We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

How can I restrict access on my Barracuda SSL VPN based on OUs and Authentication Schemes?

  • Type: Knowledgebase
  • Date changed: 8 years ago
Solution #00005516

Scope:
This solution applies to all Barracuda SSL VPN firmware 1.7.2.010 and newer.

Answer:

Configure OU Filters:

The OU Filters should be used to specify the Organizational Units (OUs) that you want to be included or excluded in the group/user cache that gets imported into the Barracuda SSL VPN.

You can use this feature to limit how many users or groups that you want the SSL VPN to cache for logon purposes.

  1. Navigate to Access Control > User Databases > Edit database.
  2. Go to the OU Filter section for a list of the Available OUs. Here you can Include and Exclude OUs.
  3. Include the OU where the Security Group lives.
  4. Exclude the rest if needed.
  5. Save Changes.
  6. Verify this has synced up correctly by going to Access Control > Accounts and make sure all Users are there.
  7. Go to the Access Control > Groups and verify that the Security Group VPN is there.
  8. Click Edit and confirm that you can see the users in the Security Group.
Change Policies:
  1. Create a Policy under Access Control> Policies.
  2. Label it something relevant and include the Security Group VPN for this Policy. By doing this, we can basically eliminate the "Everyone" Policy.
    You now have a VPN Policy.
  3. Go to Access Control > Authentication Schemes > Edit.
  4. Edit the existing Password scheme (assuming you don't have any other Auth scheme as primary).
  5. Remove the "Everyone" policy.
  6. Add the new VPN Policy and Save.
This will now only allow Users that are part of the Security Group to Authenticate to the device. It will also continue to sync with your AD as changes are made with Add and Removes and replicate/sync with the SSL VPN.

Link to this page:
https://campus.barracuda.com/solution/50160000000IRIcAAO