Home‎ > ‎Barracuda‎ > ‎

Basic Config of SSL VPN 680


Overview

Indicator Lights:


 Light Color Description
  Red Reserved
  Yellow Reserved
 Traffic Green Blinks when device process traffic
 Data I/O
 Green Blinks during data transfer
 Power Green Solid green when powered on

Virginising the System:

You can bring the system back to the factory settings by rebooting and going into recovery mode.

Configuring 1st Interface:

Barracudas are cheap, and because of that, they are not really built like equipment you are normally used to.  To do the initial setup on a Barracuda, you need to plug a monitor and keyboard into them.  Log in with the default user/pass (admin/admin) and go to the TCP/IP Configuration tab.  Enter in the following information:
  • IP address of outside interface
  • Mask of outside interface
  • Default Gateway
  • Primary and Secondary DNS  (Note that Barracudas are built to be hamstrung by DNS, so make sure that your DNS solution is robust, and make sure that it can be connected to by the barracudas.

Setup Outbound Firewall Rules

The system must connect to the Barracuda Network to handle licensing.  (this way they can milk the hell out of you for an over priced support contract. :)  Without this, the system throws errors and behaves poorly for admin purposes.  To enable this bend-overage, allow the following outbound flows on your firewall:

Allow TCP:80 from the Barracuda to the following networks

64.235.147.0 255.255.255.0
host 64.235.144.132
216.129.105.0 255.255.255.0
216.129.125.0 255.255.255.0
205.158.110.0 255.255.255.0


Activate the Firewall:

Login to ADMIN PORTAL:

You cannot simply connect to the IP address of the wan interface, you will need to connect to port 8000 over http.  So your browser's url would be

http://<IP_Address>:8000

The default username and password is admin/admin

Subscription:

From the Basic tab, under Status, select (3) the "Click here for activation code".  This will pull up a Barracuda webpage where you can enter in your company's information for the support contract.  When you are finished, you will get an activation code, which you should paste back in (4) the Basic tabs Status page, under the Subscription Status

Firmware Upgrades:

To update Firmware, go to the Advanced tab, select Firmware Update, and confirm that the Current installed Version is less then the Latest General Release.  If so, select Download Now under the Latest General Release section, and then select Apply Now to install the newest release.  (note: the system will probably need to reboot after uploading the newest firmware.)


Energize Updates:

To get the latest Security, Virus and Attack updates, under Advanced tab, select the Energize Updates sub-tab.  Then select (A) update on those subsections.  The system will be updated without needing a restart or anything. 

General Settings:

IP Address:

Under the Basic Tab, under IP Configuration, set your IP addresses under TCP/IP Configuration.    Your IP should already be setup, so there should be no change needed here.



Static Routes:

Under the Advanced Tab, within the Advanced Networking sub tab, go to the Static Routes section to add any additional routes. 

DNS / Hostname:

Under the Basic Tab, under IP Configuration, set your DNS servers, and the hostname and domain of the barracuda


Syslog:

Syslog configuration is done with the SSLADMIN account, not the Admin (:8000) account.   So log in to the main interface with the ssladmin account (default pass = ssladmin)
https://<ip_address>/

Then and select Under the Advanced Tab, under Syslog, enter in the syslog hosts IP, and define if it should be transported over UDP 514 (yes)


From the Admin account you can only view the logs with the following method. 

Under the Advanced Tab, under Syslog, in the Web interface Syslog section, select the Monitor Web Syslog button to view the logs.

Time:

There are two different places to change the time on the server, one is in the Basic tab, and the other under the "special expert variables".
Under the Basic Tab, under Admin, set the timezone


Then  in the Advanced tab, under Advanced Networking, add the Time servers under the NTP Server  section.



Admin Access:

Under the Basic Tab, under Admin, set the range of IP's that can connect to the admin port of this system.

SNMP Conf:

Also under the Basic Tab, futher down the Admin sub-tab is the SNMP configuration tab, where you can define the snmp version, community string, and allowed IPs to poll this system.


Also, you need to connect to the normal web service of the barracuda with the ssladmin account:
https://<ip_address>/

Select the Advanced Tab, and then append &expert=1 to the end of the uri

Still under the Advanced Tab, select the new Expert Tab.


Scroll down till you get to the snmp section, and make sure that the community string there is the same as the one you changed above.





Change Password:

Change the Admin Password by going to the Basic tab, and selecting Administration, and then adding your new password in the Password Change section. 

Final Touch Ups:

SSL Certificate

To ensure that https traffic to the appliance is trusted, you need to install a cert on the barracuda. 
Under the Basic Tab, under SSL Certificate, Go to the Trusted Certificate section, and add your publicly signed certificate.