This article covers the configuration for deploying a third-party firewall in SecureEdge using IPsec VPN. The Barracuda SecureEdge Manager now allows you to configure DNS Forwarding to DNS servers via an IPsec tunnel. DNS Forwarding is the process where specific DNS requests are forwarded to a designated DNS server for resolution. Using an Edge Service/Site, the Barracuda SecureEdge Agent connects to a DNS server via a third-party firewall and applies DNS Forwarding. However, depending on your requirements, you may need to add an additional network to the IPsec configuration for this setup to work.
This documentation covers the following use cases:
Private Edge Service / Site
Select the Edge Service as either a Private Edge Service or a Site in the setup. In this case, you must configure DNS Forwarding in the SecureEdge Manager via Infrastructure > Settings, and you must configure IPsec tunnels that include a subnet containing the DNS server.
For more information on forwarded domains, see How to Configure Forwarded Domains.
IPsec via BGP
Configure DNS forwarding using BGP over IPsec VPN. If your tunnel setup is using BGP, it will work for any point of entry, in other words, all Sites and Edge Services.
Static IPsec
If you want to configure static IPsec networks, you must do the following:
Add
10.13.0.4/32
as an additional local network from your corresponding Edge Service orLook up the VNET you have configured for your virtual hub if you are using an Edge Service for Virtual WAN.
Further Information
For more information, see How to Configure a Site-to-Site IPsec IKEv2 VPN Tunnel on SecureEdge Using Dynamic Routing (BGP).