User`s guide
1.
2.
3.
4.
You can either register your domain name with an independent entity or configure the Barracuda Firewall as the authoritative DNS resolver for the
domain name. To learn more about authoritative DNS on the Barracuda Firewall, see .How to Configure Authoritative DNS
Outbound Link Balancing
To achieve outbound link load balancing, create a connection object that balances the traffic among multiple links. Then use this connection
object in the firewall rules that direct outgoing traffic.
The connection object specifies what happens if multiple links are configured. Options include:
If one interface becomes unavailable, then the traffic fails over to the next available link in the sequence.
Use a set of interfaces in weighted-round robin fashion. You can specify the weights for each interface in the connection object.
Randomly choose one of a list of interfaces.
For more information about configuring connection objects, see .Example - Creating Connection Objects for Failover and Link Balancing
Inbound Load Balancing
To configure inbound load balancing (for example, where traffic is distributed to one of many servers), you can create a DNAT firewall rule that
redirects traffic that was sent to a specific IP address to a load balancer.
Intrusion Prevention System or IPS
, the Intrusion Prevention System (IPS) actively scansTo report and instantly block suspicious network traffic from passing the Barracuda Firewall
forwarded network traffic for malicious activities and known attack patterns. The IPS engine analyzes network traffic and continuously compares
the bitstream with its internal signature database for known attack patterns. To increase security, the IPS system offers TCP stream reassembly
to prevent IP datagram fragmentation before packets are scanned for vulnerabilities. The IPS engine can also inspect HTML requests passing the
firewall.
IPS must be globally enabled on a Barracuda Firewall. However, you can enable or disable IPS for each firewall rule. Enabling IPS on a per-rule
basis lets you select which network traffic is scanned for threats. For example, you can choose to enable IPS scanning only for network traffic that
travels from and to the DMZ. When IPS is enabled in a firewall rule, the default IPS policy of Report Mode or Enforce Mode is used. In Report
Mode, the Barracuda Firewall reports detected attacks instead of immediately blocking network traffic. This mode is recommended after the initial
deployment of IPS to prevent traffic from being incorrectly blocked. However, you can prevent false positives when the IPS engine operates in
Enforce Mode by creating IPS exceptions.
In this article:
Enable and Configure IPS
Step 1. Enable IPS
Step 2. Adjust the Event Policy
Step 3. Configure IPS in Firewall Rules
Configure IPS Exceptions
Enable and Configure IPS
To enable and configure IPS, complete the following steps:
Step 1. Enable IPS
To enable IPS on the Barracuda Firewall:
Go to the page.FIREWALL > Intrusion Prevention
In the section, set to .Intrusion Prevention Enable Intrusion Prevention System Yes
Configure the and settings.Enable Default IPS Policy
Click .Save Changes
Step 2. Adjust the Event Policy
On the page, , define the actions to be taken when the IPS engine detectsFIREWALL > Intrusion Prevention in the sectionEvent Policy
suspicious network traffic with the following threat levels: , , , , and . When the Barracuda Firewall operatesCritical High Medium Low Information
in , you can only adjust the settings. When the firewall operates in , you can also modify the for eachReport Mode Log Enforce Mode Action
severity.