We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How do I configure NAT rules on my Barracuda Web Application Firewall to allow back end servers to access the internet?

  • Type: Knowledgebase
  • Date changed: 6 months ago

Solution #00004061

Scope:
All Barracuda Web Application Firewalls, all firmware versions

Answer:
When the Barracuda Web Application Firewall is deployed in Full Reverse Proxy Mode, all traffic originating from the LAN to the WAN is denied by default. NAT rules must be configured to map internal source IP addresses to routable IP addresses. Additionally, ACL rules are required to allow traffic requests to be sent out to the internet. 


NAT and ACL rules are configured from the Advanced > Network Firewall page on the Barracuda Web Application Firewall. 

Source Network Address Translation

  • Pre SNAT Source - Specify the IP Address of your backend web server that needs to be translated.
  • Pre SNAT Source Mask - Specify the associated network mask for the source IP Address.
  • Protocol - Select TCP/UDP as the communication protocol to be used between the hosts.
  • Destination Port - Specify the destination source port number the server will connected on.
  • Outgoing Interface - Select WAN as the outgoing interface that the traffic will pass through.
  • Post SNAT Source - Specify the IP Address where your web server IP Address should be mapped to access the internet.

    If the Post SNAT Source is different from the WAN IP of the Barracuda Web Application Firewall you will have to add the new IP address 
    to the Advanced > Advanced IP page in the Multiple IP Address Configuration section to bind it to the WAN interface.   
Network ACLs
  • From Address - Specify the source IP Address of the traffic.
  • From Netmask - Specify the associated network mask for the source IP Address.
  • Interface - Select LAN as the incoming connection that traffic will pass through.
    If your Web Application Firewall is deployed in Single Arm mode, you will need to specify the proper interface that is connected to the network.
  • Protocol - Select TCP/UDP as the communication protocol to be used between the hosts.
  • Service Ports - Specify the destination source port number the server will connected on.
  • To Address - Specify the destination IP Address of your traffic.
  • To Netmask - Specify the associated network mask of the destination IP Address.
  • Action - Select Allow as the action to be performed when traffic matches the specified criteria.
Link to This Page:
www.barracuda.com/kb?id=50160000000HelP