It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SecureEdge

Implementation Guide - Third-Party Firewall in SecureEdge via IPsec Tunnels

  • Last updated on

This article covers the configuration for deploying a third-party firewall in SecureEdge using IPsec VPN. The Barracuda SecureEdge Manager now allows you to configure DNS Forwarding to DNS servers via an IPsec tunnel. DNS Forwarding is the process where specific DNS requests are forwarded to a designated DNS server for resolution. Using an Edge Service/Site, the Barracuda SecureEdge Agent connects to a DNS server via a third-party firewall and applies DNS Forwarding. However, depending on your requirements, you may need to add an additional network to the IPsec configuration for this setup to work. 

This documentation covers the following use cases:

Private Edge Service / Site 

Select the Edge Service as either a Private Edge Service or a Site in the setup. In this case, you must configure DNS Forwarding in the SecureEdge Manager via Infrastructure > Settings, and you must configure IPsec tunnels that include a subnet containing the DNS server.
se_agent_ipsec_dns.png 
For more information on forwarded domains, see How to Configure Forwarded Domains.

IPsec via BGP

Configure DNS forwarding using BGP over IPsec VPN. If your tunnel setup is using BGP, it will work for any point of entry, in other words, all Sites and Edge Services.se_agent_ipsec_vwan.png

Static IPsec

If you want to configure static IPsec networks, you must do the following:

  • Add 10.13.0.4/32 as an additional local network from your corresponding Edge Service or

  • Look up the VNET you have configured for your virtual hub if you are using an Edge Service for Virtual WAN.

    se_agent_ipsec_site-01.png

This is the main approach for users who want to integrate third-party firewalls with their infrastructure or resources behind them with SecureEdge.

Further Information

For more information, see How to Configure a Site-to-Site IPsec IKEv2 VPN Tunnel on SecureEdge Using Dynamic Routing (BGP).