User`s guide
Description – An additional description field for the firewall rule.
Action – Specifies how the Barracuda Firewall handles network traffic that matches the criteria of the rule. The following table gives you
a detailed overview of each available action:
Action Description
Allow
The Barracuda Firewall passes all network traffic that matches
the firewall rule.
Block
The Barracuda Firewall ignores all network traffic that matches
the firewall rule and does not answer to any packet from this
particular network session.
Reset
The Barracuda Firewall dismisses all network traffic that matches
the firewall rule. Matching network sessions are terminated by
replying for TCP requests, foTCP-RST ICMP Port Unreachable
r UDP requests, and for other IPICMP Denied by Filter
protocols.
DNAT
The Barracuda Firewall rewrites the destination IP address,
network or port to a predefined network address.
Redirect to Service
The Barracuda Firewall redirects the traffic locally to one of the
following services that are running on the Barracuda Firewall:
Caching DNS, SIP Proxy, HTTP Proxy, VPN, or NTP.
– Defines the egress interface and source (NAT) IP address for traffic matching the firewall rule.Connection
If a source IP address is specified, the appropriate link is selected from the routing table. If an interface is
specified, the appropriate source IP address is selected from the routing table. You can also create
connection objects, as described in How to Create a Connection Object . For example, multiple source IP
addresses and interfaces can be specified in the same connection object. This allows failover or
session-based balancing between up to four links. Balancing can be achieved using either a round robin or
weighted random algorithm. The following table lists the predefined connection objects:
Predefined Connection Object Description
Default (SNAT)
Change the source IP address of network packets to the IP
address of the interface with the lowest metric according to the
routing table.
No SNAT
Connection is established using the original source IP address.
Use if simple routing with NAT is desired.
SNAT with DSL IP
Source NAT with the IP address of the DSL uplink.
SNAT with 3G IP
Source NAT with the IP address of the 3G uplink.
SNAT with DHCP IP
Source NAT with the IP address of the DHCP uplink.
Service – Describes the protocol and protocol/port range of the matching traffic. You can define one or more services for the firewall
rule. You can select a predefined service object or create your own service objects on the page.FIREWALL > Service Objects
Source – The source IP address/netmask of the connection that is affected by the rule. You can select a network object or explicitly enter
a specific IP address/netmask. You can create network objects on the page. FIREWALL > Network Objects
Destination – The destination IP address/netmask of the connection that is affected by the rule. You can select a network object or
explicitly enter a specific IP address/netmask.
Applications/Bandwidth
You can also configure bandwidth and application policies.
Bandwidth policies protect the available overall bandwidth of an ISP uplink line. Network traffic can be classified and throttled within each
firewall rule. To adjust the overall bandwidth of each network interface, go to the page. There are eightNETWORK > IP Configuration
predefined bandwidth policies. For additional information, see .How to Configure Bandwidth Policies or QoS