Configure Barracuda Firewall


    Firewall Analyzer supports most versions of Barracuda Firewall device. 

    Configure Barracuda Firewall

    Follow the below steps to configure Barracuda firewall:

    Step 1. Enable the Syslog Service

    1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
    2. Click Lock.
    3. Set Enable Syslog Streaming to yes.
    4. Click Send Changes and Activate.

     

     

    Step 2. Configure Logdata Filters

    1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
    2. In the left menu, select Logdata Filters.
    3. Expand the Configuration Mode menu and select Switch to Advanced View.
    4. Click Lock.
    5. Click the + icon to add a new entry.
    6. Enter a descriptive name in the Filters dialog and click OK.
    7. In the Data Selection table, add the log files to be streamed. You can select:
      • Fatal_log – Log contents of the fatal log (log instance name: fatal)
      • Firewall_Audit_Log – The log contents of the firewall's machine readable audit data stream. Whether data is streamed into the Firewall_Audit_Log has to be configured in the General Firewall Configuration settings on box-level, section Audit Log Handling > Audit-Delivery: Syslog-Proxy (see: FW Audit). The log instance name corresponding to Syslog-Proxy selected will be trans7.
      • Panic_log – log contents of the panic log (log instance name: panic)
    When Log-File is selected in the firewall's configuration, the data will go into a log file named Box > Firewall > audit (which means the instance is named box_Firewall_audit) and thus this filter setting is not applicable. The pertinent one then would be a selection of category Firewall within the box selection portion of the filter.
    1. In the Affected Box Logdata section, define what kind of box logs are to be affected by the syslog daemon from the Data Selection list.
    2. When choosing Selection (default),
      • Click the + icon next to Data Selection to add an entry.
      • Enter a descriptive name for the group and click OK. The Data Selection window opens.
      • Add the Log Groups for selection or select Other and specify an explicit selection. For more information, see User Defined Log Groups.
      • Set a Log Message Filter. When choosing Selection, add the explicit log type to the Selected Message Types table.
      • Click OK.
    3. In the Affected Service Logdata section, define what kind of logs created by services are to be affected by the syslog daemon from the Data Selection list.
    4. When choosing Selection (default),
      • Click the + icon next to Data Selection to add an entry.
      • Enter a descriptive name for the group and click OK. The Data Selection window opens.
      • In the Log Groups table, add the server and services where log messages are streamed from, or select Other and specify a more granulated selection. For more information, see User Defined Log Groups.
      • Set a Log Message Filter. When choosing Selection, add the explicit log type to the Selected Message Types table.
      • Click OK.
    5. Click Send Changes and Activate.

    Step 3. Configure Logstream Destinations

    1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
    2. In the left menu, select Logstream Destinations.
    3. Expand the Configuration Mode menu and select Switch to Advanced View.
    4. Click Lock.
    5. Click the + icon to add a new entry.
    6. Enter a descriptive name in the upcoming dialog and click OK. The Destinations window opens.
    7. Select Explicit IP (default).
      • Enter the the Firewall Analyzer IP address in the Destination IP Address field.
    8. Enter the Destination Port for delivering syslog messages.
      • Enter 1514  in the Destination Port field. (Firewall Analyzer use 1514 as default syslog server port.)
    Note: Default Syslog server ports in Barracuda device are 5143 (encrypted streaming) and 5144 (unencrypted streaming). The default is to use encryption for delivery, therefore port 5143 is pre-configured. You must also adapt the host firewall rule for syslog traffic to use the new port (1514).
    1. Select the Transmission Mode as UDP.
    2. Click OK.
    3. Click Send Changes and Activate.

    Step 4. Configure Logdata Streams

    1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
    2. In the left menu, select Logdata Streams.
    3. Expand the Configuration Mode menu and select Switch to Advanced View.
    4. Click the + icon to add a new entry.
    5. Enter a descriptive name in the upcoming dialog and click OK.
    6. Configure the following settings:
      • Active Streams – This parameter allows you to activate/deactivate the selected log stream profile. By default, for example when creating a new profile, this parameter is set to yes.
      • Log Destinations – Here the available log destinations (defined in the section Logstream Destinations) can be selected.
      • Log Filters – Here the available log patterns (defined in the section Logdata Filters) can be selected.
    7. Click Send Changes and Activate.

    Step 5. Configure Web Log Streaming

    1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.
    2. Click Lock.
    3. In the left menu, click Web Log Streaming.
    4. From the Enable Web Log Streaming list, select yes.
    5. Enter the Streaming Template as below,
    %timestamp% 1 %srcip% %dstip% %content-type% %srcip% %uri% %content-length% BYF ALLOWED CLEAN 2 1 0 %actionnum% 0 (-) %actionnum% %urlcat% 0 - 0 %host% %urlcat% [%user%] %host% - - 0
    
    1. Select the Streaming Protocol as UDP.
    2. Enter the Destination IP Address.
      • Enter the the Firewall Analyzer IP address in the Destination IP Address field.
    3. Enter the Destination Port.
      • Enter 1514  in the Destination Port field. (Firewall Analyzer use 1514 as default syslog server port.)
    4. Click Send Changes and Activate.

     

    Configure SNMP in Barracuda firewall using the below help link:

    https://campus.barracuda.com/product/nextgenfirewallf/doc/53248593/how-to-configure-the-snmp-service/

    Once SNMP configured in Barracuda firewall, add the SNMP credentials in Firewall Analyzer > Settings > SNMP Settings.

    References: