How to Configure SecureEdge Access

Barracuda SecureEdge Access allows administrators to configure custom client networks with respect to each point of entry. The Barracuda SecureEdge Agent running on the client connects to the SecureEdge unified cloud UI. You can select an Azure AD Tenant ID and sync with Zero Trust access. In addition, you can enforce agent web filtering policies to the web traffic that the clients connect to via the SecureEdge Agent in order to establish a secure connection to access internal and external company resources. Barracuda SecureEdge Access brings Zero Trust access service to your endpoint with a quick and easy configuration.

Before You Begin

• If you want to use your Azure Active Directory users and groups for User Connectivity, Site Authentication, and Security Policies, you must first connect your Azure Active Directory with Barracuda Cloud Control in order to synchronize users and groups. For more information, see How to Connect Your Azure Active Directory with Barracuda Cloud Control.

Create SecureEdge Access

1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
2. In the left menu, click the Tenants/Workspaces icon.
3. From the drop-down menu, select the workspace your SecureEdge Access should be configured for.
4. In the left menu, click the Access icon, and select Settings.
   
5. The Settings page opens. Specify values for the following:
   • Azure AD Tenant ID – From the drop-down menu, select the Azure Tenant ID you want to sync with the Zero Trust access service.
   • Agent Web Filtering – Select an agent web filtering option from the drop-down menu. You can choose enforce or disable.
   • DNS Suffix – Enter a DNS suffix to be used for your client network. Make sure to set the correct DNS suffix, for example: bma.tym.cudaops.com
   • In the ACCESS AGENT NETWORK CONFIGURATION, specify values for the following:
     • Client Network – Enter the network used for the clients. Defining a custom client network is mandatory. With the client network default value 100.0.0.0/8, routing will not work and the SecureEdge Agent will not connect to any resources that are not directly connected to it. You can optionally configure the client network as a private IP.

     • Pool Bitmask – Enter the bitmask of the network pool to allocate each agent access point.  

       It is not mandatory to change the default values for the custom client network range and pool size. Note, however, that if you configured a custom range and pool size, you are not allowed to go back to the default value. 

       

6. Click Save.
7. To assure parallel operations with CloudGen Firewall client-to-site and SecureEdge Agent Access, click Download certificate.
   
8. Install this root certificate in all your clients.