1. Manuals
  2. Brands
  3. Barracuda Networks Manuals
  4. Software
  5. SSL VPN
  6. Administrator's manual

Barracuda Networks SSL VPN Administrator's Manual

Hide thumbs Also See for SSL VPN:
Table of Contents

Advertisement

Quick Links

Download this manual
B a r r a c u d a S S L V P N A d m i n i s t r a t o r ' s G u i d e
V e r s i o n 1 . 5 . x
Barracuda Networks Inc.
3175 S. Winchester Blvd.
Campbell, CA 95008
http://www.barracuda.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SSL VPN and is the answer not in the manual?

Questions and answers

Related Manuals for Barracuda Networks SSL VPN

Summary of Contents for Barracuda Networks SSL VPN

  • Page 1 B a r r a c u d a S S L V P N A d m i n i s t r a t o r ’ s G u i d e V e r s i o n 1 . 5 . x Barracuda Networks Inc. 3175 S. Winchester Blvd.
  • Page 2 All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice. Trademarks Barracuda SSL VPN is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders.

  • Page 3: Table Of Contents

    Other Deployments ....... 16 SSL VPN Concepts ....... . . 17 Security Policy and Resource Management .
  • Page 4 Enabling SSL for Administrators and Users....29 SSL VPN Settings ....... . . 30 User Databases .
  • Page 5 C h a p t e r 9 – A g e n ts o f t h e B a r r a c u d a S S L V P N ..7 7 The Barracuda SSL VPN Agent ......78 Communication with Browser .
  • Page 6 Backing up and Restoring Your System Configuration ... . 100 Updating the Firmware of Your Barracuda SSL VPN ... . . 100 Updating the Definitions from Energize Updates .

  • Page 7: Chapter 9 - A G E N Ts O F T H E B A R R A C U D A S S L V P

    Notice for Europe (CE Mark) ......106 A p p e n d i x B – R e g u l a r E x p r e s s i o n s ....1 0 7 Using Special Characters in Expressions .
  • Page 8 Barracuda SSL VPN Administrator’s Guide...

  • Page 9: Chapter 3 - G E T T I N G Sta R T E

    Chapter 1 Introduction This chapter provides an overview of the Barracuda SSL VPN and includes the following topics: Overview .................... 10 Features of the Barracuda SSL VPN ..........11 Introduction 9...

  • Page 10: Overview

    Overview The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any Web browser. Designed for remote employees and road warriors, the Barracuda SSL VPN provides comprehensive control over file systems and Web-based applications requiring external access. The Barracuda SSL VPN integrates with third-party authentication mechanisms to control user access levels and provide single sign-on.

  • Page 11: Features Of The Barracuda Ssl Vpn

    Intranet Web Forwarding The Barracuda SSL VPN acts as a Web proxy for most intranet Web sites. There are a number of methods available to proxy intranet Web sites. The choice is determined by the complexity of the Web site.

  • Page 12: Hardware Token Authentication

    Web portal interface. Auditing and Reporting All resource access via the Barracuda SSL VPN is audited. Reports are available in real time showing a comprehensive look at privilege usage, failed logins, file and intranet use. Additionally, the status page provides statistics showing system use and performance.
  • Page 13 Chapter 2 VPN Concepts This chapter provides an overview of the Barracuda SSL VPN and includes the following topics: Basic Terminology ................14 Barracuda SSL VPN Configurations ..........15 SSL VPN Concepts................17 VPN Concepts 13...

  • Page 14: Basic Terminology

    Basic Terminology The following is a list of some of the terms used by the Barracuda SSL VPN. Understanding these particular terms will aid in administering your Barracuda SSL VPN. Table 2.1: Basic terminology Term Description Policy A collection of user groups and/or individual user accounts that are to be granted the same access privileges to a network resource.

  • Page 15: Barracuda Ssl Vpn Configurations

    Added layer of security, but will require additional firewall rules (inside a DMZ) configured on both sets of corporate firewalls. For specific information on the steps required to add new messages to the Barracuda SSL VPN, see Basic Terminology on page 14. VPN Concepts 15...

  • Page 16: Typical Deployment

    Barracuda SSL VPN. Other Deployments If you have a DMZ in your network, then the Barracuda SSL VPN can be placed behind the external network firewall but in front of the internal one. This allows secure access to be made through the external firewall to the Barracuda SSL VPN over port 443, but any access to resources on the trusted network will require another port to be opened on the internal firewall.

  • Page 17: Ssl Vpn Concepts

    This section is intended to give the reader an overview of how this is achieved within the SSL VPN and to introduce the terminology used; each of the specific areas is discussed in more detail in later chapters.

  • Page 18: Organizational Control

    In many cases it is likely that a repository of user information exists already, e.g. Active Directory or LDAP. Within the SSL VPN it is possible to create a User Database to an existing repository and then use the Accounts and Groups defined within it when creating and assigning Resources and Policies.

  • Page 19: Getting Started

    Chapter 3 Getting Started There are several distinct steps to installing your Barracuda SSL VPN into your network. First is the physical installation and accompanying network configurations that must be done to integrate the physical hardware into your corporate network. This is followed by the configuration of the...

  • Page 20: Initial Setup

    • VGA monitor • PS2 keyboard After you connect the AC power cord, the Barracuda SSL VPN may power on for a few seconds and then power off. This behavior is normal. Press the Power button located on the front of the unit.

  • Page 21: Configure Ip Address And Network Settings

    The new IP address and network settings are applied to your Barracuda SSL VPN. Configure Your Corporate Firewall If your Barracuda SSL VPN is located behind a corporate firewall, refer to Table 3.1 for the ports that need to be opened on your corporate firewall to allow communication between the Barracuda SSL VPN, your email server, and the Internet.

  • Page 22: Configure Administrative Settings

    The ports specified as the administration interface ports (8000/8443or any other ports you choose) must be configured on your corporate firewall to allow traffic to the Barracuda SSL VPN only if you wish to allow administration of the Barracuda SSL VPN from the Internet.

  • Page 23: Activate Your Subscriptions

    After installation, your Energize Updates and other optional subscriptions must be activated for the Barracuda SSL VPN to be fully enabled, and continue to receive the latest updates to all virus, policy, and document definitions from Barracuda Central. The Energize Updates service is responsible for downloading these updates to your Barracuda SSL VPN.

  • Page 24: Update The Barracuda Ssl Vpn Firmware

    Activate page opens to display the terms of your subscription. If your Barracuda SSL VPN is not able to communicate directly to Barracuda Central servers, then an Activation Code will be displayed as well which you will need to enter in the next step.

  • Page 25: Route Incoming Connections To The Barracuda Ssl Vpn

    Web interface. The minimum required Administrative configurations would have already been done as a part of integrating the Barracuda SSL VPN into your network, but there are a few additional steps that are highly recommended. The SSL VPN Management configurations, however, will need to be done in order for any users to access your protected resources.

  • Page 26: The Barracuda Ssl Vpn Administrator Accounts

    BASIC > Administration The ssladmin user The ssladmin account is used to log in from the users’ Web interface of the Barracuda SSL VPN, located by default at port 80/443. This “SSL VPN administrator” account manages all user access to the Barracuda SSL VPN, and defines all other usage parameters such as network and resource availability, user controls and IP address limitations.
  • Page 27 Chapter 4 Configuration Settings This chapter outlines the various options available for configuration from both the Administrative and SSL VPN Management interfaces: Administrative Settings ..............28 SSL VPN Settings................30 Additional Configuration Items ............33 Configuration Settings 27...

  • Page 28: Administrative Settings

    Change the ports that the admin account will use to access the administrative Web interface for the Barracuda SSL VPN over the Web (default ports are 8000 and 8443). • Change the port used by your users and the ssladmin account to access the Barracuda SSL VPN (default ports are 80 and 443). •...

  • Page 29: Enabling Ssl For Administrators And Users

    Web interface, or prefer to use their own trusted certificates. The SSL configuration referred to here is related only for the Web-based administrative interface. There is no need to explicitly configure SSL for traffic between the Barracuda SSL VPN and your email servers.

  • Page 30: Ssl Vpn Settings

    User Accounts In order for an individual user to use the Barracuda SSL VPN, they must either have an account in a user directory that has been imported onto the Barracuda SSL VPN, or have access to a resident account that was created explicitly for them on the Barracuda SSL VPN.

  • Page 31: Policies

    SSL VPN. Resources To make a Resource available to your remote users, it must be defined on the Barracuda SSL VPN and have at least one Policy attached to it, to determine who is allowed access to the Resource, and to what extent.

  • Page 32: Policies And Resources

    Access Rights The ssladmin account can designate other users and groups to manage specific aspects of the Barracuda SSL VPN. To grant any Policy the rights to manage a particular Resource, System or their own Personal configuration, go to the page and choose the ACCESS CONTROL >...

  • Page 33: Additional Configuration Items

    Register a hostname with your DNS server for the Barracuda SSL VPN; for example: sslvpn.company.com Install an SSL certificate on the Barracuda SSL VPN for this hostname to ensure your users are able to determine that they are connecting to a genuine Barracuda SSL VPN that is registered to your organization.
  • Page 34 Barracuda SSL VPN Administrator’s Guide...
  • Page 35 Resources are the key entities that a user of the system will interact with. The following topics are covered in this chapter: About The Barracuda Network Connector ........36 Connecting a Client to the Barracuda SSL VPN....... 38 The Barracuda Network Connector 35...

  • Page 36: About The Barracuda Network Connector

    192.168.1.* subnet). The Network Connect client is able to detect which network to use as a route gets published to the client to tell it how and when to send data through the SSL VPN server – i.e. connections to the Internet still work as normal and connect via the Internet address while requests to the corporate LAN pass through the Network Connector address.

  • Page 37: System Requirements

    Network Connector configurations from Windows system tray. Network Connector Interface The Barracuda Network Connector interface can be accessed from the RESOURCES > Network page of the SSL VPN Management interface. Connector The Barracuda Network Connector 37...

  • Page 38: Connecting A Client To The Barracuda Ssl Vpn

    In the Edit Client Configuration window that appears, locate the Commands section. In the Up Commands box, enter the initialization commands that should be executed on any client that is connecting to the Barracuda SSL VPN. An example of the types of commands that should be entered here are...

  • Page 39: Client Downloads And Installs

    Client Downloads and Installs Once a user has been authorized (via a Policy) to use the Barracuda Network Connector, that user will see a page on their page. From there, the client for the Network Connector RESOURCES desired operating system can be downloaded. Microsoft Windows Go to the page and click the Download Windows Client...
  • Page 40 On Windows XP and later, you may receive a compatibility warning which will be safe to ignore. If you get this dialog, click ‘Continue Anyway’. Once it is installed, return to the page of the SSL VPN RESOURCES > Network Connector Management interface. Click the ‘More…’ link under Actions, and select ‘Launch Network Connect Client’.

  • Page 41: Linux

    Network Connector client. No virtual Ethernet adapter needs to be installed as a tap driver already exists on most Linux distributions. If launching Network Connector from the SSL VPN Web-based interface only, there is no need to download the Linux Client at all.
  • Page 42 VPN server. For the Client Configuration field, enter the exact name of the Network Connector client that was created above. To connect, simply click the icon and select connect. The icon should turn green when the connection is established. Barracuda SSL VPN Administrator’s Guide...
  • Page 43 Chapter 6 Resources Resources are the key entities that a user of the system will interact with. The following topics are covered in this chapter: Web Forwards ..................45 Network Places .................. 48 Applications ..................50 SSL Tunnels..................51 Profiles....................52 Resources 43...

  • Page 44: Resources

    Resources The main reason a user will use an SSL VPN is to access the corporate network usually from a remote site, be it from a remote branch office or from a client's site. Securely allowing users into your network is just one side of the remote access solution.

  • Page 45: Web Forwards

    The Agent opens up a tunnel from the client to the target resource and points the Web browser at the client end - this provides the secure connection. All HTTP traffic passes unaltered through the tunnel between the client machine and the target resource; the Barracuda SSL VPN acts as a simple relay between the two.

  • Page 46: Path-Based Reverse Proxy

    URI with the configured Web Forwards. For example, if you have a Web site that is accessible from the URL http://example.com/blog you can configure the Reverse Proxy with the path /blog so that all requests to the SSL VPN server URL https://sslvpn/blog are proxied to the destination site.

  • Page 47: Authentication

    How it works The Barracuda SSL VPN retrieves the Web page on behalf of the connecting client and the information received by the appliance is processed by the replacement engine. This proxy type attempts to find all links in the Web site code and replace them with links pointing back to the SSL VPN server.

  • Page 48: Network Places

    Network Places are another vital tool defending against unwarranted access to the corporate network. By configuring a Network Place in the Barracuda SSL VPN, this allows a user to securely access the organization’s network without compromising the integrity of the network.

  • Page 49: Differences With Webdav

    Differences with WebDAV WebDAV is limited to what file types it can support; certain files require specific WebDAV support added to them in order to be accessed while others are not accessible at all. With the Drive Mapping feature, any file can be accessed, modified and saved as long as it supports random access, can be accessed and is fully modifiable.

  • Page 50: Applications

    A number of extensions are preinstalled on the SSL VPN: a dropdown list of all available extensions (Application Type) can be found on the Manage Account > Resources > Applications page in the Create Application Shortcut section.

  • Page 51: Ssl Tunnels

    Local: A local (outgoing) tunnel protects TCP connections that your local computer forwards from a specified local port to a specified port on the SSL VPN that you are connected to. To use the tunnel, the application to be tunneled is set to connect to the local listener port. The connection beyond the SSL VPN is not secure.

  • Page 52: Profiles

    Profiles configure the general working environment for a user. The system provides two areas of control and they are the Session and Barracuda SSL VPN Agent properties. Simply put, a Profile provides the means for an administrator or user to alter the general working environment of the system.
  • Page 53 Chapter 7 Access Control This chapter describes how the Barracuda SSL VPN is able to achieve control of users and resources and the relationships between them. The following topics are covered in this chapter: Overview .................... 54 Access Control Architecture............... 55 Access Rights ..................

  • Page 54: Overview

    Overview At the heart of the Barracuda SSL VPN lies its access control engine. This is responsible for the complete management of all users from their initial log-on, right through to their exit from the system. More importantly it secures control of user access to different areas of the internal network.

  • Page 55: Access Control Architecture

    Policy: The relationship defined between the principal and resource. It is the component that ensures that only the right people can perform the right action. Utilizing this methodology, the Barracuda SSL VPN is able to maintain robust, secure, and flexible access control architecture.

  • Page 56: Accounts

    The only default user embedded within the Barracuda SSL VPN is the Administrator Account, ssladmin. All other users with administrative rights are created by this user and their administrative rights defined by their attached policies.Structured Account Network...

  • Page 57: Resources

    Groups can be manipulated within the system as single entities but remember that all operations on the Group will affect all accounts within the Group. For example, an SSL tunnel resource can be linked to a single Group and instantly every user within that Group will be granted access to the attached resource..
  • Page 58 Policy that covers a much greater scope of responsibility. The opposite can be said for a standard user whose Policy may only grant the bare essentials required to allow them to perform their duties. Barracuda SSL VPN Administrator’s Guide...

  • Page 59: Access Rights

    Access Rights Access Rights are essential in creating a well organized system. As mentioned earlier, the Super User should only be used to perform configuration of the system. From then on the Super User should create 'Management Users' who are responsible for the daily uptake of the management and running of the system.

  • Page 60: Configuring User Databases

    Barracuda SSL VPN to authenticate users in this manner. LDAP Class Objects The Barracuda SSL VPN needs to understand which User and Role classes are in use by the given LDAP installation. Since each installation can use a different type of schema this information makes the appliance compatible with a larger number of LDAP installations.

  • Page 61: Organizational Unit Filter

    As the diagram below shows the organization structure has a root OU with three nested OUs below. This nesting enables the organization to distribute users across multiple logical structures for easier administration of network resources. When activated, the appliance takes the current Active Directory OUs and maps them directly to groups.

  • Page 62: Nis User Database

    Clear the organizational unit filter to ensure that the entire Active Directory tree is searched. NIS User Database The Barracuda SSL VPN can be configured to authenticate against a Network Information Service (NIS), also known as Yellow Pages. NIS is a Unix-based user database that was originally developed by Sun Microsystems.
  • Page 63 Chapter 8 Advanced Configuration This chapter details advanced configuration options and attributes. The following topics are covered in this chapter. Attributes.................... 64 Session Variable................. 67 Microsoft Exchange 2003 RPC/HTTPS ..........68 Outlook Mobile Access ..............74 Advanced Configuration 63...

  • Page 64: Attributes

    Each user can define their own vncServer attribute to point to whichever server they wish to connect to. Thus for every user the application shortcut works differently, connecting to a different server without any further modification. Barracuda SSL VPN Administrator’s Guide...

  • Page 65: Web Forwards

    Web Forwards The flexibility of user attributes also means they can be used in Web Forwards. An example being a support case tracking application which requires a form to authenticate users. A standard username attribute cannot be used as the FORM has a drop-down list for User as opposed to a text field.
  • Page 66 Every time the Network Place is launched, the system dynamically takes the value of ‘My Network Home’ from the logged in user and replaces the ${attr:myNetHome} parameter in the path. So for each user this will load their respective home share. In the example this would give: smb://examplepath.com/users/ RobertsP Barracuda SSL VPN Administrator’s Guide...

  • Page 67: Session Variable

    We recommend that the setting be set to so your Barracuda SSL VPN Automatically Update receives the latest rules as soon as they are made available by Barracuda Central. Advanced Configuration 67...

  • Page 68: Microsoft Exchange 2003 Rpc/Https

    By using Outlook with RPC/ HTTPS mode enabled this allows you to connect to your Exchange server from an Outlook 2003 client in native mode using the Barracuda SSL VPN as a pass through proxy. Unlike POP/SMTP, this means that all mail is held centrally rather than being downloaded to each client.

  • Page 69: Prerequisites

    HTTPS Proxy hostname: The HTTPS proxy configured within Outlook must match that of the certificate used by the Barracuda SSL VPN. If the appliance is set up with a trusted certificate for the host vpn.example.com then this must be entered exactly into Outlook configuration for HTTPS otherwise Outlook will not connect to the appliance.
  • Page 70 From mail setup, access Email Accounts. Select Add a new email account from the wizard options. Barracuda SSL VPN Administrator’s Guide...
  • Page 71 Under server type select ‘Microsoft Exchange Server’. Under the Exchange server settings, select the newly configured Exchange server and the name of your new mailbox. Advanced Configuration 71...
  • Page 72 Selecting the Exchange proxy settings button opens a final window in which the FQDN of the Barracuda SSL VPN should be keyed into the Use this URL to connect to my proxy server for Exchange parameter. Also under the proxy authentication settings select NTLM Authentication.
  • Page 73 The client is now configured. Once Outlook is started, if your Barracuda SSL VPN has not been configured to use the same Windows account as the one the user is currently logged on with, the system will prompt for the Barracuda SSL VPN authentication credentials.

  • Page 74: Outlook Mobile Access

    Exchange data by using mobile devices. This browser based application is similar to Outlook Web Access but much more lightweight and intended for use on cell phones and PDAs. Configuring the SSL VPN as a OMA Proxy Configure the Exchange properties as per RPC Client Configuration. All clients that have access to Outlook using RPC/HTTPS will also have access to the lightweight OMA interface.
  • Page 75 The mail check feature uses the Web forward and the details defined in the mail check configuration page to connect to the mail server. It is from here it takes the individual user's authentication details to connect to their account and retrieve mail details. Once all the user details have been provided the user should log back into the system.
  • Page 76 Barracuda SSL VPN Administrator’s Guide...
  • Page 77 Chapter 9 Agents of the Barracuda SSL VPN This chapter explains the roles of various agents of the Barracuda SSL VPN Agent: The Barracuda SSL VPN Agent............78 The Barracuda Server Agent ............. 80 Agents of the Barracuda SSL VPN 77...

  • Page 78: The Barracuda Ssl Vpn Agent

    Your users must make sure that they log-off from their SSL VPN sessions. It is not wise to allow such a session to remain open and unattended even for a short period of time.

  • Page 79: Executing Resources From The Barracuda Ssl Vpn Agent

    Executing Resources from the Barracuda SSL VPN Agent Once the Barracuda SSL VPN Agent is started you can execute any resource assigned to you directly from the taskbar icon. Clicking the right mouse button over the Agent icon will present a list of resources that can be executed directly from the Agent.

  • Page 80: The Barracuda Server Agent

    Resources that access services on the remote network without the need to open up a single port on the firewall protecting the remote network. This same process can be used to access resources inside the LAN from a Barracuda SSL VPN residing in a DMZ.

  • Page 81: Visibility

    Server Agent. A user will be unaware that a Server Agent is proxying his or her traffic. When no Server Agent is installed, the Barracuda SSL VPN will continue to make direct connections to its target host.

  • Page 82: Server Agent Interface

    The Server Agent service will now be running. If successfully configured the client should successfully register with the appliance and appear in the Server Agents page. Server Agent Interface The main Server Agent page (Manage System > Advanced > Server Agents) provides information on all successfully registered clients. Barracuda SSL VPN Administrator’s Guide...

  • Page 83: Authentication Schemes

    Authentication is the means of verifying a user’s identity; this can be in the form of a password or a key/code. To allow for greater security the Barracuda SSL VPN uses authentication schemes to provide a multiple staged authentication process.

  • Page 84: Authentication Schemes

    OTP, Passwords, and Certificates. This approach means that multi-tiered authentication can easily be implemented and even linked to existing authentication systems. The Authentication Scheme is then used as the basis of the login policy. The Barracuda SSL VPN allows for more than one of these schemes to be created and used.

  • Page 85: Ssl Client Certificate Authentication

    • Password entry Where more than one Authentication Scheme has been defined, the first Login page will have: • Language selection • Username entry Once the Login button is selected a second page is presented to the user where it is possible to choose an Authentication Scheme by clicking the here hyperlink.

  • Page 86: Ip Address Authentication

    X exactly n number of times X(n,m) X between n and m times .[^\s]{n,m} Any character except whitespaces, with a length of between n and m number of characters \w[n,m] Word character [a-z, A-Z,_,0-9] between n and m Barracuda SSL VPN Administrator’s Guide...

  • Page 87: Pin Authentication

    For more information, see Appendix A: Regural Expressions. PIN Authentication PIN Authentication is something all users with a bank account will already be familiar with. Again this is a standard Authentication Module and, much like a password, a user is expected to authenticate themselves with their private number.

  • Page 88: Creation From System

    Here the administrator can force each user to define their own key when they first login to the Barracuda SSL VPN using Public Key Authentication. Selecting this when a new account is created is a great way to encourage users to configure and manage their identities and other security passwords.

  • Page 89: Configuring Public Key

    Manage System > Advanced > Configuration > Password Options. Import Authentication Key This function allows for an already existing public key to be imported into the Barracuda SSL VPN as a user Authentication Key. This action can be performed by any users who have account editing privileges.

  • Page 90: Otp Authentication

    Alternatively, if support for SMS via email is available in the country where the Barracuda SSL VPN resides, you can configure the OTP feature to send the password via email to an SMS gateway which will relay the message on to the user’s cell phone.
  • Page 91 Personal Authentication relies on predefined personal information about the user. A set number of questions are managed by the system and when utilized the system takes a question and presents this to the user. A comparison is made between the current answer and the preset answer; if a match is made the user is authenticated.

  • Page 92: Hardware Token Authentication

    PCs. RSA SecurID Authentication Manager The Barracuda SSL VPN is able to make use of SecurID authentication using the RADIUS feature to provide communication between the RSA server and the appliance. When combined with the Active Directory user database this method is especially powerful as...

  • Page 93: Vasco Digipass Token Configuration

    VASCO Digipass Token Configuration The Barracuda SSL VPN can be configured to authenticate to a VASCO server using the RADIUS feature of the product. Note that VASCO do not currently include a RADIUS server with their product; therefore you will need to use an external RADIUS server (i.e. FreeRADIUS) to provide the...
  • Page 94 Barracuda SSL VPN Administrator’s Guide...
  • Page 95 This chapter describes the monitoring tasks you can perform from the Web interface. Monitoring Tasks ................96 For more detailed information about a specific page in the Web interface, view the online help by clicking the question mark icon on the right side of the interface. Monitoring the Barracuda SSL VPN 95...

  • Page 96: Monitoring Tasks

    Technical Support. Setting up SNMP Alerts The Barracuda SSL VPN 450 and higher offers the ability to monitor various settings via SNMP, including: •...

  • Page 97: Viewing System Tasks

    The Task Errors section will list an error until you manually remove it from the list. The errors are not phased out over time. Understanding the Indicator Lights The Barracuda SSL VPN has five indicator lights on the front panel that blink when the system processes any message. Figure 11.1 displays the location of each of the lights.
  • Page 98 Barracuda SSL VPN Administrator’s Guide...
  • Page 99 Chapter 12 Maintenance This chapter provides general instructions for general maintenance of the Barracuda SSL VPN. Maintenance Functions..............100 Maintenance 99...

  • Page 100: Maintenance Functions

    Barracuda SSL VPN or in the event your current system data becomes corrupt. If you are restoring a backup file on a new Barracuda SSL VPN that is not configured, you need to assign your new system an IP address and DNS information on the page.

  • Page 101: Updating The Definitions From Energize Updates

    3175 S. Winchester Blvd Campbell, CA 95008 attn: RMA # <your RMA number> To set up the new Barracuda SSL VPN so it has the same configuration as your old failed system, first manually configure the new system’s IP information on the page, BASIC >...

  • Page 102: Rebooting The System In Recovery Mode

    • Contact Barracuda Networks Technical Support for additional troubleshooting tips. As a last resort, you can reboot your Barracuda SSL VPN and run a memory test or perform a complete system recovery, as described below. To perform a system recovery or hardware test: Connect a monitor and keyboard directly to your Barracuda SSL VPN.

  • Page 103: Reboot Options

    Table 12.1: Reboot Options Reboot Options Description Barracuda Starts the Barracuda SSL VPN in the normal (default) mode. This option is automatically selected if no other option is specified within the first three (3) seconds of the splash screen appearing. Recovery...
  • Page 104 Barracuda SSL VPN Administrator’s Guide...
  • Page 105 Appendix A About the Hardware This appendix provides hardware information for the Barracuda SSL VPN. The following topics are covered: Hardware Compliance ..............106 About the Hardware 105...

  • Page 106: Hardware Compliance

    Hardware Compliance This section contains compliance information for the Barracuda SSL VPN hardware. Notice for the USA Compliance Information Statement (Declaration of Conformity Procedure) DoC FCC Part 15: This device complies with part 15 of the FCC Rules. Operation is subject to the following conditions:...
  • Page 107 Appendix B Regular Expressions The Barracuda SSL VPN allows you to use regular expressions when creating Content Filtering policies. Regular Expressions allow you to flexibly describe text so that a wide range of possibilities can be matched. When using regular expressions: •...

  • Page 108: Using Special Characters In Expressions

    One or more digits: 0, 42, 007 (bad|good) letters 'bad' or matches the letters 'good' ^free letters 'free' at the beginning of a line v[i1]agra viagra or v1agra v(ia|1a)gra viagra or v1agra v\|agra v|agra v(i|1|\|)?agra vagra, viagra, v1agra or v|agra Barracuda SSL VPN Administrator’s Guide...
  • Page 109 Table B.3: Regular Expressions Example Matches... \*FREE\* *FREE* \*FREE\* V.*GRA *FREE* VIAGRA, *FREE* VEHICLEGRA, etc Regular Expressions 109...
  • Page 110 Barracuda SSL VPN Administrator’s Guide...

  • Page 111: Appendix C - L I M I T E D Wa R R A N T Y A N D L I C E N S E

    Except for the foregoing, the software is provided as is. In no event does Barracuda Networks warrant that the software is error free or that Customer will be able to operate the software without problems or interruptions. In addition, due to...

  • Page 112: Exclusions And Restrictions

    Exclusions and Restrictions This limited warranty does not apply to Barracuda Networks products that are or have been (a) marked or identified as "sample" or "beta," (b) loaned or provided to you at no cost, (c) sold "as is," (d) repaired, altered or modified except by Barracuda Networks, (e) not installed, operated or maintained in accordance with instructions supplied by Barracuda Networks, or (f) subjected to abnormal physical or electrical stress, misuse, negligence or to an accident.

  • Page 113: Energize Update Software License

    Energize Update Software License PLEASE READ THIS ENERGIZE UPDATE SOFTWARE LICENSE CAREFULLY BEFORE DOWNLOADING, INSTALLING OR USING BARRACUDA NETWORKS OR BARRACUDA NETWORKS-SUPPLIED ENERGIZE UPDATE SOFTWARE. BY DOWNLOADING OR INSTALLING THE ENERGIZE UPDATE SOFTWARE, OR USING THE EQUIPMENT THAT CONTAINS THIS SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY THIS LICENSE.
  • Page 114 The following terms govern your use of the Energize Update Software except to the extent a particular program (a) is the subject of a separate written agreement with Barracuda Networks or (b) includes a separate "click-on" license agreement as part of the installation and/or download process. To the...
  • Page 115 THE ENERGIZE UPDATE SOFTWARE WHICH IS BEING UPGRADED; AND (3) USE OF ADDITIONAL COPIES IS LIMITED TO BACKUP PURPOSES ONLY. Energize Update Changes. Barracuda Networks reserves the right at any time not to release or to discontinue release of any Energize Update Software and to alter prices, features, specifications, capabilities, functions, licensing terms, release dates, general availability or other characteristics of any future releases of the Energize Update Software.
  • Page 116 In no event does Barracuda Networks warrant that the Energize Update Software is error free or that Customer will be able to operate the Energize Update Software without problems or interruptions. In...

  • Page 117: Open Source Licensing

    These programs are copyrighted by their authors or other parties, and the authors and copyright holders disclaim any warranty for such programs. Other programs are copyright by Barracuda Networks. GNU GENERAL PUBLIC LICENSE, (GPL) Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
  • Page 118 Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide Barracuda SSL VPN Administrator’s Guide...
  • Page 119 if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8.
  • Page 120 Barracuda products may include programs that are covered by the Apache License or other Open Source license agreements. The Apache license is re- printed below for you reference. These programs are copyrighted by their authors or other parties, and the authors and copyright holders disclaim any warranty for such programs. Other programs are copyright by Barracuda Networks. Apache License Version 2.0, January 2004...
  • Page 121 means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."...
  • Page 122 Barracuda Networks at no charge. If you would like a copy of the source code or the changes to a particular program we will gladly provide them, on a CD, for a fee of $100.00. This fee is to pay for the time for a Barracuda Networks engineer to assemble the changes and source code, create the media, package the media, and mail the media.
  • Page 123 Certificate Generation Certificate Type certificates character tags ports Concepts Private (self-signed) certificates configuration product activation reloading reboot options Default (Barracuda Networks) certificates recovery mode definitions, updating re-imaging system diagnostic memory test reloading the system Index - 123...
  • Page 124 remote administration repairing, file system replacing failed system RESET button restarting the system restoring configuration shutting down the system SNMP SNMP alerts SSL Certificate Configuration SSL certificates ssladmin user SSL-only access statistics subscription status system reboot shutdown system alerts tasks TCP ports testing memory time zone...

Table of Contents