We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

What steps should I take to install and configure my new Barracuda SSL VPN?

  • Type: Knowledgebase
  • Date changed: 7 years ago
Solution #00003984

Scope:
All Barracuda SSL VPNs, all firmware versions.

Answer:
To install and configure the SSL VPN, follow the below steps and instructions. In addition to the below steps, you will need to configure your firewall rules to expose access to your Barracuda SSL VPN on ports 80 and 443 (for a typical installation).

Step 1: Prepare for installation

Before installing your Barracuda SSL VPN, verify that you have the necessary equipment:
  • Barracuda SSL VPN
  • AC Power cord
  • Ethernet cables
  • Mounting rails and screws
  • VGA monitor
  • PS2 Keyboard
Step 2: Physically connect to the Barracuda SSL VPN

1. Connect a standard VGA monitor, PS2 keyboard, and AC power cord to the Barracuda SSL VPN.
2. Press the blue power button located on the front panel to turn the unit on. Once booted, the device will display the administrative console login prompt.

Step 3: Configure the unit's network settings

Configure the unit to use a static IP address on the same subnet as the client machine you will be using for configuration.

1. On the administrative console displayed on the attached monitor, at the login prompt, enter admin for the login and admin for the password.
2. Configure the LAN adapter so that the Barracuda SSL VPN can be accessed from the computer you will use for configuration. Enter the IP Address, Netmask, Primary DNS Server and Secondary DNS Server as appropriate for your local area network.  Save your changes and exit
3. Connect an Ethernet cable from your LAN to the LAN port on the back panel of the Barracuda SSL VPN.

Step 4: Log into the Barracuda SSL VPN web interface and set the Fully Qualified Domain Name for the device

To log into the appliance-side web interface using a computer that is connected to the same subnet as the SSL VPN's LAN adapter:

1. Open a web browser, enter the LAN IP address of the Barracuda SSL VPN followed by a colon and 8000, the default Web interface HTTP port.
        ex: http://192.168.200.200:8000
2. To log into the administration interface, enter admin for the username and admin for the password.
3. Navigate to Basic > IP Configuration.
4. Set the Default Hostname field to the hostname of your Barracuda SSL VPN.
5. Set the Default Domain to your domain, formatted yourdomain.com.

Step 5: Set a new administrative password

For security reasons, you should change the administrative password to the appliance side of the unit. This can be done by navigating to Basic > Administration and locating the Password Change header. Enter in the old password, and then enter in the new password twice for confirmation and click Save Password to change the administrative password.

Step 6: Set the time zone

On the Basic > Administration page, find the header entitled Time. From the Time Zone drop down menu choose the appropriate time zone and click the Save Changes button. You will be asked to reboot your Barracuda SSL VPN.

Step 7: Restrict the Administrator IP/Range

In order to enhance security on your network, you should implement IP based restrictions on which clients are allowed to access the administrative appliance web interface. If no administrative IP addresses or networks are specified, then access as "admin" will be allowed from all systems.

1. On the Basic > Administration page, locate the Administrator IP/Range header.
2. You can provide a range of IP addresses, or you can provide one or more specific IP addresses. Enter a netmask of "255.255.255.255" to specify an individual IP (instead of an entire network). Click the Add button to add the restriction.
3. To provide multiple IPs/ranges, click on the Bulk Edit button to enter in multiple IPs/ranges separated by line breaks.

For more information on IP restrictions, please refer to Solution #00003731.

Step 8: Set system contact email addresses

1. On the Basic > Administration page, locate the Email Notifications header.
2.  Enter in one or more email addresses to the relevant fields. The fields are described below. If more than one email addresses are entered, separate the email addresses by commas.
  • System Alerts Email Address - Recipients of automated alerts from the Barracuda SSL VPN.
  • System Contact Email Address - Recipients of communications from Barracuda Central.
3. Click the Save Changes button.

Step 9: Upload SSL certificate

Your Barracuda SSL VPN comes with a default private certificate, but in most cases Barracuda Networks recommends obtaining a Certificate Authority (CA) signed SSL certificate to upload to your device. Having a signed certificate will enhance network security and prevent users from encountering security exception warnings in their browsers. If, however, you do not wish to purchase a CA signed certificate, there is a Private Root Certificate available for download that you can import into users' browsers to avoid security exception warnings. To use a CA signed trusted certificate, follow the below instructions:

1. Navigate to Basic > SSL Certificate.
2. Under the header Certificate Generation, fill in the following fields:
  • Common Name is the fully qualified domain name that is used to access the Barracuda SSL VPN's Web interface. For example: "barracuda.domain.com".
  • Country Code is the two-letter country code of the location of the organization.
  • State or Province is the full name of the state or province of the location of the organization.
  • Locality is the name of the city, or location, that the organization is located.
  • Organization Name is the legal name of the company or organization.
  • Organization Unit Name is an optional field to specify a department or section within an organization.
3. Once all the information has been entered, click the Download button next to the line Download Certificate Signing Request (CSR).
4. Once you have downloaded the CSR, click the Download button next to the line Download Private Key. A copy of the private key used for the CSR can be downloaded. The certificate authority where you purchased your certificate might request it. It is available only after a CSR has been downloaded.
5. After using the CSR and the Private Key to obtain a CA signed trusted certificate, fill out the Trusted Certificate section in Basic > SSL Certificate. The fields are as follows:
  • Signed Certificate - Use this box to upload the certificate (in PEM/Apache or PKCS12 format) that you received from your certificate authority.
  • Certificate Chain Bundle - Use this box to upload the certificate "bundle" that you received from your certificate authority (CA) that links the CA with a trusted root. Not every CA requires a bundle -- contact your CA if you are unsure about whether a bundle is needed or not.
  • Certificate Password - The password associated with the certificate. This is absolutely required for PKCS12 certificates and must match the password used to create the certificate. Not used for PEM-format certificates.
  • Private Key - Use this box to upload the Private Key associated with a PEM-format certificate. Not used for PKCS12 certificates.
6. Click Upload Certificate Information to upload and commit your trusted certificate.

Step 10: Configure the user database(s)

Your Barracuda SSL VPN can maintain its own internal user database, or it can synchronize with any of the following directory services:
  • Active Directory
  • LDAP
  • NIS
  • OpenLDAP
To configure your user database, follow the below instructions:

1. Open a browser and navigate to the SSL VPN web interface of your Barracuda SSL VPN on http port 80 or https port 443.
2. Go to Access Control > User Databases. Click on Create User Database.
You can either edit the existing Default database (preferred) by selecting the Edit option next to it or you can create a new database using the quick create section.
3. Click on the relevant database type tab at the top of the screen - Active Directory, Built-in, LDAP, NIS, or OpenLDAP.
4. Provide a Name and a Description. You can optionally provide a User Database Host. A User Database Host entry is not required but may be used in more complex deployments.
5. Fill out the rest of the fields as appropriate for your directory server.
6. Once you have finished entering the information, click on the Test button at the bottom of the page to test if the configuration works as expected. If there are errors, it will provide informative feedback at the top of the page which is useful in debugging any problems. Once the configuration is confirmed to work, click on Save.

Now that the database has been configured, the next step is to create one or more policies to govern the allocation of resources to users and groups.

Step 11: Creating policies

Permission to access resources are given via policies, which in turn contain lists of users or groups (also referred to as principles). A policy is the glue by which all resources within SSL VPN can cohesively work together. All resources must be attached to a policy; furthermore, in order for a user to access a particular resource, their user account or group must also be attached to the same Policy. A user or group can be members of multiple policies, and resources can be attached to multiple policies. This way, it is possible to easily set up a powerful set of permissions for all users of the system.

1. Navigate to Access Control > Policies. Under the Create Policy header, provide the following information:
  • A unique Name for the policy.
  • Any individual Accounts that are to be designated as members of this policy.
  • Any Groups that are to be designated as members of this policy.
2. Click Add. You may now attach resources to this policy to enable the member users and group access to those resources.
3. Repeat the above steps until you have a set of access policies that reflects how you wish to adjudicate resource allocation.

Once you have finished creating policies, the next step is to create resources and allocate them to the policies you just created.

Step 12: Creating resources

Resources are the main entities an end user will want to access once connected to the Barracuda SSL VPN. Within the Barracuda SSL VPN, a resource is defined as an application, utility, data source, or any other privileged data source or interface that when assigned will allow the user to conduct certain tasks. This could be something as simple as a user accessing their email client to read their mail. In this case, the resource would be the email. Similarly, an intranet website would also be classified as a resource – just as a network share would be.

The following types of resources are available on your Barracuda SSL VPN. For a detailed description of the configuration of a given resource type, click the associated solution link:
Where to go from here?
You should now have a fully-functioning Barracuda SSL VPN setup and installed in your network. However, there are many other features that you can explore. Please refer to the below solutions for more information on other, more advanced features offered by the Barracuda SSL VPN:
Link to This Page:
https://campus.barracuda.com/solution/50160000000HaeqAAC