This solution applies to all Barracuda SSL VPN units, all firmware versions.
The Server Agent allows the SSL VPN to contact other networks that have a Server Agent Client installed. This allows resources to pull in addresses and hostnames from the other networks. Users will be able to access resources in other networks within their own network’s SSL VPN.
- A Server Agent’s purpose is to redirect traffic securely to a target
host, normally in a completely different network which the Barracuda SSL
VPN may not be able to access directly. The server agent acts as a
proxy directing traffic from the SSL VPN to a system on the remote
network. The super user is then able to configure an environment where
there is no direct connection to the end host.
- For example, a Server Agent can be installed on a remote network and connect back to the SSL VPN using the standard HTTPS port. With the configuration of routes, an SSL VPN super user can then setup resources that access services on the remote network without the need to open up a single port on the firewall protecting the remote network.
- The server agent is a small Java client that is installed on a machine in the target network. Once installed, the server agent registers itself with the SSL VPN instance and then sits idle. It is only when the SSL VPN requires its assistance does the client wake and begin performing its tasks.
- There are two methods of maintaining this connection between Agent and Server. The SSL VPN can initiate and hold the connection, which would require ports to be forwarded in the remote network, or the Agent itself can initiate the connection, which means that as long as port 443 is allowed outbound, then no ports have to be forwarded in the remote network.
- The Server Agent Client is only available for Windows (exe download) and Linux (RPM and SH downloads) systems. The clients can be downloaded from the SSL VPN web interface under Advanced > Server Agents. Download the client you require for the system that will act as the node, extract the installation program from the zip file, and launch the installer (Windows 7 Users--Please see Additional Notes). Proceed through the installer until you reach Server Agent Properties. The connection details of the SSL VPN and the Server Agent Client will need to be entered.
- Host – This is the hostname of the SSL VPN server, this needs to be provided in the form of hostname.domain.com
- Port – This is the port that the SSL VPN is accepting connections on (default 443)
- Authentication Method – This will set the method of authentication the client will use to confirm that it is connecting to the correct SSL VPN. Certificate authentication requires a certificate created on the SSL VPN for the purpose of Server Agent authentication. Password authentication uses the username and password of any user that is able to authenticate into the SSL VPN.
- Username – This field is only enabled when using Password authentication, enter the username being used to authenticate the client here.
- Certificate – This field is only enabled when using Certificate authentication, use the browse button on the right of the field to locate the certificate that will be used for authentication.
- Enter Password and Confirm Password – Enter the password for either the certificate or username being used for authentication and confirm
If you use a proxy in your network that the client will need to pass through in order to connect to the SSL VPN then enable the option and enter the details for the proxy.
Once all required details have been set, continue the installation process. When this is complete, the files for the client will be installed to the system. A service for the secure node will have been installed onto the system; the service can be started using the standard service start method for your operating system.
Return to the SSL VPN and refresh the Server Agents page. The new client will be detected and displayed in the Agents section. At first, this will be disabled and will require Authorizing. Select the More.. menu and select the Authorize option from the menu, the new Server Agent will now be enabled and operational.
With the Server Agent now contacting the SSL VPN, a route needs to be created that will be used to direct resources that require access to the new network. Using the Create Route option, specify the details for the Route.
- Name – An identifying name for the Route.
- Host Pattern – The Host Pattern specifies the hostnames or IP addresses in resources that the Route will redirect to the Server Agent (Supports Wildcards).
- Port Pattern – The Port Pattern specifies the ports in resources that the Route will redirect to the Server Agent (Supports Wildcards).
- Server Agent – A Dropdown box that allows you to specify which Server Agent the Route works with, anything the Route finds that matches the host and port patterns is redirected to this Server Agent.
An example of a Route that redirected any resource matching a DNS hostname containing barracuda.com on any port would be:
Host Pattern – *.barracuda.com
Port Pattern – *
Server Agent – node.barracuda.com
Any resource that has a host and port that matches those in the host and port patterns for a Route will be redirected to the Server Agent that the Route manages.
When installing the Server Agent Client onto a Windows 7 system the installation and configuration must be launched by a system administrator (or use Run as Administrator). The installation process will not start if this is not the case, however the configuration application can be launched by any user, but any configuration changes that are made will not be saved to the actual client confinfiguration connecting to the SSL VPN server.
Link to this page: