User`s guide
1.
2.
Verify Firewall Rule Order
Verify the order of the firewall rule(s) that you created. New rules are created at the bottom of the firewall rule set. Because rules are processed
from top to bottom in the rule set, arrange your rules in the correct order. You must especially ensure that your rules are placed above
the BLOCKALL rule; otherwise, the rules are blocked. After adjusting the order of rules in the rule set, click .Save Changes
Outgoing Traffic
Outgoing SMTP traffic (for outgoing email) must also be allowed to pass. Depending on the location of your mail server, this traffic might already
be allowed by the pre-installed LAN-2-INTERNET rule. If it is not, or if you want to make an explicit rule anyway, you must add a rule.
Configure the firewall rules the case that matches your scenario. If you have multiple public IP addresses, follow the instructions in for Case 2 -
to ensure that the traffic on the same IP address that the public MX record points to. If you do not haveMultiple Public IP Addresses leaves
multiple IP addresses, follow the instructions in . After configuring the required firewall rule, verify yourCase 1 - Mail Server Not on Trusted LAN
firewall rule order.
Case 1 – Mail Server Not on Trusted LAN
Go to the page and configure the following rule to allow outgoing SMTP traffic:FIREWALL > Firewall Rules
SMTP-2-INTERNET Values:
Action Source Destination Service (select relevant
ones)
Connection
Allow
The internal IP address of
the mail server
Internet SMTP Default (SNAT)
Case 2 – Multiple Public IP Addresses
If you have multiple external IP addresses and want to force outbound SMTP traffic to use a specific IP address :
Go to the FIREWALL > Connection Objects page and create a connection object that specifies the IP
address that is in the MX record.
Go to the FIREWALL > Firewall Rules page and add the following rule to direct the outgoing mail traffic:
SMTP-2-INTERNET Values:
Action Source Destination Service Connection
Allow
The internal IP address of
the mail server
Internet SMTP
A connection object with
the IP address used for
email.
Verify Firewall Rule Order
Move the firewall rule above the pre-installed LAN-2-INTERNET rule. If this rule is under the LAN-2-INTERNET rule,
traffic goes out on the primary IP address, which might not be the correct path. After adjusting the order of rules in
the rule set, click Save Changes .
Example - Allowing SIP-based VoIP Traffic
For SIP-based VoIP traffic, create a forwarding firewall rule that redirects traffic to the internal SIP proxy of the Barracuda Firewall. The SIP proxy
dynamically opens all necessary RTP ports for successful SIP communication through the Barracuda Firewall. You must also create a separate
firewall rule to allow traffic from the Internet to the SIP proxy.
This article provides an example of how to configure firewall rules for VoIP phones that use the same network subnet as the internal SIP server.
The VoIP phones and SIP server are located in the the 192.168.200.0/24 network.