Barracuda IM Firewall Administrator's Guide
Barracuda IM Firewall Administrator’s Guide
Version 3.0
Barracuda Networks Inc.
3175 S. Winchester Blvd
Campbell, CA 95008
http://www.barracuda.com
Copyright Notice
Copyright 2007, Barracuda Networks
www.barracuda.com
v3.0-061212-02-0614
All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice.
Trademarks
Barracuda IM Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered
trademarks or trademarks of their respective holders.
2 Barracuda IM Firewall Administrator’s Guide
Contents
Chapter 1 – Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 7
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Logging and Reporting Features . . . . . . . . . . . . . . . . . . . . . . . . . 8
Policy Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Public IM Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Energize Updates Minimize Administration and Maximize Protection . . . . . . 8
Deploying the Barracuda IM Firewall . . . . . . . . . . . . . . . . . . . . . . . . . 9
Standard Inline Network Configuration . . . . . . . . . . . . . . . . . . . . . . 9
Server Only Configuration 11
SPAN Port/Network Tap Configuration . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2 – Installation and Configuration . . . . . . . . . . 13
Network Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
External DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Enterprise class Layer 3 Switch, VLANs, VPN concentrators . . . . . . . 14
Firewall DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Mounting and Cabling Considerations . . . . . . . . . . . . . . . . . . . 15
Installing and Configuring the Barracuda IM Firewall. . . . . . . . . . . . . . . . 16
Step 1. Verify You Have the Necessary Equipment . . . . . . . . . . . . 16
Step 2. Install the Barracuda IM Firewall . . . . . . . . . . . . . . . . . . 16
Step 3. Configure the Barracuda IM Firewall IP Address and Network Settings 17
Step 4. Configure Your Corporate Firewall . . . . . . . . . . . . . . . . . 18
Step 5. Configure the Barracuda IM Firewall . . . . . . . . . . . . . . . . 18
Step 6. Update the Barracuda IM Firewall Firmware . . . . . . . . . . . . 19
Step 7. Verify Your Subscription Status . . . . . . . . . . . . . . . . . . 20
Step 8. Update the Virus Definitions . . . . . . . . . . . . . . . . . . . . 22
Step 9. Set the Current IM Client Version . . . . . . . . . . . . . . . . . 22
Step 10. Test your Barracuda IM Firewall . . . . . . . . . . . . . . . . . 22
Chapter 3 – Managing User Accounts . . . . . . . . . . . . . . 25
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Creating User Accounts Manually . . . . . . . . . . . . . . . . . . . . . . . . . 26
Importing User Accounts from an External Directory Server . . . . . . . . . . . . 27
Customizing the User Rollout Message . . . . . . . . . . . . . . . . . . . . . . 29
Viewing and Modifying Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Changing the Role of an Account . . . . . . . . . . . . . . . . . . . . . . . . 30
Creating Rosters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Roster Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
iii
Chapter 4 – Configuring, Monitoring, and Managing the
Barracuda IM Firewall . . . . . . . . . . . . . . . 35
Configuring the Barracuda IM Firewall . . . . . . . . . . . . . . . . . . . . . . . 36
Configuring System IP Information . . . . . . . . . . . . . . . . . . . . . . . 36
Controlling Access to the Administration Interface . . . . . . . . . . . . . . . 36
Customizing the Appearance of the Administration Interface . . . . . . . . . . 36
Changing the Language of the Administration Interface . . . . . . . . . . . . 36
Setting the Time Zone of the System . . . . . . . . . . . . . . . . . . . . . . 37
Enabling and Disabling Virus Protection . . . . . . . . . . . . . . . . . . . . 37
Enabling SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Defining Policies for your IM Environment . . . . . . . . . . . . . . . . . . . . . 40
Controlling Public IM Access . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Controlling File Transfer Access . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring the Default Settings of the Barracuda IM Client . . . . . . . . . . 40
Adding a Disclaimer to Instant Messages . . . . . . . . . . . . . . . . . . . . 41
Setting the Current Client Version. . . . . . . . . . . . . . . . . . . . . . . . 41
Setting up Keyword Notification . . . . . . . . . . . . . . . . . . . . . . . . . 41
Creating Server Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Monitoring the Barracuda IM Firewall. . . . . . . . . . . . . . . . . . . . . . . . 43
Viewing Performance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 43
Automating the Delivery of System Alerts and Notifications . . . . . . . . . . 43
Viewing System Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Using a Syslog Tool to Monitor IM and Web Syslogs . . . . . . . . . . . . . . 44
Managing the Barracuda IM Firewall . . . . . . . . . . . . . . . . . . . . . . . . 45
Backing up and Restoring System Configuration . . . . . . . . . . . . . . . . 45
Updating the Firmware of your Barracuda IM Firewall . . . . . . . . . . . . . 45
Updating the Virus Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . 46
Replacing a Failed System . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Resetting and Shutting Down the System. . . . . . . . . . . . . . . . . . . . 46
Using the Built-in Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . 47
Rebooting the System in Recovery Mode. . . . . . . . . . . . . . . . . . . . 47
Reboot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Chapter 5 – Logging and Reporting . . . . . . . . . . . . . . . . 49
Viewing the Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Viewing Message Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Viewing To Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Viewing From Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Viewing the Conference Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Viewing Conference Message Details. . . . . . . . . . . . . . . . . . . . . . 53
Viewing From Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Viewing the File Transfer Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Viewing File Name Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Viewing From Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Viewing To Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Viewing the Presence Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Viewing User Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Automating the Delivery of Daily Reports. . . . . . . . . . . . . . . . . . . . . . 61
Generating User Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
iv Barracuda IM Firewall Administrator’s Guide
Appendix A – About the Barracuda IM Firewall Hardware 63
Front Panel of the Barracuda IM Firewall. . . . . . . . . . . . . . . . . . . . . . 64
Barracuda IM Firewall 220, 320, and 420 . . . . . . . . . . . . . . . . . . . . 64
Barracuda IM Firewall 620 65
Back Panel of the Barracuda IM Firewall . . . . . . . . . . . . . . . . . . . . . . 66
Barracuda IM Firewall 220, 320, and 420 . . . . . . . . . . . . . . . . . . . . 66
Barracuda IM Firewall 620 67
Hardware Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Notice for the USA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Notice for Canada . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Notice for Europe (CE Mark) . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Appendix B – Regular Expressions . . . . . . . . . . . . . . . . 69
Using Special Characters in Expressions . . . . . . . . . . . . . . . . . . . . 70
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Appendix C – Limited Warranty and License 73
Limited Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Exclusive Remedy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Exclusions and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Software License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Energize Update Software License . . . . . . . . . . . . . . . . . . . . . . . 75
Open Source Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
v
vi Barracuda IM Firewall Administrator’s Guide
Chapter 1
Introduction
This chapter provides an overview of the Barracuda IM Firewall and includes the following topics:
• Overview on page 8
• Deploying the Barracuda IM Firewall on page 9
Introduction 7
Overview
Logging and Reporting Features
The Barracuda IM Firewall is an internal IM server that performs the following functions:
• Records all incoming and outgoing instant messages and file transfers
• Encrypts messages sent between Barracuda IM clients
• Scans instant messages and file transfers for viruses
• Provides the ability to log or block communication from public IM services like MSN, ICQ,
AIM, and Yahoo.
• Provides content filters that block messages or remove key words, phrases, and regular
expressions within IM conversations.
The Barracuda IM Firewall keeps a record of all the instant messages sent on your network and also
displays the sender and receiver of each message. You can also view conference logs, file transfer logs
that retain a copy of all transferred files, and a presence log that shows the status of each user.
The Barracuda IM Firewall can also email daily reports about the IM activity on your network and
create reports that show IM activity for a specific user.
Policy Features
The Barracuda IM Firewall provides a variety of policy features that help you customize your IM
environment. For example, you can use policies to:
• Prevent users from transferring files in their IM sessions
• Set the default behavior of the Barracuda IM client.
• Show a custom disclaimer every time a new IM session begins.
• Configure the Barracuda IM Firewall to notify you every time specific keywords are used in an
IM session.
• Block keywords from being used in IM sessions
Public IM Access Control
You can configure your Barracuda IM Firewall to prevent users from doing the following:
• Using public IM clients like Yahoo Messenger
• Sending instant messages to people outside your network
Energize Updates Minimize Administration and Maximize Protection
To provide you with maximum protection against the latest viruses, Barracuda Networks maintains
Barracuda Central, a powerful operations center. From this center, engineers monitor the Internet for
viruses and automatically deploy updates and definitions via Barracuda Energize Updates.
By spotting viruses early on, the team at Barracuda Central can quickly develop new and improved
blocking techniques that are quickly made available to your Barracuda IM Firewall.
8 Barracuda IM Firewall Administrator’s Guide
Deploying the Barracuda IM Firewall
The Barracuda IM Firewall can be deployed in a variety of ways depending on your network
environment and the Barracuda IM Firewall features that you want to implement. The main
deployment types include:
• Standard inline deployment (recommended)
• Server-only deployment
• SPAN port deployment
Standard Inline Network Configuration
The Standard Inline Network Configuration deployment requires that the Barracuda IM Firewall be
installed between your corporate firewall and your network’s core switch or hub. Your core switch or
hub is the device through which all network traffic must pass before leaving your network. This
configuration allows the Barracuda IM Firewall to log or block all IM traffic on your network no
matter whether it comes from AIM, Yahoo Messenger, MSN or the Barracuda IM Client.
The following table shows the advantages and disadvantages of this type of deployment.
Advantages Disadvantages
Allows logging of public IM clients like AOL,
Yahoo, and MSN instant messengers.
Allows blocking of public IM clients like AOL,
Yahoo, and MSN instant messengers.
Allows use of the IM server without using an
additional network port.
Can provide both IM server and gateway
functionality.
If more users are on your network than the Barracuda IM
Firewall is designed for, latency may occur.
Network traffic is interrupted during installation.
Introduction 9
Figure 1.1 illustrates a basic installation using the standard inline network configuration
Figure 1.1: Standard Inline Network Configuration
Internet
Firewall
WAN
Barracuda IM Firewall
LAN
Client
10 Barracuda IM Firewall Administrator’s Guide
Server Only Configuration
For a server only deployment, the Barracuda IM Firewall is installed in a demilitarized zone (DMZ)
with your email server, and your client machines are connected directly through the corporate
firewall.
The following table describes the advantages and disadvantages of deploying your Barracuda IM
Firewall in server only deployment.
Advantages Disadvantages
Initial setup does not require any disruption to
your network traffic.
The Barracuda IM Firewall can sit in your
DMZ with other servers.
Cannot log or monitor public IM clients like AOL, Yahoo,
and MSN instant messengers.
SPAN Port/Network Tap Configuration
For the SPAN port or network tap deployment, you connect the Barracuda IM Firewall to a SPAN
port on your core router or switch that connects to all your client machines. The placement of your
corporate firewall and its functionality may have an impact on the Barracuda IM Firewall
deployment. A network tap can also be used in between your core router or switch and the Barracuda
IM Firewall. Some configurations may require technical assistance from Barracuda Technical
Support.
In this deployment, the Barracuda IM Firewall detects all messages and can block all public IM
clients.
We recommend deploying the Barracuda IM Firewall in this mode if public IM network blocking is
not required, but you must log public clients.
The following table describes the advantages and disadvantages of deploying your Barracuda IM
Firewall in SPAN port or network tap deployment.
Advantages Disadvantages
Allows logging of public IM clients like AOL,
Yahoo, and MSN instant messengers.
Can provide both IM server and gateway
functionality
Cannot block use of public IM clients like AOL, Yahoo,
and MSN instant messengers.
Network traffic is interrupted during installation (network
tap configuration only).
Introduction 11
12 Barracuda IM Firewall Administrator’s Guide
Chapter 2
Installation and Configuration
This chapter provides general instructions for installing the Barracuda IM Firewall.
This chapter covers the following topics:
Network Considerations..................................................................... 14
Installing and Configuring the Barracuda IM Firewall.................... 16
Installation and Configuration 13
Network Considerations
The Barracuda IM Firewall can be deployed as a bridge, as a stand-alone server, on a network tap, or
inline with your other network devices. These pre-installation considerations may help you
understand some of the issues that may occur.
Firewalls
The Barracuda IM Firewall can manage and log all instant messages, provided that all instant
messaging traffic is sent through the Barracuda IM Firewall. Because the Barracuda IM Firewall
allows you to choose who is allowed to use public instant messaging services, and logs the
communications that go through those services, it is advantageous to ensure that users are only using
the Barracuda IM client and server for their communications.
Note
The easiest way to do this is to install the Barracuda IM Firewall inline and use the
Access
specifically designed to bypass conventional firewall policies. To block public IM traffic, we strongly
recommend that you use a tool designed for this purpose, such as the Barracuda IM Firewall or the
Barracuda Web Filter.
If you cannot install the Barracuda IM Firewall inline, your existing corporate firewall may be able
to block the public IM traffic. Check with your corporate firewall vendor for configuration
recommendations.
An alternative to blocking public IM traffic is to install the Barracuda IM Firewall in a location where
it can record all public IM traffic, and then use the recorded messages to enforce your company’s
security protocol.
It is important to allow the IP address of the Barracuda IM Firewall access to the outgoing ports
or none of the public service transports will function. Refer to Table 2.1 for a list of the ports used
by each public IM client.
page to block users from using public IM clients like Yahoo Messenger. Public IM clients are
Policy > Public IM
Routers
Make sure the default gateway is properly set to reach the Internet. Also, if you are testing the
Barracuda IM Firewall in one portion of your network and move to another portion of the network for
deployment, make sure that you check the default gateway and make changes as necessary.
External DNS
If your clients will connect to the Barracuda IM Firewall using an IP address, no external DNS
configuration is required. However, if you plan to have Barracuda IM clients running outside your
network that need to resolve addresses using your internal DNS name, you will need to ensure that
your external DNS is configured.
Enterprise class Layer 3 Switch, VLANs, VPN concentrators
These device types are normally capable of handling multiple subnets and providing default routes to
clients. However, they may affect the Barracuda IM Firewall deployment in the following ways:
• A Layer 3 switch can also be setup to have multiple VLANs (Virtual Local Networks) using
port assignments. There is no side effect by having VLAN tags in the traffic that is visible to the
14 Barracuda IM Firewall Administrator’s Guide
Barracuda IM Firewall. However, when the Barracuda IM Firewall is set up to a single subnet, it
needs to have routes to process requests for other subnets.
• A standard solution is to add static routes to these foreign subnets. All Layer 3 switch subnets
should use its IP address as the gateway. In the case of a VPN concentrator, use the IP of the
concentrator as the default gateway for all the networks aggregated by that VPN concentrator.
Firewall DMZ
A demilitarized zone (DMZ) is an area where any servers that access the Internet are placed. Servers
inside this zone may be configured to access certain servers within an internal network with their own
security rules set up. Normally these servers need to be accessible from the Internet such as email
servers.
Mounting and Cabling Considerations
To install the Barracuda IM Firewall you need to:
• Mount it on a rack or shelf
• Cable it to other network devices
The Barracuda IM Firewall is designed to be installed in a data center with other networking devices
and servers. Its dimensions are suitable for a 19-inch rack. You must position it within cabling
distance of any switches or other devices that access the network segments that you want to protect.
The appliance can be mounted facing either direction in your rack, so consider which side will have
access to the ports. Under normal operation, only the front ports are in use. However, when deployed
in listen-only mode, the front ports are used to log native IM client traffic, and the back port is used
for management
You may need access to both the front and back panel during and after installation.
Installation and Configuration 15
Installing and Configuring the Barracuda IM Firewall
These are the general steps to set up your Barracuda IM Firewall. For more detailed instructions for
each step, see the following reference pages.
Step 1. Verify You Have the Necessary Equipment on page 16
Step 2. Install the Barracuda IM Firewall on page 16
Step 3. Configure the Barracuda IM Firewall IP Address and Network Settings on page 17
Step 4. Configure Your Corporate Firewall on page 18
Step 5. Configure the Barracuda IM Firewall on page 18
Step 6. Update the Barracuda IM Firewall Firmware on page 19
Step 7. Verify Your Subscription Status on page 20
Step 8. Update the Virus Definitions on page 22
Step 9. Set the Current IM Client Version on page 22
Step 10. Test your Barracuda IM Firewall on page 22
Step 1. Verify You Have the Necessary Equipment
Caution
Before installing your Barracuda IM Firewall, make sure you have the following equipment:
• Barracuda IM Firewall (check that you have received the correct model)
• AC power cord
• Ethernet cables
• Mounting rails and screws (available for models 620 and 820 only)
• VGA monitor with cable (recommended)
• PS2 keyboard with cable (recommended)
Step 2. Install the Barracuda IM Firewall
This section describes how to physically install your Barracuda IM Firewall. There are only four
cables you need to plug into the system: the AC Power cable, the monitor cable, the keyboard cable,
and two CAT-5 cables for inline, span, and network tap setups. Only one CAT-5 cable is provided
with your Barracuda IM Firewall.
To physically install the Barracuda IM Firewall:
1. Fasten the Barracuda IM Firewall to a standard 19-inch rack or other stable location.
Do not block the cooling vents located on the front and rear of the unit.
2. Attach the power cord. Connect the (provided) AC power cord to the correct location on the rear
of your Barracuda IM Firewall.
After you connect the AC power cord, the Barracuda IM Firewall may power on for a few
seconds and then power off. This behavior is normal.
16 Barracuda IM Firewall Administrator’s Guide
Connect the Barracuda IM Firewall to your network. Attach one end of the CAT-5 network
3.
cable to the LAN port on the front panel of the Barracuda IM Firewall. Attach the other end of
the network cable to your network.
Figure 2.1: Front panel of the Barracuda IM Firewall
Barracuda IM Firewall
Barracuda Spyware Firewall
Network Switch
The Barracuda IM Firewall supports 10BaseT, 100BaseT, and Gigabit Ethernet (higher end
models only).
Do not connect any other cables to the unit at this time.
4. Connect your monitor cable and keyboard cable to the back panel of the Barracuda IM Firewall.
5. Press the Power button located on the front of the unit.
The power light on the front of the Barracuda IM Firewall turns on.
The login prompt for the administrative console displays on the monitor.
Step 3. Configure the Barracuda IM Firewall IP Address and Network Settings
The Barracuda IM Firewall is assigned a default IP address of 192.168.200.200. You can change the
address using the administrative console or by pressing and holding the Reset button on the front
panel.
Holding Reset for five seconds changes the default IP address to 192.168.200.200. Holding the button
for eight seconds changes the default IP address to 192.168.1.200. Holding the button for 12 seconds
changes the IP address to 10.1.1.200.
Installation and Configuration 17
To set a new IP address from the administrative console:
1. At the barracuda login prompt, enter admin for the login and admin for the password.
The Administrative Console displays the current IP configuration of the Barracuda IM Firewall.
2. Using your Tab key, select Change and click Enter to change the IP configuration.
3. Enter the new IP address, netmask, primary DNS, and default gateway for your Barracuda IM
Firewall. Select
Save to enter your changes. The secondary DNS field is optional. Select Exit.
The new IP address and network settings are applied to your Barracuda IM Firewall.
Step 4. Configure Your Corporate Firewall
If your Barracuda IM Firewall is located behind a corporate firewall, refer to Table 2.1 for the ports
that need to be opened on your corporate firewall to allow communication between the Barracuda IM
Firewall and remote servers.
Table 2.1: Ports to Open on Your Corporate Firewall
Port Direction Protocol Description
22 Out TCP Remote diagnostics and technical
support services
25 Out TCP Rollout and notification emails
53 Out UDP DNS (Domain Name Server)
80 Out TCP Virus and firmware updates
123 In/Out UDP NTP (Network Time Protocol)
5190 In/Out
1863 & 443 In/Out
5050
4000
53
In/Out
In/Out
In/Out
AOL® Instant Messenger™ (AIM)
MSN ® Messenger
Yahoo!® Messenger
ICQ ®
Name Server Lookup (necessary for
all services)
In addition to the ports listed above, you may have to configure your corporate firewall to allow the
Barracuda IM Firewall to email system alerts and reports. Some organizations create firewall rules
that only allow emails to be sent from the IP address of their email server. In this case, you should
configure your corporate firewall to allow emails to be sent from the Barracuda IM Firewall as well.
If your Barracuda IM Firewall is located in a DMZ, you may need to configure your corporate firewall
to allow the Barracuda IM Firewall to send notifications to your internal email server.
Step 5. Configure the Barracuda IM Firewall
After specifying the IP address of the Barracuda IM Firewall and opening the necessary ports on your
corporate firewall, configure the Barracuda IM Firewall from the administration interface. Make sure
the client’s computer is connected to the same network as the Barracuda IM Firewall and that the
appropriate routing is in place to allow connection to the Barracuda IM Firewall’s IP address via a
Web browser.
18 Barracuda IM Firewall Administrator’s Guide
Note
To configure the Barracuda IM Firewall:
1. From a Web browser, enter the IP address of the Barracuda IM Firewall followed by port 8000.
For example:
2. To log into the administration interface, enter admin for the username and admin for the
http://192.168.200.200:8000.
password.
3. Select Basic > IP Configuration, and perform the following steps:
3a. Enter the IP address of your primary and secondary DNS servers (if these have not yet
been set up).
3b. (Optional) Configure any static routes.
3c. Click Save Changes.
If the IP address of your Barracuda IM Firewall on the IP Configuration page is changed, you are
disconnected from the administration interface. Please log in again using the new IP address.
4. Select Basic > Administration, and perform the following steps:
4a. Make sure the local time zone is set correctly.
Time on the Barracuda IM Firewall is automatically updated via NTP (Network Time
Protocol). It requires that port 123 is opened for inbound and outbound UDP (User
Datagram Protocol) traffic on your firewall (if the Barracuda IM Firewall is located
behind one).
It is important that the time zone is set correctly because this information is used to
determine the delivery times for messages and is displayed in certain mail reading
programs.
4b. If necessary, change the port number used to access the Barracuda IM Firewall
administration interface. The default port is 80.
4c. Enter the amount of time for the session expiration length (in minutes) of your
administration interface session.
At expiration, you are required to log back into the administration interface.
4d. Enter the email address for the Barracuda IM Firewall administrator. This email address
is included in the rollout emails so users know who to contact if they have questions
about their new IM client.
4e. Click Save Changes.
5. Change the password for the admin account:
5a. Select Users > Account View
5b. Under the Administrator Actions column, click the Password link for the Admin
account to change the password.
Step 6. Update the Barracuda IM Firewall Firmware
To update the firmware on the Barracuda IM Firewall:
1. Select Advanced > Firmware Update.
2. Read the release notes to learn about the latest features and fixes provided in the new firmware
version.
3. Click Download Now next to Latest General Release. Click OK on the download duration
window.
Installation and Configuration 19
Updating the firmware may take several minutes. Do not turn off the unit during this process.
Download Now is disabled if the Barracuda IM Firewall is already up-to-date with the latest
firmware version.
The Barracuda IM Firewall begins downloading the latest firmware version. During download,
you can view the status by clicking
Refresh, or via the Task Manager. A message displays once
the download is complete.
4. Click Apply Now when the download completes.
5. Click OK when prompted to reboot the Barracuda IM Firewall.
A Status page pops up to display the time left for the reboot process to complete. Once the
reboot is complete, the login page appears.
Step 7. Verify Your Subscription Status
Once you install the Barracuda IM Firewall, your Energize Update and Instant Replacement
subscriptions are most likely active. However, it is important you verify the subscription status so
your Barracuda IM Firewall can continue to receive the latest virus updates from Barracuda Central.
The Energize Update service is responsible for downloading these virus definitions to your
Barracuda IM Firewall.
To check your subscription status:
1. Select Basic > Status.
2. From the Subscription Status section, verify that the word Current appears next to Energize
Updates
and Instant Replacement Service (if purchased).
20 Barracuda IM Firewall Administrator’s Guide
Figure 2.2 shows the location of the Subscription Status section.
Figure 2.2: Subscription Status
Verify your subscriptions are current
3. If your subscription is not current, perform the following steps:
3a. Click the Activate link as shown in Figure 2.3. The product activation displays in a
new browser window.
Figure 2.3: Location of the Activate Link
3b. On the Product Activation page, fill in the required fields and click Activate. A
confirmation page opens to display the terms of your subscription.
3c. After a few minutes, from the Barracuda IM Firewall administration interface, click
Refresh in the Subscription Status section of the Basic > Status page. The status of
your subscriptions displays as Current.
Click to activate your
subscription
Note
If your subscription status does not change to Current, or if you have trouble filling out the Product
Activation
page, call your Barracuda Networks sales representative.
Installation and Configuration 21
Step 8. Update the Virus Definitions
To update the virus definitions:
1. Select Advanced > Energize Updates.
2. Check to see if the current version is the same as the latest version available for virus definitions.
If it is, bypass this step. If it is not, go to the next step.
3. Click Update next to the Latest General Release.
4. Select Hourly or Daily for Update Frequency. The recommended setting is Hourly.
5. Click Save Changes.
Step 9. Set the Current IM Client Version
To ensure you are rolling out the latest IM client version:
1. Select Advanced > Set Current Client.
2. Select the IM client version that you want your organization to use for each operating system.
The users in your organization will be able to download this client version from their welcome
email. All users that are added to the system automatically receive a welcome email. For more
information on adding user accounts, refer to Chapter 3 Managing User Accounts.
3. Click Save Changes.
Note
Step 10. Test your Barracuda IM Firewall
To test your Barracuda IM Firewall you will need to send an instant message from the Barracuda IM
client to make sure the Barracuda IM Firewall is able to log the message.
If your Barracuda IM Firewall is configured for Standard or Listen-only mode, you should also make
sure your Barracuda system is able to log messages from third-party IM clients (like AIM or Yahoo),
as described in step 3 below.
To test your Barracuda IM Firewall:
1. Create two user accounts by performing the following steps:
1a. Select Domains > Add Domains. A domain is required to add users.
1b. Select Users > User Add/Update to create a new user.
1c. Enter your e-mail address. Your username is created as your e-mail address.
1d. Click Save Changes. A Rollout Email is sent to this address that contains a link to
download the Barracuda IM client.
1e. Repeat the steps to create an account for another user.
You can add multiple users simultaneously by entering email addresses one per line. All users will
received a unique Rollout Email.
2. Download the Barracuda IM Firewall client by performing the following steps:
2a. Click the link in the Rollout Email to download the Barracuda IM client.
2b. Download the client associated with your operating system.
The Barracuda IM Client is available for a number of operating systems. The client
download page makes it easy to find the appropriate client for your operating system.
22 Barracuda IM Firewall Administrator’s Guide
You will see two tables at the top of the page that will indicate the appropriate client to
use with your platform.
2c. When you have successfully downloaded the appropriate client for your system, follow
the Client Installation Instructions in the Rollout Email.
2d. Send an instant message to the other Barracuda IM Firewall user that you created in
Step 1.
2e. From the Barracuda IM Firewall Web GUI, select Logging/Reporting > Message Log
and ensure that your instant message has been logged.
3. Connect to the Barracuda IM server using an AIM, Yahoo, ICQ, or MSN IM client:
3a. Open the AIM, Yahoo, ICQ, or MSN IM client.
3b. Login with your credentials and send an instant message to another user on that service.
3c. From the Barracuda IM Firewall Web GUI, select Logging/Reporting > Message Log
and ensure that your instant message has been logged.
If your messages do not appear in the log, go back through the installation and configuration
steps described earlier in this chapter to make sure your Barracuda IM Firewall has been
installed correctly.
For further details on the Barracuda IM Client, see the Barracuda IM Client End User’s Guide.
Installation and Configuration 23
24 Barracuda IM Firewall Administrator’s Guide
Chapter 3
Managing User Accounts
This chapter explains how to manage user accounts on your Barracuda IM Firewall. This chapter
covers the following topics:
Overview ............................................................................................ 26
Creating User Accounts Manually..................................................... 26
Importing User Accounts from an External Directory Server........... 27
Customizing the User Rollout Message ............................................. 29
Viewing and Modifying Accounts ...................................................... 30
Creating Rosters ................................................................................ 32
Managing User Accounts 25
Overview
Each user that you want to chat securely over your network needs to have an account on the
Barracuda IM Firewall.
You can use either of the following methods to add user accounts to your Barracuda system:
• Create accounts manually, as described on page 26.
• Import accounts from your external directory server, as described on page 27.
In some cases, you may need to manually create accounts as well as import them from LDAP. For
example, if your organization’s regular employees have LDAP accounts but your contractors or
consultants do not, then you may need to manually create accounts for contractors if you want them
to chat securely with your internal employees using the Barracuda IM client.
Creating User Accounts Manually
When you create an account manually, the Barracuda IM Firewall:
• Generates a unique password for the account.
• Emails a rollout message to the new account. This message contains the user’s login and
password information, provides a link to the Barracuda IM client installation, and describes how
to download the Barracuda IM client.
Before you create a user account, perform the following tasks:
• If desired, customize the rollout message as described in Customizing the User Rollout Message
on page 29. The Barracuda IM Firewall automatically sends a rollout message to new user
accounts so you need to modify this message before you create accounts on the system.
• View the default settings for the Barracuda IM Client and make any desired changes.
The default settings are located on the Policy > Default Client Configuration page, and the online
help describes each setting in detail. You should make any necessary changes before users start
downloading the IM client from their rollout email.
To manually create a user account:
1. Add one or more domains to the Barracuda IM Firewall by performing the following steps:
1a. Select the Domains tab.
1b. Enter the name of the domain in the provided field, and click Add Domain.
1c. Add more domains as necessary.
You must add at least one domain before you can create a user account.
2. Select Users > User Add/Update.
3. From the drop-down menu in the upper-right corner of the page, select the domain that you want
the new user to reside in.
4. Enter the email address (one per line) for each user account you want to create.
If you enter an email address for an account that already exists, the Barracuda IM Firewall
generates a new password for the account and sends a new rollout message to the user.
5. Click Save Changes. The Barracuda IM Firewall emails a unique rollout message to each new
account.
6. To change this account to an admin or domain admin account, see Changing the Role of an
Account on page 30. By default, all new accounts are automatically assigned the role of user.
26 Barracuda IM Firewall Administrator’s Guide
Loading...