It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

Deploy as Remote Access Gateway

  • Last updated on

Deploy the Barracuda NextGen Firewall X-Series as a remote access gateway for VPN traffic. The Remote Access Gateway wizard takes you through the necessary steps to configure a client-to-site VPN and enable SSL VPN with support for CudaLaunch. A remote access premium subscription is required.


Before you begin

Make sure you have the following information on hand:

  • If you are using Active Directory as your method of authentication, you need to have the Active Directory configuration information.
  • The network that the client-to-site VPN clients will be assigned to (client network).
  • The networks that will be available to the client-to-site VPN clients (published networks).

Step 1. Complete the Remote Access Gateway wizard

This wizard allows you to configure the Barracuda X-Series Firewall as a remote access gateway that can work in conjunction with your existing firewall.

  1. To launch the wizard, go to Advanced > Wizards and click Start next to Remote Access Gateway.
  2. Enter the VPN IP address(es) for the VPN service. Click + after each entry.
  3. Click Next.
  4. Select the authentication Type for the VPN service. When choosing Local Authentication,
    • Enter Username and Password.
  5. When choosing Active Directory, specify the following settings:
    • Domain Controller Name – Enter the fully qualified name of the domain controller.
    • Domain Controller IP – Enter the IP address of the domain controller.
      When using SSL, the name should be used instead of the IP address.
    • Searching User – Enter the username of the MSAD searching user.
    • Searching User Password – Enter the password for the MSAD searching user.
    • Base DN – Enter the Distinguished Name (DN) at which to start the search in the LDAP database, specified as a sequence of Relative Distinguished Names, connected with commas, with or without blank spaces. Make the base DN as specific as possible in order to speed the lookup and avoid timeouts. For example, if your domain is, your search base DN might be as follows: DC=yourcompany, DC=com, OU=sales
    • Cache MSAD Groups – Enable caching of MSAD groups.
    • Offline Sync – Enable offline synchronization.
    • Use SSL – Select to use SSL for connections to the authentication server.
  6. Click Next.
  7. Configure the settings for client–to–site VPN:
    1. Enter a VPN Policy Name. This name is referred to as group name (iOS) or IPsec identifier (Android) on mobile VPN clients.
    2. In the Client Network field, enter an unused network in CIDR notation (e.g., IP addresses from this network will be assigned to connected VPN clients. Ensure that this network is not already defined on the NETWORK > IP Configuration page.
    3. Enter a Shared Key to authenticate the client.
    1. In the Published Networks field, enter all of the networks that the VPN clients will be able to access. Enter IP addresses and networks in CIDR format (X.X.X.X⁄X) and click + after each entry.
  8. Click Next.
  9. Configure the settings for SSL VPN:
    1. Enable CudaLaunch to give end users remote access to corporate resources.
    2. (optional) Customize the Welcome Message for the SSL VPN portal.
    3. (optional) Customize the Help Text to be displayed to the user. Only ASCII characters are allowed in the Welcome Message and Help Text fields.
  10. Click Next. The summary screen opens.
  11. (optional) Click Print.
  12. Review your configuration settings and click Apply Now.

Step 2. Configure administrator IP/range

If administrators always use the same IP range, you can restrict access to the web interface of the Barracuda Firewall by specifying a range of allowed IP addresses or networks to increase security.

 Misconfigurations of the administrator IP/range may cause the management web interface of the firewall to be unreachable. Contact Barracuda Networks Technical Support to recover connectivity.
  1. Go to BASIC > Administration.
  2. In the ADMINISTRATOR IP/RANGE section, enter the IP⁄Network Address and Netmask for the networks allowed to access the web interface. For a single IP address, set the Netmask field to
  3. Click Add.


Next Steps

Configure the SSL VPN resources: For more information, see SSL VPN.

Last updated on