Barracuda SSL VPN Quick Start Guide

The Barracuda SSL VPN is a secure remote access appliance that allows you to access your internal network resources such as files, intranet Web sites and client/server applications using just a standard Web browser. It is common for the Barracuda SSL VPN to be installed directly inside your LAN or in a more advanced DMZ configuratio n.
This guide provides you with setup instructions for the Barracuda SSL VPN. We recommend reading these instructions fully before starting the setup. To begi n setting up your Barracuda SSL VPN, you will need the following:
Barracuda SSL VPN
AC Power Cord
Ethernet Cables
VGA Monitor (recommended)
PS2 Keyboard (recommended)
Physical Installation
To install the Barracuda SSL VPN:
1. Fasten the Barracuda SSL VPN to a 19-inch rack or place it in a stable location.
2. Connect an Ethernet Cable from your network switch to the Ethernet port on the back of the Barracuda SSL VPN.
3. Connect a Standard VGA Monitor, PS2 Keyboard, and AC power cord to the Barracuda. Note: Immediately after connecting an AC Power Cord to the Barracuda, it may power ON for a few seconds and then power OFF. This is because the Barracuda is designed to automatically return to a powered ON state in the event of a power outage.
4. Press the POWER button on the front panel to turn the Barracuda on.
Configure IP Address and Network Settings
If you have a monitor connected, the Barracuda SSL VPN will display the Boot Menu initially, and the Administrative Console login prompt once fully booted. To begin the configuration:
1. Login to the Administrative Console using the admin login:
Login: admin
Password: admin
Barracuda SSL VPN - Quick Start Guide
2. Configure the IP Address, Subnet Mask, Default Gateway, Primary DNS Server and Secondary DNS Server as appropriate for your network.
3. Save your changes.
If you do not have a monitor and keyboard and want to set the IP using the RESET button on the front panel, press and hold the RESET button per the following table:
IP address Press and hold RESET for
192.168.200.200 5 seconds
192.168.1.200 8 seconds
10.1.1.200 12 seconds
Opening Firewall Ports
If your Barracuda SSL VPN is located behind a corporate firewall, ensure that the following ports on your firewall are open to ensure proper operation.
25 Out Yes No Email alerts + One-time passwords 53 Out Yes Yes Domain Name Service (DNS) 80 Out Yes No Virus, firmware and updates 123 Out No Yes Network Time Protocol (NTP) 443 In/Out Yes No HTTPS/SSL port for SSL VPN access 8000 In/Out Yes No Appliance administrator interface port (HTTP) 8443 In/Out Yes No Appliance administrator interface port (HTTPS)
Port Direction TCP UDP Usage
Note: The Appliance Administrator interface ports on 8000/8443 should only be opened if you intend to manage the appliance from the Internet.
Barracuda SSL VPN Configuration
Use a computer with a Web browser that is connected to the same network as the Barracuda and follow these steps:
1. In your Web browser’s address bar, enter http:// followed by the Barracuda’s IP address, followed by the default Appliance Administrator Web interface HTTP port (:8000). For example, if you configured the Barracuda with an IP address of 192.168.200.200, you would type: http://192.168.200.200:8000
2. Log in to the Appliance Administrator Web interface as the administrator, Use
Username: admin
Password: admin
3. Go to the Basic
Æ IP Configuration page and perform the following:
Verify that the IP Address, Subnet Mask, and Default Gateway are correct.
Verify that the Primary and Secondary DNS Server are correct.
Verify that the Proxy Server Configuration settings are correct, if you
are using a proxy server on your network.
4. Click any one of the Save Changes buttons to save all of the information.
SSL VPN
Update the Firmware Go to Advanced
ÆFirmware Update. If there is a new Latest General
Release available, perform the following steps to update the system firmware:
1. Click on the Download Now button located next to the firmware version that you wish to install. To view download progress, click on the Refresh button. When the download is complete, the Refresh button will be replaced by an Apply Now button.
2. Click on the Apply Now button to install the firmware. This will take a few minutes to complete. To avoid damaging the Barracuda, do not manually power OFF the system during an update or download.
3. After applying the firmware, the Barracuda SSL VPN will automatically reboot, and displays the login page when the system has come back up.
4. Log back into the Appliance Administrator Web interface again and read th e Release Notes to learn about enhancements and new features. It is also good practice to verify settings you may have already entered, as new features may have been included with the firmware update.
Change the Administrator Password
To avoid unauthorized use, we recommend you change the default Appliance Administrator Web interface password to a more secure password. You can only change the password for the Appliance Administrator Web interface. You cannot change the password for the Administrative Console, but this is only accessible via the keyboard which you can disconnect at any time.
1. Go to Basic
ÆAdministration and enter your old and new passwords.
2. Click on Save Password.
Product Activation
Verify that the Energize Updates feature is activated on your Barracuda by going
to the Basic
ÆStatus page.
1. Under Subscription Status, make sure the Energize Updates subscription is Current. If the Energize Updates is Not Activated, click the corresponding activation link to go to the Barracuda Networks Product Activation page and complete activation of your subscriptions.
2. Reboot your Barracuda SSL VPN.
Route Incoming SSL Connections to the Barracuda SSL VPN
To take advantage of the features of the Barracuda SSL VPN, you must route
HTTPS incoming connections on port 443 to the Barracuda. This is typic ally achieved by configuring your corporate firewall to port forward SSL connections directly to the Barracuda SSL VPN:
Note: The Appliance Administrator Web interface ports on 8000/8443 will also need similar port forward configurations if you intend to manage the appliance from outside the corporate network.
Contact and Copyright Information
Barracuda Networks, Inc. 3175 S. Winchester Blvd, Campbell, CA 95008 USA phone: 408.342.5400 fax: 408.342.1061 www.barr a cuda.c om Copyright 2004-2008© Barracuda Networks, Inc. All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice. Barracuda SSL VPN is a trademark of Barracuda Networks, Inc. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders. 10v1-081007-02-1009
Barracuda SSL VPN - Quick Start Guide
Verify Incoming Connections to the Barracuda SSL VPN
Once you have configured your corporate firewall to route SSL through to the Barracuda SSL VPN, you should be able to accept incoming SSL connections.
1. To test the connection, use a Web browser from the Internet (not inside the LAN) to establish an SSL connection to the external IP address of your corporate firewall. For example, if your firewall’s external IP address is
192.168.1.1, connect your browser to: https://192.168.1.1
2. You should be prompted to accept an un-trusted SSL certificate, which will cause a warning message to appear in your browser. Accept the warning and proceed to load the page.
3. You should be prompted with the login page for the SSL VPN User Interface. Log in with the credentials for the VPN administrator:
Login: ssladmin
Password: ssladmin
4. You should now be successfully logged in as the VPN administrator, and taken directly to the SSL VPN Management Interface. From here you can set up accounts and other resources for users of the Barracuda SSL VPN.
Post Setup Configuration Items
Your Barracuda SSL VPN should now be configured at a basic level to accept incoming connections from the Internet. Refer to your product documentation as necessary for more details regarding the following additional steps:
Register a hostname with your DNS server for the Barracuda SSL VPN
e.g. sslvpn.company.dom
Install an SSL certificate on the Barracuda SSL VPN for this hostname,
to ensure your users are able to determine that they are connecting to a genuine Barracuda SSL VPN that is registered to your organization.
Integrate the Barracuda SSL VPN with your existing user database. To
cleanly integrate with your environment, the Barracuda can read in user accounts and authenticate against a number of different databases, including Microsoft Active Directory.
Grant access to resources to your SSL VPN users. See the
documentation for more information on the usage of the policy based access control framework.
If your network uses a DMZ you may wish to configure the Barracuda
SSL VPN in this topology for greater security.
For additional documentation including an Administrator’s Guide, visit
http://www.barracuda.com/documentation
.
SSL VPN
Loading...