot use network objects.
  • Create a network object containing your public IP address. For this example, our public IP address is
  • Verify that there is no local firewall service listening on that IP address. To forward IPsec traffic, go to VPN > Settings and set Use Dynamic IPs to No.

Step 1. Configure a DNAT Access Rule

This example creates a DNAT access rule that allows HTTP traffic from the Internet to the web server residing in the DMZ.

  1. Go to the FIREWALL > Firewall Rules page.
  2. Click Add Access Rule to create a new access rule.
  3. In the Add Access Rule window, enter a name and description for the rule.
  4. Specify the following settings:

    ActionConnectionSourceNetwork ServicesDestinationRedirect
    DNATNo SNATInternetHTTP+SEither or the WAN-ISP1 Network Object

     network object containing one or more IP addresses
    IP address:port

    To enter a combination of address:port, paste it from the clipboard
    into the edit field.


  5. Click Save.

Step 2. (optional) Load Balancing Additional Web Servers in the DMZ

To redirect to more than one web server in cycle (round robin) or fallback mode, you can either add additional IP addressees to the network object, or enter additional IP addresses to the Redirect  list. In fallback mode, all traffic is sent to the first IP address in the list (or network object). If that IP address is no longer reachable, traffic is sent to the second, and so forth. In cycle mode, the traffic is distributed to all IP addresses in the Redirect list based on the source IP address of the traffic. In this example, we used a network object containing 2 IP addresses ( and and left the original IP address on port 8080 from step 2. HTTP and HTTPS traffic is now cycled between:

  • port 80 or 443 as the chosen network services HTTP+S allows for those ports
  • port 80 or 443 as the chosen network services HTTP+S allows for those ports 


Step 3. Verify the Order of the Access Rules

New rules are created at the bottom of the firewall ruleset. Rules are processed from top to bottom in the ruleset. Drag your access rule to a slot in the rule list, so that no access rules before it matches this traffic. Verify that your rules are placed above the BLOCKALL rule. Otherwise, the rule never matches.

After adjusting the order of the rules in the ruleset, click Save.

Last updated on