Barracuda Networks Firewall X201 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Barracuda Networks Firewall X201. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Barracuda Networks Firewall X201 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Barracuda Networks Firewall X201 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Barracuda Networks Firewall X201 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Barracuda Networks Firewall X201
- nom du fabricant et année de fabrication Barracuda Networks Firewall X201
- instructions d'utilisation, de réglage et d’entretien de l'équipement Barracuda Networks Firewall X201
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Barracuda Networks Firewall X201 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Barracuda Networks Firewall X201 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Barracuda Networks en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Barracuda Networks Firewall X201, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Barracuda Networks Firewall X201, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Barracuda Networks Firewall X201. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    1. Barracuda Firewall - Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Barracuda Firewall Release Notes Version 6.1.4.005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 2

    1.5.6 How to Manage Guest Tickets - User's Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 1.6 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 3

    Barracuda Firewall - Overview The Barracuda Firewall is an application-aware network firewall appliance that is designed for organizations without dedicated IT personnel to manage firewalls. It leverages cloud resources to extend next-generation security and networking beyond the capabilities of typical security gateways or legacy firewalls. The Ba[...]

  • Page 4

    Web Interface Adding source or destination networks, with netmasks higher than /24, to firewall rules now works as expected. (BNF-2869) The smart pre-submission input validation now also works correctly with DNAT firewall rules. It is now possible to access release notes for the latest general and early release through the > page. ( ADVANCED Fir[...]

  • Page 5

    What's New with Barracuda Firewall Version 6.1.3.003 Web Interface The Barracuda Firewall User Interface is now fully Japanese localized. Note that entering multi-byte characters is not yet supported. Guest networks for Wi-Fi networks can now only be configured in > (BNF-2650) USERS Guest Access. Barracuda Firewall OS Improved stability due[...]

  • Page 6

    Access to the guest ticketing administration page is now possible from any network segment. A corresponding targe Redirect to Service t was included. [BNF-2603] Firmware Improvements The in > cannot be set to 0 minutes any more. Session Expiration Length Advanced Secure Administration (unlimited) [BNF-2591] Viewing DHCP settings through Barracud[...]

  • Page 7

    [BNF-2348] Fixed an issue where under rare circumstances configuration updates failed and login was no longer possible. [BNF-2504] Barracuda Firewall Release Notes Version 6.1.0.016 Please Read Before Upgrading Please Read Before Upgrading What's New in the Barracuda Firewall Version 6.1.0 New Barracuda Firewalls X100 and X101 SSL VPN High Ava[...]

  • Page 8

    SSL VPN is available at no additional cost for an unlimited amount of users. Depending on the performance level of the appliance model, Barracuda Networks recommends the following maximum numbers of users: Model Recommended Max. Users X100, X101 SSL VPN not available X200, X201 25 users X300 50 users X400 100 users X600 200 users Depending on the F[...]

  • Page 9

    High Availability All Barracuda Firewalls can now be deployed as part of a High Availability (HA) cluster. The primary unit handles all network traffic and security functions, while the secondary unit waits in standby mode to take over if the partner unit fails. The secondary unit automatically inherits all configuration changes from the primary un[...]

  • Page 10

    Configuration Wizards All Barracuda Firewalls now offer the following configuration wizards to guide you through initial setup and configuration: The wizard for initial activation and deployment in an evaluation and test scenario. This wizard starts automatically Test at my Desk during your first login. The wizard for activating the Barracuda Firew[...]

  • Page 11

    Smart Pre-Submission Input Validation All Barracuda Firewalls now offer smart pre-submission input validation. This validation prevents configuration pop-ups from closing and losing entered information before all required fields are filled.[...]

  • Page 12

    URL Filtering of HTTPS Websites and Web Security Service Exemptions All Barracuda Firewalls can now apply URL filtering provided by the Barracuda Web Security Subscription to websites accessed via HTTPS. Additionally, you can exempt user-defined domains or IP addresses from being forwarded to the Barracuda Web Security Service for HTTP and HTTPS. G[...]

  • Page 13

    Log Streaming All Barracuda Firewalls now support streaming log files to an external syslog server. You can activate syslog streaming per log file on the LOGS > page. Log Streaming Usability Improvements Quick Links to Service Configuration Pages On the page, you can click the services listed in the section to open their configuration pages. BAS[...]

  • Page 14

    Quick Links to Barracuda Labs Reputation Search in Logs, Active Connections, and Recent Connections pages On the pages, page, and page, you can view information from the LOGS BASIC > Active Connections BASIC > Recent Connections Barracuda Labs Reputation Search about an external IP address by clicking the address in the column. Destination IP[...]

  • Page 15

    Active Routes User Interface Improvement The tab previously located in has been moved to the section on the page. You Active Routes BASIC Network Routes NETWORK > Routing can now edit network routes directly on the page. QoS: Configurable Throughput of Rate Limiting Queues On the page, the diagram that explains QoS queues was updated to match ot[...]

  • Page 16

    Download Barracuda VPN Clients through UI All currently available Barracuda VPN clients can now be downloaded from the section of the page. Settings VPN > Client-To-Site VPN Minor UI brush-up with new Barracuda Networks Logos and Improved Graphics The logos and login screen for Barracuda Firewalls have been updated to match the new Barracuda Net[...]

  • Page 17

    Barracuda Firewalls can now be reloaded and rebooted if the unit is not activated yet. [BNF-2230] Known Issues High Availability : Manually t riggering an HA failover is only possible on the currently active Barracuda Firewall unit. This issue does not affect automatic failover of HA clusters. : Changing the management IP address/network on HA unit[...]

  • Page 18

    POP3 VNC IMAP4 WebDAV Web forwards (HTTP/HTTPs) All Barracuda Firewall models starting with X200 provide SSL VPN at no additional cost for an unlimited amount of users. Depending on the performance level of the Barracuda Firewall model, Barracuda Networks recommends the following maximum numbers of users per model: Model Recommended Maximum Users X[...]

  • Page 19

    Usability Improvements The following sections describe the usability improvements that are available as of firmware release 6.1.0. Quick Links to Service Configuration Pages On the page, links in the section are now available to provide quick access to the configuration pages of all available services. Status Services Column Sorting for Active Conn[...]

  • Page 20

    Firewall rule entries can quickly be edited after their firewall rule entries are double-clicked. NAT Objects Tab NAT objects are more intuitively integrated into the user interface and can now be found in a dedicated tab. Active Routes User Interface Improvement The window is now consolidated with the network routes configuration window. Network r[...]

  • Page 21

    Firmware Improvements Enhancement:The DHCP TFTP Host Name field now also accepts IP address and host name combinations. [BNF-2121] Fix: The internal interface assignment of the QoS bandwidth policy Internet now works as expected. [BNF-2072] Fix: Phase 2 settings of IPsec Site-to-Site VPN tunnels are now loaded correctly. [BNF-2098] Fix: The Barracu[...]

  • Page 22

    Firmware Improvements Enhancement: It is now possible to disable the SIP Proxy. [BNF-1900] Enhancement: To simplify the firewall rule tester, time settings are no longer available. [BNF-1872] Enhancement: The Active Connections screen now allows performing a Barracuda Labs reputation search for globally routable IP addresses. [BNF-1800] Enhancement[...]

  • Page 23

    DNAT firewall rules can now also be used to perform port address translation (PAT). In the Redirect To field, append the desired port to the IP address. E.g.: 192.168.100.20:8080 [BNF-1582] The default firewall rule LOCALDNSCACHE now also includes TCP port 53 network traffic. [BNF-1584] Applying filters in the VPN > Active Clients page did not w[...]

  • Page 24

    User interface rendering of the recent connection page was slow with huge amount of connection entries. [BTN-1492] The firewall log time filter user interface of the Barracuda Cloud Control was not displayed correctly. [BTN-1462] User objects were not saved correctly. [BTN-1447] A permission denied warning was displayed when creating Barracuda Clou[...]

  • Page 25

    Log filter for service logs did not work correctly. [BNF-1366] Filtering log files occasionally caused a temporary unavailable message. [BNF-1374] IPsec VPN tunnel status was not displayed correctly. [BNF-1387] Captive Portal was not able to use uploaded certificates. [BNF-1389] Filtering options in recent connections did not work correctly. [BNF-1[...]

  • Page 26

    technology—including application control, user awareness, secure VPNs, link optimization, and advanced malware protection—but is designed for unsurpassed ease of use, and priced competitively. The Barracuda Cloud Control centralized management portal makes it easy and intuitive to deploy, configure, and manage the Barracuda Firewall from any lo[...]

  • Page 27

    Within any organization, different individuals or groups require access to different resources and applications. For example, marketers may need to use Facebook for their work, while for other groups it will only waste time and bandwidth. To enforce policies that control access to resources and allocation of bandwidth, Barracuda Firewall identifies[...]

  • Page 28

    Unlike other firewall products that simply enhance or augment standard Linux firewall packages, the core of every Barracuda Firewall is a specially developed application-controlled packet-forwarding firewall called the phion core. It is based on a combination of stateful packet forwarding, TCP stream forwarding, and application-layer gateways, enha[...]

  • Page 29

    1. 2. 3. 4. 5. 1. 2. 3. 4. 5. Set up the unit between the management PC and the network. Connect the LAN to port 1 and the management PC to port 3. The management PC can configure the Barracuda Firewall while still being connected to the LAN through the transparent port 1—port 3 bridge. Go to . https://192.168.200.200 Continue at the certificate [...]

  • Page 30

    Area Description Subscription Status To verify the status of your licenses, go to the page BASIC > Status and view the section. The status for all Subscription Status purchased licenses displays as . While the Barracuda Current Firewall is connected to the Internet, it automatically downloads licenses. If the Barracuda Firewall cannot be activat[...]

  • Page 31

    Connect the Barracuda Firewall to your existing authentication service or create a built-in database for user information. Managing Users and Groups If supported by your Barracuda Firewall (models X101 and X201), configure Wi-Fi. How to Configure Wi-Fi Configure a site-to-site VPN. Site-to-Site VPN Configure client-to-site VPN access. Client-to-Sit[...]

  • Page 32

    Dynamic Interface Dynamic interfaces for DSL, DHCP, or 3G. How to Configure WAN Interfaces Virtual Interface Virtual interfaces for VLANs. You must use properly configured 802.1q capable switches. How to Configure a VLAN Wi-Fi Link If available for your Barracuda Firewall model, you can create up to three different Wi-Fi networks. How to Configure [...]

  • Page 33

    1. a. b. 2. a. b. 1. 2. a. b. c. 3. a. b. c. 4. dynamic connection besides DHCP (PPTP or PPPoE) on port p2, delete the default interface. DHCP Port p3 – Initially, port p3 is bridged to port p1. Both interfaces are also configured as management ports in the LAN. To use port p3 for another connection, delete the P1-P3 bridge. However you might los[...]

  • Page 34

    1. 2. 3. 4. 5. 6. 7. 8. 9. The interface must be configured on port p4 with an IP address of 69.122.23.58 and a netmask of 255.255.255.0 (or /24). The default gateway of the ISP is 69.122.23.254. Configure the static network interface with the following settings: Setting Value Network Interface Select . p4 IP Address Enter . 69.122.23.58 Netmask En[...]

  • Page 35

    1. 2. 3. 4. a. b. 1. 2. 3. 4. 5. 6. 7. 1. 2. 3. After you connect the Barracuda M10 USB modem to the Barracuda Firewall, configure the provider settings. Then verify that the default network route and network interface of the 3G WAN link have been successfully introduced and are available. In this article: Step 1. Connect the Barracuda M10 Modem St[...]

  • Page 36

    1. 2. 3. 4. 5. 6. 7. 8. 9. 10. How to Configure a DHCP Connection If the IP address is dynamically assigned by your ISP, follow the instructions in this article to configure the interface. Before You Begin If your ISP provides a modem, connect the Ethernet port of the modem to a free network interface on the back of your Barracuda Firewall. Use the[...]

  • Page 37

    10. 1. 2. 3. 4. 5. 1. 2. 3. 1. After committing your changes, log back into the Barracuda Firewall. How to Add a Static Network Interface Follow the instructions in this article to configure a static network interface. You can add a subnet to a free physical or virtual interface. Related Article How to Configure a VLAN To configure a static network[...]

  • Page 38

    1. 2. 3. 4. 1. 2. 3. 4. 1. 2. 3. 4. 5. 6. 1. 2. 3. 4. 1. 2. a. b. c. 3. a. b. c. Go to the page. NETWORK > IP Configuration In the section, select the check box to enable Wi-Fi. Wi-Fi Link Configuration Activate WiFi From the list, select the country that your Barracuda Firewall is located in. Location Click . Save Changes Configure the Radio To[...]

  • Page 39

    3. c. 4. 1. 2. 3. 4. Click the tab and change to specify the Wi-Fi subnets. General Source At the top of the rule editor window, click . Save Step 5. Verify the Order of the Rules in the Rule Set Because rules are processed from top to bottom in the rule set, arrange your rules in the correct order. Also verify that your rules are placed above the [...]

  • Page 40

    1. 2. 3. 4. Next Steps After adding the virtual interface, you can use it in your network configurations as if it were a physical interface. Continue with any of the following network configuration articles: How to Add a Static Network Interface How to Add a Static Route How to Configure a Bridge How to Configure Bandwidth Policies or QoS How to Ad[...]

  • Page 41

    1. 2. 3. 4. 1. 2. 3. To configure the bridge: Go to the page. NETWORK > Bridging Click . Add Bridged Group Enter a name for the bridge and add the interfaces to be bridged. Commit this change. Step 2. Create a Firewall Rule for the Bridge To create the firewall rule: Go to page. FIREWALL > Firewall Rules Create a firewall rule to allow the tr[...]

  • Page 42

    1. 2. 3. 4. 5. 6. 1. 2. 3. 4. Step 2. Configure the Firewall Rule Step 3. Verify the Order of the Firewall Rules Step 1. Configure the Interface Create a network segment (e.g., 172.16.10.0/24 on port 3). Go to the page. NETWORK > IP Configuration In the section, click . Static Interface Configuration Add Static Network Interface Enter a name int[...]

  • Page 43

    4. 5. 1. 2. 3. 1. 2. 3. 4. – Add the service objects to redirect (e.g., ). Service HTTP – Click and add . Source Network Objects Internet – Click field and enter the WAN address (e.g., ). Destination IP Address 80.90.100.200 – Enter the IP address and port number of the DMZ server (e.g., ). Redirected To 172.16.10.10:8080 At the top of the [...]

  • Page 44

    1. 2. 3. 1. 2. network). To assign a static IP address to a system: In the section, click under the tab. DHCP Server Subnets Edit Action In the section, edit the following settings: Static Leases Hostname : Enter a name for the system to be assigned a static address. For example, . Workstation MAC Address : Enter the MAC address of the selected sys[...]

  • Page 45

    2. 3. Configure the following settings: Web Security: Select . Proxy Forwarding Proxy : Enter the IP address of the forward proxy. Forwarding Port : Enter the port of the forward proxy. Default values are or . 3128 8080 For example, if you are configuring a forward proxy for the setup in the figure above: Click . Save Changes How to Configure Autho[...]

  • Page 46

    1. 2. 3. 4. Every DNS record has a Time to Live (TTL) value, which is the length of time that the DNS record can be cached. For most DNS records, two days is a typical and acceptable value. However, A records should have a very short TTL, such as 30 seconds. If a WAN interface fails, its address is no longer returned. The inbound traffic to this ho[...]

  • Page 47

    Additional DNS Records After a zone has been created, you can edit its records or add NS records, A records, and any of the following records to the zone: Record Description Mail Exchanger (MX) MX records point to the email servers that are responsible for handling email for a given domain. There should be an MX record for each email server, includ[...]

  • Page 48

    1. 2. 3. 1. 2. a. b. i. ii. iii. 3. 4. Step 1. Enable Authoritative DNS on the Barracuda Firewall Go to the page and enable . In the table, you can view a list of the links that NETWORK > Authoritative DNS Authoritative DNS DNS Servers are configured with the DNS Server service on the page. NETWORK > IP Configuration Step 2. Create One or Mor[...]

  • Page 49

    1. 2. 3. 4. 5. 6. 7. 8. the domain point to your static WAN IP addresses. If your domain name is already registered, contact your registrar to update the NS records of the domain to point to your static WAN IP addresses. Remove records that reference any domains that are now delegated to the Barracuda Firewall. Hosting a Subdomain If your domain is[...]

  • Page 50

    1. 2. 3. 4. 5. secondary box must also connect port 3 with ISP 1. If you install cabling incorrectly, HA failover does not work properly. For an example of correct cabling, see the following diagram: In this article: Enable High Availability Configure Monitoring Verify the HA Status Manually Execute an HA Failover Enable High Availability Before yo[...]

  • Page 51

    ADVANCED > High Availability NETWORK > IP Configuration > Management IP Configuration NETWORK > IP Configuration > Dynamic Interface Configuration (If 3G is available) NETWORK > IP Configuration > 3G Network Interface Configure Monitoring You can configure the monitoring of additional IP addresses and interfaces. If these IP ad[...]

  • Page 52

    Time Interface Additionally, Intrusion Prevention, SYN flood protection, and a limit on the number of sessions per source IP address can be enforced. To create, edit, or change the order of firewall rules, go to the page. FIREWALL > Firewall Rules For more about matching criteria and possible firewall rule actions, see Firewall Rules . If you ar[...]

  • Page 53

    Description – An additional description field for the firewall rule. Action – Specifies how the Barracuda Firewall handles network traffic that matches the criteria of the rule. The following table gives you a detailed overview of each available action: Action Description Allow The Barracuda Firewall passes all network traffic that matches the [...]

  • Page 54

    Application policies regulate how this session is treated by the Barracuda Firewall if certain network traffic is detected by the application filter. Traffic can be reported, dropped, or throttled. The application filter identifies the type of traffic that you want to limit or control. The application-aware filter detects peer-to-peer client applic[...]

  • Page 55

    1. 2. 3. To change the order of the firewall rules: Go to the page. FIREWALL > Firewall Rules Drag rules up or down in the table. If you want a rule to be executed, drag it above the BLOCKALL rule. After you finish adjusting the order of the firewall rules, click . Otherwise, your changes will not take effect. Save Changes Pre-Installed Firewall[...]

  • Page 56

    Flex or forwarded to a different proxy service. TRANSPARENT-PROXY If enabled, this rule automatically redirects all HTTP requests on TCP port 80 to the local proxy of the Barracuda Firewall. Depending on the proxy configuration ( ), web traffic is either scanned by Barracuda Web Security Flex or forwarded to a different proxy service. NETWORK > [...]

  • Page 57

    Connection Timeout The time in seconds to allow before a failing connection skips to the next fallback level. For a faster failover, enter lower values. For congested connections, enter longer values. Default: . 30 NAT Type The type of NAT to use. The availability of the following settings depends on the NAT type that you select. This setting lets [...]

  • Page 58

    1. 2. 3. 4. 1. 2. Example – HTTP and HTTPS Traffic to the Internet To allow HTTP and HTTPS connections from the local 192.168.200.0/24 network to the Internet, the Barracuda Firewall must perform source-based NAT. Instead of using the source IP address from the client residing in the LAN, the connection is established between the WAN IP address o[...]

  • Page 59

    2. 3. 4. 1. 2. 3. In the section, click the edit symbol ( ) for the custom service object that you want to edit. Custom Service Objects In the window, edit the services for the object. Edit Service Object Click . Save Delete a Custom Service Object To delete a custom service object: Go to the page. FIREWALL > Service Objects In the section, clic[...]

  • Page 60

    1. 2. 3. 4. You can either register your domain name with an independent entity or configure the Barracuda Firewall as the authoritative DNS resolver for the domain name. To learn more about authoritative DNS on the Barracuda Firewall, see . How to Configure Authoritative DNS Outbound Link Balancing To achieve outbound link load balancing, create a[...]

  • Page 61

    1. 2. 3. 4. 5. 1. 2. 3. 1. 2. 3. 4. Available settings include: Action – Blocks network traffic where malicious activities were detected. Drop – Reports Log Only network traffic where malicious activities were detected. – No action is taken. None Available settings include: Log Alert Warn Notice You can view detected threats on the page. BASI[...]

  • Page 62

    1. 2. 3. 1. 2. 3. To block, allow, report, or throttle network traffic for specific application types, enable Application Control. It uses Layer 7 deep packet inspection to detect and prioritize traffic for services like instant messaging, social networking, or video streaming. It can even detect applications that try to evade pattern-based detecti[...]

  • Page 63

    3. 4. 1. 2. 3. 4. 5. 6. 7. 1. 2. 3. 4. Applications Policy – Select one of the following policies: Default (Default Application Detection Policy) Report All – Report on the page. BASIC > IPS Events Limit Bandwidth (Default Bandwidth Policy) – The Default Bandwidth Policy can be changed using the FIREWALL > page. By default, this is set [...]

  • Page 64

    4. 5. At the top of the rule editor window, click or . Add Save Step 3. Verify the Order of the Firewall Rules Because rules are processed from top to bottom, ensure that you arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, the rules are blocked. After adjusting the o[...]

  • Page 65

    1. 2. 3. 1. 2. 3. Queues and Rate Limits The following diagram shows how the eight bandwidth policies are divided into queues: The Priority Queues always take precedence. The Regular Queues can use unlimited bandwidth. The Rate Limiting Queues are collectively limited to 5% of the maximum link bandwidth. The rate limits always apply, so even if the[...]

  • Page 66

    1. 2. 3. 4. 5. 1. 2. 3. Configure the Captive Portal Upload a Certificate Monitoring and Managing Authentication Users Configure the Captive Portal Before you begin: Verify that the confirmation message and ticketing features are disabled. Go to the NETWORK > IP Configuration page, and edit the relevant Wi-Fi interface to specify that there is n[...]

  • Page 67

    1. 2. 3. 4. 5. Monitoring and Managing Authentication Users On the page, you can view currently authenticated users. You can also disconnect specific users. BASIC > User Activity Example - Allowing HTTP Traffic When you configure firewall rules to allow network traffic, you can choose to allow traffic only for certain types of traffic that are p[...]

  • Page 68

    If your mail server or Barracuda Spam & Virus Firewall is on the public network, you might want to allow your Barracuda Firewall to provide protection and move your mail system onto the internal network. The mail traffic passes through the Barracuda Firewall in both directions. If the advertised method of receiving email is se a service such as[...]

  • Page 69

    DNAT Either the n Internet etwork object or a specific public IP address. For example, the IP address of the hosting provider. The destination depends on the advertised method of receiving email. If it is one or more external static IP addresses, enter those addresses (a CIDR summarization of addresses can also be used). If it is a domain name whic[...]

  • Page 70

    1. 2. Verify Firewall Rule Order Verify the order of the firewall rule(s) that you created. New rules are created at the bottom of the firewall rule set. Because rules are processed from top to bottom in the rule set, arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, t[...]

  • Page 71

    1. 2. In this article: Step 1. Configure a Firewall Rule for the Connection from the SIP Server to Internet Step 2. Configure a Firewall Rule for the Connection from the Internet to the SIP Server Step 3. Verify the Order of the Rules in the Rule Set Step 1. Configure a Firewall Rule for the Connection from the SIP Server to Internet To let SIP-bas[...]

  • Page 72

    2. 3. 1. 2. At the top of the window, click . Edit Access Rule Save Step 2. Configure a Firewall Rule for the Connection from the Internet to the SIP Server Configure a separate forwarding firewall rule to allow connections from the Internet to the SIP server. You can create a new firewall rule or edit an existing rule. This example edits the rule.[...]

  • Page 73

    2. 3. At the top of the window, click . Edit Access Rule Add Step 3. Verify the Order of the Rules in the Rule Set Because rules are processed from top to bottom in the rule set, arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, the rules are blocked. After adjusting t[...]

  • Page 74

    1. 2. 3. 4. 5. 1. 2. 3. 4. Go to the page. FIREWALL > Firewall Rules Click to create a new firewall rule. Add Access Rule In the window, enter a name and for the rule. Add Access Rule description Specify the following settings: Action Service Source Destination Block FTP Trusted LAN Networks Internet At the top of the window, click . Add Access [...]

  • Page 75

    4. 5. At the top of the window, click . Add Access Rule Add Step 2. Verify the Order of the Firewall Rules New rules are created at the bottom of the firewall rule set. Because rules are processed from top to bottom in the rule set, arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rul[...]

  • Page 76

    1. 2. 3. 4. 5. 6. 7. 1. 2. 3. 4. 5. 6. 7. This example configures a time object named that includes all office hours except to . Lunch Time 11am 1pm Go to the page. FIREWALL > Time Objects In the section, click . Time Objects Add Time Object In the field, enter . Name Lunch Time To terminate existing sessions when the firewall rule is applied, s[...]

  • Page 77

    1. 2. 3. 4. 1. 2. 3. In this article: Step 1. Enable Application Control Step 2. Create a Firewall Rule to Choke Facebook Traffic Step 3. Verify the Order of the Firewall Rules Monitoring Traffic for Detected Applications Step 1. Enable Application Control Enable Application Control and select the Choke policy. Go to the page. FIREWALL > Setting[...]

  • Page 78

    3. 4. 5. Click the tab and then specify the following settings: Applications/Bandwidth Applications Policy : Limit Bandwidth (Choke) Application Filter : STD-FACEBOOK At the top of the window, click Add Access Rule Add.[...]

  • Page 79

    1. 2. 3. 4. 5. Step 3. Verify the Order of the Firewall Rules Because rules are processed from top to bottom, arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, the rules are blocked. After adjusting the order of the rules, click . Save Changes For more information, see[...]

  • Page 80

    1. 2. 3. 4. 1. 2. 3. 4. ISP Type Service Metric Primary ISP (80 Mbit) Static IP assignment HTTP 100 Secondary ISP (4 0 Mbit) Dynamic assignment FTP 200 In this article: Step 1. Create a Firewall Rule for HTTP Traffic Step 2. Create a Firewall Rule for FTP Traffic Step 3. Verify the Order of the Firewall Rules Step 4. Verify the Routing Configuratio[...]

  • Page 81

    1. 2. 1. 2. 3. 4. After adjusting the order of rules in the rule set, click . Save Changes Step 4. Verify the Routing Configuration To verify that traffic is routed correctly according to your firewall rules: Go to the BASIC > Active Routes page and check the routing table. Go to the BASIC > page Recent Connections and filter the entries for [...]

  • Page 82

    For user and group authentication, you can either a integrate the Barracuda Firewall with an dminister users locally on the Barracuda Firewall or external authentication server. , user-aware firewall You can use the information from these authentication services when you configure VPNs rules, and the captive portal. To manage guest access to the ne[...]

  • Page 83

    1. 2. 3. a. b. c. 4. a. b. RADIUS OCSP Group Filter Patterns Barracuda DC Agent The Barracuda DC Agent runs on either the domain controller or a dedicated Windows PC on the office network. To record authenticated users, it periodically checks the domain controller for login events. The IP addresses of authenticated users are mapped to their usernam[...]

  • Page 84

    1. 2. 3. 4. 1. 2. 3. 1. 2. 3. 4. 1. 2. 3. 1. 2. 3. To configure Active Directory: Go to the page. USERS > External Authentication Click the tab. Active Directory In the table, edit or add an Active Directory authentication configuration for one or more domain controllers. Basic In the table, you can create or delete group filter patterns. For mo[...]

  • Page 85

    1. 2. 3. 4. 1. 2. 3. 4. 1. 2. 3. 4. 1. 2. 3. 4. 5. User01 group membership string: CN=xyz, OU=sales, DC=mycompany, DC=com User02 group membership string: CN=SSL VPN, DC=mycompany, DC=com Then only User02 will match. How to Join a Windows Domain To successfully join the Barracuda Firewall to a Windows domain, you must first configure DNS, Active Dir[...]

  • Page 86

    How to Set Up a Guest Access Confirmation Page When setting up a guest network, you can configure the Barracuda Firewall to use a confirmation page that prompts guests to agree to of Service before they can access the network. A Terms confirmation page is typically used to grant network access to anonymous users. Related Articles How to Configure W[...]

  • Page 87

    1. 2. 3. 4. 1. 2. 3. 4. 5. Step 2. Enable the DHCP Server for the Guest Network To automatically assign IP addresses for guests, enable a DHCP server for the guest network. Go to the page. NETWORK > DHCP Server In the section, enable the DHCP server. DHCP Server In the section, configure the DHCP subnet. Ensure that you specify the following set[...]

  • Page 88

    Related Articles How to Configure Wi-Fi How to Configure the DHCP Server How to Manage Guest Tickets - User's Guide In this article: Before You Begin Step 1. Set up the Guest Network Interface On a Wi-Fi Interface On a Wired Interface Step 2. Enable the DHCP Server for Guest Network Step 3. Set Up the Ticket Administrators Step 4. Set Up the G[...]

  • Page 89

    1. 2. 3. 4. 1. a. b. c. 2. 1. 2. 3. 4. 5. To automatically assign IP addresses for guests, enable a DHCP server for the guest network. Go to the page. NETWORK > DHCP Server In the section, enable the DHCP server. DHCP Server In the section, configure the DHCP subnet. Ensure that you specify the following settings: Add DHCP Server Subnet Beginnin[...]

  • Page 90

    Step 6. (Optional) Configure the Login Page On the page, you can configure the page that is displayed to guests when they log into the network. USERS > Guest Access In the section, edit the and upload a . The image cannot be larger than 1 MB and Login Page Options Welcome Message Welcome Image must be in JPG, GIF, or PNG format. The suggested im[...]

  • Page 91

    1. 2. 3. 4. 5. 1. 2. In this article: Before You Begin Create a Ticket Delete a Guest Ticket Print Ticket Information for Guests Before You Begin Get the following information from the Barracuda Firewall administrator: The IP address of the ticketing web interface (e.g., ) 192.168.223.1 The username and password for the ticket administrator (Wi-Fi [...]

  • Page 92

    Print Ticket Information for Guests To give guests their username and password for accessing the network, you can print their ticket information. The printed information also specifies when the ticket expires. To print the information for a guest ticket, click the printer symbol next to it. If your guests are accessing a Wi-Fi network, you must als[...]

  • Page 93

    In this Section Client-to-Site VPN Site-to-Site VPN SSL VPN for the Barracuda Firewall How to Allow VPN Access via a Dynamic WAN IP Address Client-to-Site VPN To let remote users access corporate information resources, you can set up a client-to-site VPN. For various VPN client platforms, Barracuda Firewall provides client-to-site IPsec, PPTP, and [...]

  • Page 94

    Mac OS X IPsec PPTP SSL VPN Barracuda VPN Client Native OS X PPTP client Third-party IPsec clients Linux IPsec PPTP SSL VPN (browser only) Barracuda VPN Client Native Linux PPTP client Third-party IPsec clients Apple iOS IPsec PPTP Built-in VPN client iOS Android IPsec (Android Version > 4.0) PPTP (Android Version > 2.2) Built-in Android VPN [...]

  • Page 95

    1. 2. 3. 1. 2. In this article: Step 1. Identify the User Authentication Mechanism Step 2. Configure the Barracuda Firewall VPN Server and Firewall Rule Static WAN IP Address Dynamic WAN IP Address Step 3. Configure the VPN Server Certificates Create a Self-Signed Certificate on the Barracuda Firewall Import External Certificates Certificates for C[...]

  • Page 96

    2. 3. 1. 2. 3. 1. 2. 3. 4. 5. In the section, click . Certificate Generation Create Certificate In the window, fill in the certificate details and then click . Create Certificate Create Import External Certificates If you created the certificate with an external CA, verify that you have the following files: Certificate authority certificate in PEM [...]

  • Page 97

    1. 2. 1. 2. 3. 1. 2. Authentication The username is case-insensitive, but the password is case-sensitive. If the client cannot connect because of authentication problems, verify that you entered the correct password. How to Configure a Client-to-Site VPN with PPTP Using VPNs, mobile workers can securely access corporate information and resources. T[...]

  • Page 98

    2. 3. 1. 2. 3. 1. 2. specify a static IP address for the user. Click . Save Changes MS-CHAPv2/NTLM With , you can allow access on a per-user or per-group basis. MS-CHAPv2/NTLM Go to the page. VPN > PPTP In the section, add the users and groups who are allowed to connect to the User and Group Conditions (MS-CHAPv2/NTLM) client-to-site VPN. Click [...]

  • Page 99

    Certificate Requirements Step 1. Create the Required Certificates Example iOS Certificate Settings Root Certificate Server Certificate Client Certificate Step 2. Import Certificates into the Barracuda Firewall Step 3. Add the VPN Connection on the iOS Device Next Step Certificate Requirements Because certificate-based authentication is required, yo[...]

  • Page 100

    1. 2. 3. 4. 1. 2. 3. Server Certificate Tab Setting Value Status Signature Algorithm sha1WithRSAEncryption Subject RFC 2253 emailAddress=support@barracuda.com,O U=docu,O=Barracuda Network AG,L=Innsbruck,ST=Tyrol,C=AT Hash cc0460b5 Issuer RFC 2253 emailAddress=support@barracuda.com,O U=documentation,O=Barracuda Networks,L=Innsbruck,ST=Tirol,C=AT Has[...]

  • Page 101

    1. 2. 3. 4. 5. 6. 7. Next Step If you are configuring a client-to-site VPN with IPsec, see . How to Configure a Client-to-Site VPN with IPsec How to Configure TheGreenBow VPN Client For client-to-site VPN connections with the Barracuda NG Firewall and the Barracuda Firewall, you can use TheGreenBow VPN client for Windows. Follow the steps in this a[...]

  • Page 102

    7. 1. 2. 3. 4. 5. 6. 1. Step 2. Configure Phase 2 To configure Phase 2: In the left menu, right-click the entry (that you might have renamed to e.g. ) and select . Gateway Phase 1 New Phase 2 If you want to rename the entry that was created as a child of the entry, right-click it and select . For example, Tunnel Gateway Rename you can rename it as [...]

  • Page 103

    1. You can now initiate a connection by navigating to . For more information, see TheGreenBow's help system. Tools > Connection Panel Troubleshooting Client-to-Site VPNs If your client-to-site VPN is not working as expected, try the solutions that are provided in this article for the following scenarios: You Receive a Timeout Error on the C[...]

  • Page 104

    1. 2. 3. 4. 5. Configuring Site-to-Site VPNs For instructions on setting up site-to-site VPNs, see the following articles: How to Configure a Site-to-Site VPN with IPsec Example - Configuring a Site-to-Site IPsec VPN Tunnel Troubleshooting Site-to-Site VPNs How to Configure a Site-to-Site VPN with IPsec The Barracuda Firewall can establish IPsec VP[...]

  • Page 105

    1. 2. 1. 2. 3. The VPN server that runs on the Barracuda Firewall must listen on the appropriate IP address for its peer. Depending on whether the Barracuda Firewall is connected to the Internet through an ISP that statically or dynamically assigns the WAN IP address, complete the steps in the following or section. Static WAN IP Address Dynamic WAN[...]

  • Page 106

    1. 2. 3. 4. 5. 6. IP Addresses Location 1 Location 2 Local Networks 10.10.10.0/24 10.10.20.0/24 Local Address 212.86.0.253 213.47.0.253 Tunnel Settings Location 1 Location 2 Tunnel initiation Active Passive Encryption Phase 1 & 2 AES256 Hash Method Phase 1 & 2 MD5 DH Group Phase 1 & 2 Group 1 Lifetime Phase 1 28800 Lifetime Phase 2 3600[...]

  • Page 107

    6. 7. 8. 1. 2. 3. 4. 5. 6. 7. Remote Address Enter . 213.47.0.253 The WAN IP address of location 2. Remote Networks Enter . /24 10.10.20.0 The . remote LAN Specify these authentication settings: Setting Value Authentication Select . Shared Passphrase Passphrase Enter the shared secret. Click . Add Step 2. Create the IPsec Tunnel on the Barracuda Fi[...]

  • Page 108

    7. 8. 1. 2. 3. 4. 5. Authentication Select . Shared Passphrase Passphrase Enter the shared secret. Click . Add Step 3. Configure the Firewall Rule for VPN Traffic To allow network traffic between both networks, create a firewall rule. You must create the same rule on both Barracuda Firewalls. This example configures a firewall rule to allow traffic[...]

  • Page 109

    From a client in the local network, ping a host in the remote network. If no host is available, try to ping the management IP address of the remote Barracuda Firewall. If that does not succeed, go to the page on the remote Barracuda Firewall NETWORK > IP Configuration and ensure that is enabled for the management IP address. Services to Allow: P[...]

  • Page 110

    1. 2. 3. 1. 2. 3. 1. 2. In this article: Step 1. Enable the SSL VPN Static IP Address Secondary IP Address Dynamic Network Interface Step 2. Configure User Authentication Step 3. Configure the SSL VPN Portal Step 4. Upload a Certificate Step 5. Enable the SSL VPN Client Next Steps Step 1. Enable the SSL VPN When you enable the SSL VPN portal, deter[...]

  • Page 111

    2. 3. a. b. 4. 1. 2. 3. Action : Select Redirect to Service. Source : Click on and select from the list. Network Object Internet Destination : Select the network object representing your incoming internet connection. Redirected To : Select . SSL VPN To enable access to the SSL VPN portal via a hostname instead of only via the IP address (because th[...]

  • Page 112

    3. 1. 2. 3. Step 4. Upload a Certificate It is recommended that you install a CA-trusted root certificate on the Barracuda Firewall, so that web browsers trust the SSL VPN portal and do not issue a warning to end users when they access the portal. If a certificate is not installed, the SSL VPN portal page delivers the default self-signed certificat[...]

  • Page 113

    1. 2. 3. 1. 2. 3. 1. 2. 3. 1. 2. 3. the SSL VPN portal. In this article: Configure Outlook Web Access / Outlook Web App Add an Application Add a WebDAV Share Add an Intranet Resource Configure Outlook Web Access / Outlook Web App To give your end users direct access to the corporate email resources, configure an Outlook Web Access / Outlook Web App[...]

  • Page 114

    1. 2. 3. a. b. Related Articles How to Configure a Client-to-Site VPN with PPTP How to Configure a Site-to-Site VPN with IPsec How to Configure a Client-to-Site VPN with IPsec Step 1. Configure VPN Access via a Dynamic WAN IP Address To allow VPN access via a dynamic WAN IP address: On the page, in the section, verify that is set to . VPN > Site[...]

  • Page 115

    1. 2. 3. Barracuda offers two cloud services to centrally manage multiple Barracuda Firewalls and offload processor-intensive tasks: Barracuda Cloud Control Barracuda Web Security Service Barracuda Cloud Control Barracuda Cloud Control is a comprehensive cloud-based service that lets you monitor and configure multiple Barracuda products from a sing[...]

  • Page 116

    3. 1. 2. 3. a. b. 4. a. b. c. 5. 6. 1. 2. To configure the Barracuda Web Security Service on the Barracuda Firewall: On the page, select NETWORK > Proxy Use Barracuda Web Security Service if connected (recommended) . To i , select the check box. nclude the user and domain name if available Include User Information For local users, this informati[...]

  • Page 117

    In this Section Monitoring Active and Recent Connections Viewing Logs Troubleshooting How to Configure Log Streaming Monitoring Active and Recent Connections To monitor network sessions or connections, view the following pages from the tab: BASIC Active Connections – Lists all of the open and established sessions on the appliance. Recent Connecti[...]

  • Page 118

    To see if there is still incoming or outgoing traffic for a specific session, click Refresh and then look at its Last or Co unt value. Sometimes, you might need to view ARP-Update traffic to troubleshoot in more detail. To display ARP-Update info, select the chec Include ARPs k box. To delete the whole history, click . Flush Entries Status Code Ove[...]

  • Page 119

    IFWD-RET TCP Packet Forwarding Inbound Either source or destination are re transmitting packets. The connection might be dysfunctional. IFWD-FFIN-RCV TCP Packet Forwarding Inbound The session source sent a FIN datagram indicating to terminate the session. IFWD-RLACK TCP Packet Forwarding Inbound The session destination answered the FIN packet with [...]

  • Page 120

    IPXY-DST-CLO TCP Stream Forwarding Inbound The socket to the destination is closed or is in the closing process. IPXY-SD-CLO TCP Stream Forwarding Inbound The source and the destination socket are closed or in the closing process IPXY-TERM TCP Stream Forwarding Inbound The session is terminated and will shortly be removed from the session list. UDP[...]

  • Page 121

    LOC-SYN-SND Local TCP Traffic A Local-Out TCP session is initiated by sending a SYN packet. LOC-SYN-RCV Local TCP Traffic A Local-In TCP session is initiated by receiving a SYN packet. LOC-FIN-WAIT1 Local TCP Traffic An established local TCP session started the close process by sending a FIN packet. LOC-FIN-WAIT2 Local TCP Traffic A local TCP sessi[...]

  • Page 122

    VPN Log The VPN Log displays information for all client-to-site and site-to-site VPN tunnels. Use this log to investigate why VPN tunnels and PPTP connections are disconnecting or not being established. To see the messages for specific VPN connections, you can also filter the log by IP addresses. Service Log The Service Log lists specific errors an[...]

  • Page 123

    ERR_READ_TIMEOUT The remote site or network is unreachable; it may be down. ERR_LIFETIME_EXP The remote site or network may be too slow or down. ERR_NO_CLIENTS_BIG_OBJ All clients went away before transmission completed and the object is too big to cache. ERR_READ_ERROR The remote site or network may be down. ERR_CLIENT_ABORT Client dropped connect[...]

  • Page 124

    1. 2. 3. . Connection to Barracuda Support Center Rebooting the System in Recovery Mode If your Barracuda Firewall experiences a serious issue that impacts its core functionality, you can use diagnostic and recovery tools that are available from the to return your system to an operational state. reboot menu Before you use the diagnostic and recover[...]

  • Page 125

    1. 2. 3. 4. 5. Replacing a Failed System Before you replace your Barracuda Firewall, use the tools provided on the page to try to resolve the problem, or ADVANCED > Troubleshooting call . Barracuda Networks Technical Support Barracuda Instant Replacement Service If you purchased the Instant Replacement service and the Barracuda Firewall fails, y[...]

  • Page 126

    1. 2. 3. 1. 2. 3. 4. 5. 6. 1. 2. How to Save Configuration Backups How to Update the Firmware on Your Barracuda Firewall How to Restore the Barracuda Firewall with a Saved Configuration Backup How to Recover the Barracuda Firewall How to Save Configuration Backups Barracuda Networks recommends that you regularly back up the latest working configura[...]

  • Page 127

    1. 2. 3. 4. 5. Applying the update might take several minutes to complete. The Barracuda Firewall automatically reboots after the update is applied. How to Restore the Barracuda Firewall with a Saved Configuration Backup To back up and restore the configuration of your Barracuda Firewall, go to the page. You can restore your Barracuda ADVANCED >[...]

  • Page 128

    5. 6. 7. (5) EXIT Select a recovery option: If you want to retain all of your data and settings during the repair, enter to select the option. 1 Barracuda Repair (no data loss) If you want to restore the Barracuda Firewall with the default factory settings, enter to select the 2 Full Barracuda Recovery (all option. With this option, you will lose a[...]

  • Page 129

    Technical Specifications of the Barracuda Firewall Security Features Central Management Security Options Support Options Firewall Stateful packet forwarding Intrusion Prevention System (IPS) Application enforcement (including subtypes) Denial of Service (DOS) / Distributed DoS (DDoS) protection NAT (src,dst,nets), NAPT, PAT Object-oriented rule set[...]

  • Page 130

    Wi-Fi (802.11n) access point Up to three wireless networks Click-through Wi-Fi Portal webpage for guest access User/pass webpage for Wi-Fi guest access VPN Unlimited Site-to-Site VPN Unlimited Client-to-Site VPN SSL VPN VPNC certified (basic interop) IPsec, PPTP Supports AES-128/256, 3DES, DES, Null ciphers IPsec VPN clients for Windows, Mac, Linux[...]

  • Page 131

    Firewall Yes Yes Yes Yes Yes IPsec VPN (client-to-site) Yes Yes Yes Yes Yes IPsec VPN (site-to-site) Yes Yes Yes Yes Yes SSL VPN No Yes Yes Yes Yes Application control Yes Yes Yes Yes Yes Intrusion prevention (IPS) Yes Yes Yes Yes Yes DHCP server Yes Yes Yes Yes Yes DNS cache Yes Yes Yes Yes Yes DNS server (authoritative) Yes Yes Yes Yes Yes SIP pr[...]

  • Page 132

    1. 2. Notice for the USA Compliance Information Statement (Declaration of Conformity Procedure) DoC FCC Part 15: This device complies with part 15 of the FCC Rules. Operation is subject to the following conditions: This device may not cause harmful interference, and This device must accept any interference received including interference that may c[...]

  • Page 133

    Barracuda Networks may change the availability of limited warranties, at its discretion, but any changes will not be retroactive. IN NO EVENT SHALL BARRACUDA NETWORKS LIABILITY EXCEED THE PRICE PAID FOR THE PRODUCT FROM DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF THE PRODUCT, ITS ACCOMPANYING SOFTWARE, [...]

  • Page 134

    i. ii. iii. BARRACUDA FOR ANY PATENTS OR OTHER INTELLECTUAL PROPERTY RIGHTS UTILIZED IN THE BARRACUDA SOFTWARE WHICH YOU EITHER OWN OR CONTROL. 7. Limitation of Liability. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT SHALL BARRACUDA BE LIABLE FOR PERSONAL INJURY OR ANY INCIDENTAL SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING[...]

  • Page 135

    CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LESSEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE ENERGIZE UPDATE SOFTWARE WHICH IS BEING UPGRADED; AND (3) USE OF ADDITIONAL COPIES IS LIMITED TO BACKUP PURPOSES ONLY. Energize Update Changes. Barracuda Networks reserves the right at any time not to release or to discontinue release of any Ener[...]

  • Page 136

    DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. General Terms Applicable to the Energize Update Software License Disclaimer of Liabilities. IN NO EVENT WILL BARRAC[...]

  • Page 137

    with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Pr[...]

  • Page 138

    compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Progra[...]

  • Page 139

    If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively[...]

  • Page 140

    documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS MAKING USE OF THIS LICENSE OR ITS CONT[...]

  • Page 141

    the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2[...]

  • Page 142

    END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate c[...]