It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

Example - Creating Time-Based Access Rules

  • Last updated on

With the Barracuda NextGen Firewall X-Series, you can configure access rules that are only active for specific times or dates. Create a time object for the times that the access rule should be active. Then apply this time object to the access rule.

This article provides an example of how to configure a access rule that blocks Internet (HTTP and HTTPS) access for two trainees from Monday to Friday, except during the hours of 11:00 AM to 01:00 PM. The two trainees reside in the 192.168.200.0/24 network segment and use computers with the 192.168.200.100 and 192.168.200.101 IP addresses.

Step 1. Create a Time Object

This example configures a time object named TraineeOfficeHours that includes all office hours except lunch time from 12am to 1pm.

  1. Go to the FIREWALL > Time Objects page.
  2. In the Time Objects section, click Add Time Object.
  3. In the Name field, enter TraineeOfficeHours.
  4. To terminate existing sessions when the access rule is applied, set Terminate Existing Sessions to Yes.
  5. To define a date range for this time object, select the Use Date Range check box.
  6. In the time table of the configuration window, select all days and times when the access rule should be active.
    time_object1_67_01.png
  7. Click Add to create the time object.

Step 2. Create an Access Rule using the Time Object

This example configures an access rule named Block-HTTPs-for-Trainees that blocks HTTP and HTTPS network traffic from the 192.168.200.100 and 192.168.200.101 IP addresses.

  1. Go to the FIREWALL > access rules page.
  2. Click Add Access Rule to create a new access rule. The Add Access Rule window opens.
  3. Enter a name and description for the rule.
  4. Specify the following settings:

    Name
    Action
    Connection
    Service
    Source
    Destination
    Block-HTTPS-for-TraineesBlockDefault (SNAT)HTTP+S
    • 192.168.200.100
    • 192.168.200.101
    Internet

    Because all other clients in the 192.168.200.0/24 network should not be affected by this rule, the source network is limited to the 192.168.200.100 and 192.168.200.101 IP addresses.
    time_object1_67_02.png

  5. Click the ADVANCED tab.
  6. From the APPLY ONLY DURING THIS TIME list, select the time object that you created. For this example, select the TraineeOfficeHours object.
    time_object1_67_03.png
  7. At the top of the window, click Save.

Step 3. Verify the Order of the Access Rules

Access rules are processed from top to bottom. Place your access rule before any other access rule that matches the same traffic. For this example, place your time-based block rule before any rule that allows Internet access. Click Save to save the changes to the order of the access rules.