Manualshelf

User`s guide

ManualsBrandsBarracuda Networks ManualsNetworkingFirewall X100
41424344454647484950
1.
2.
3.
4.
1.
2.
3.
To configure the bridge:
Go to the page.NETWORK > Bridging
Click .Add Bridged Group
Enter a name for the bridge and add the interfaces to be bridged.
Commit this change.
Step 2. Create a Firewall Rule for the Bridge
To create the firewall rule:
Go to page.FIREWALL > Firewall Rules
Create a firewall rule to allow the traffic between the bridged networks. For example, if you are bridging servers with external IP
addresses with the ISP gateway, create a rule that only allows traffic on port 443 and port 80 to pass.
Verify the order of the firewall rules. Because rules are processed from top to bottom in the rule set, ensure that you arrange your rules in
the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, the rules are blocked.
After adjusting the order of rules in the rule set, click .Save Changes
Port p1—Port p3 Bridge
To aid you in evaluation and initial setup, the Barracuda Firewall has a pre-installed bridge between ports p1 and p3. You can see the bridge on
the page. The firewall rule that allows all traffic to pass between ports P1 and P3 is called P1-P3-BRIDGE. That rule hasNETWORK > Bridging
the following settings:
Action Source Destination Service Bi-directional Interface Group Connection
Allow Port-p1 Port-p3 Any Yes Matching
(matches all
interfaces)
No SNAT
(original source
IP address is
used)
How to Configure a DMZ
In some cases, you might want to redirect network traffic from the Internet to a network host residing in a network segment protected by the
Barracuda Firewall. For example, you have a web server hosting a website that is reachable through the Internet. For additional security, you can
put the web server in the DMZ segment to logically separate hosts in the DMZ from other hosts in different network segments.
With a DMZ configuration, you have full control over network traffic from the Internet to the web server, as well as traffic from other network
segments to the web server. This configuration might be necessary if hosts from other network segments must access the same web server.
If your web server listens on TCP port 8080 instead of 80 and you do not want to change the listening socket of your web server, you can use the
Port Address Translation (PAT) feature of the DNAT rule to modify the destination port of IP packets passing the Barracuda Firewall. In the Redir
field of the rule settings, append the port to be translated to the IP address field (e.g., ).ect To 172.16.10.1:8080
In this article:
Step 1. Configure the Interface