• No results found

Barracuda IM Firewall Administrator s Guide

N/A
N/A
Protected

Academic year: 2021

Share "Barracuda IM Firewall Administrator s Guide"

Copied!
86
0
0

Loading.... (view fulltext now)

Full text

(1)

Barracuda Networks Inc. 3175 S. Winchester Blvd Campbell, CA 95008 http://www.barracuda.com

B a r r a c u d a I M F i r e w a l l A d m i n i s t r a t o r ’ s G u i d e

(2)

Copyright Notice

Copyright 2007, Barracuda Networks www.barracuda.com

v3.0-061212-02-0614

All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice. Trademarks

Barracuda IM Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders.

(3)

iii

Contents

Chapter 1 – Introduction . . . 7

Overview . . . . 8

Logging and Reporting Features . . . . 8

Policy Features . . . . 8

Public IM Access Control . . . . 8

Energize Updates Minimize Administration and Maximize Protection . . . . 8

Deploying the Barracuda IM Firewall . . . . 9

Standard Inline Network Configuration . . . . 9

Server Only Configuration 11 SPAN Port/Network Tap Configuration . . . 11

Chapter 2 – Installation and Configuration . . . 13

Network Considerations . . . 14

Firewalls . . . 14

Routers . . . 14

External DNS . . . 14

Enterprise class Layer 3 Switch, VLANs, VPN concentrators . . . 14

Firewall DMZ . . . 15

Mounting and Cabling Considerations . . . 15

Installing and Configuring the Barracuda IM Firewall. . . 16

Step 1. Verify You Have the Necessary Equipment . . . 16

Step 2. Install the Barracuda IM Firewall . . . 16

Step 3. Configure the Barracuda IM Firewall IP Address and Network Settings 17 Step 4. Configure Your Corporate Firewall . . . 18

Step 5. Configure the Barracuda IM Firewall . . . 18

Step 6. Update the Barracuda IM Firewall Firmware . . . 19

Step 7. Verify Your Subscription Status . . . 20

Step 8. Update the Virus Definitions . . . 22

Step 9. Set the Current IM Client Version . . . 22

Step 10. Test your Barracuda IM Firewall . . . 22

Chapter 3 – Managing User Accounts . . . 25

Overview . . . 26

Creating User Accounts Manually . . . 26

Importing User Accounts from an External Directory Server . . . 27

Customizing the User Rollout Message . . . 29

Viewing and Modifying Accounts . . . 30

Changing the Role of an Account . . . 30

Creating Rosters . . . 32

(4)

Chapter 4 – Configuring, Monitoring, and Managing the

Barracuda IM Firewall . . . 35

Configuring the Barracuda IM Firewall . . . 36

Configuring System IP Information . . . 36

Controlling Access to the Administration Interface . . . 36

Customizing the Appearance of the Administration Interface . . . 36

Changing the Language of the Administration Interface . . . 36

Setting the Time Zone of the System . . . 37

Enabling and Disabling Virus Protection . . . 37

Enabling SSL . . . 37

Defining Policies for your IM Environment . . . 40

Controlling Public IM Access . . . 40

Controlling File Transfer Access . . . 40

Configuring the Default Settings of the Barracuda IM Client . . . 40

Adding a Disclaimer to Instant Messages . . . 41

Setting the Current Client Version. . . 41

Setting up Keyword Notification . . . 41

Creating Server Filters . . . 42

Monitoring the Barracuda IM Firewall. . . 43

Viewing Performance Statistics . . . 43

Automating the Delivery of System Alerts and Notifications . . . 43

Viewing System Tasks . . . 43

Using a Syslog Tool to Monitor IM and Web Syslogs . . . 44

Managing the Barracuda IM Firewall . . . 45

Backing up and Restoring System Configuration . . . 45

Updating the Firmware of your Barracuda IM Firewall . . . 45

Updating the Virus Definitions. . . 46

Replacing a Failed System . . . 46

Resetting and Shutting Down the System. . . 46

Using the Built-in Troubleshooting Tools . . . 47

Rebooting the System in Recovery Mode. . . 47

Reboot Options . . . 48

Chapter 5 – Logging and Reporting . . . 49

Viewing the Message Log . . . 50

Viewing Message Details . . . 50

Viewing To Details . . . 51

Viewing From Details . . . 52

Viewing the Conference Log . . . 53

Viewing Conference Message Details. . . 53

Viewing From Details . . . 54

Viewing the File Transfer Logs . . . 56

Viewing File Name Details . . . 56

Viewing From Details . . . 57

Viewing To Details . . . 58

Viewing the Presence Log . . . 59

Viewing User Details . . . 60

Automating the Delivery of Daily Reports. . . 61

(5)

v

Appendix A – About the Barracuda IM Firewall Hardware 63

Front Panel of the Barracuda IM Firewall. . . 64

Barracuda IM Firewall 220, 320, and 420 . . . 64

Barracuda IM Firewall 620 65 Back Panel of the Barracuda IM Firewall . . . 66

Barracuda IM Firewall 220, 320, and 420 . . . 66

Barracuda IM Firewall 620 67 Hardware Compliance . . . 68

Notice for the USA . . . 68

Notice for Canada . . . 68

Notice for Europe (CE Mark) . . . 68

Appendix B – Regular Expressions . . . 69

Using Special Characters in Expressions . . . 70

Examples . . . 70

Appendix C – Limited Warranty and License

73

Limited Warranty . . . 73

Exclusive Remedy. . . 73

Exclusions and Restrictions . . . 74

Software License . . . 74

Energize Update Software License . . . 75

Open Source Licensing . . . 79

(6)
(7)

Introduction 7

Chapter 1

Introduction

This chapter provides an overview of the Barracuda IM Firewall and includes the following topics: • Overview on page 8

(8)

Overview

The Barracuda IM Firewall is an internal IM server that performs the following functions: • Records all incoming and outgoing instant messages and file transfers

• Encrypts messages sent between Barracuda IM clients • Scans instant messages and file transfers for viruses

• Provides the ability to log or block communication from public IM services like MSN, ICQ, AIM, and Yahoo.

• Provides content filters that block messages or remove key words, phrases, and regular expressions within IM conversations.

Logging and Reporting Features

The Barracuda IM Firewall keeps a record of all the instant messages sent on your network and also displays the sender and receiver of each message. You can also view conference logs, file transfer logs that retain a copy of all transferred files, and a presence log that shows the status of each user. The Barracuda IM Firewall can also email daily reports about the IM activity on your network and create reports that show IM activity for a specific user.

Policy Features

The Barracuda IM Firewall provides a variety of policy features that help you customize your IM environment. For example, you can use policies to:

• Prevent users from transferring files in their IM sessions • Set the default behavior of the Barracuda IM client.

• Show a custom disclaimer every time a new IM session begins.

• Configure the Barracuda IM Firewall to notify you every time specific keywords are used in an IM session.

• Block keywords from being used in IM sessions

Public IM Access Control

You can configure your Barracuda IM Firewall to prevent users from doing the following: • Using public IM clients like Yahoo Messenger

• Sending instant messages to people outside your network

Energize Updates Minimize Administration and Maximize Protection

To provide you with maximum protection against the latest viruses, Barracuda Networks maintains Barracuda Central, a powerful operations center. From this center, engineers monitor the Internet for viruses and automatically deploy updates and definitions via Barracuda Energize Updates.

By spotting viruses early on, the team at Barracuda Central can quickly develop new and improved blocking techniques that are quickly made available to your Barracuda IM Firewall.

(9)

Introduction 9

Deploying the Barracuda IM Firewall

The Barracuda IM Firewall can be deployed in a variety of ways depending on your network environment and the Barracuda IM Firewall features that you want to implement. The main deployment types include:

• Standard inline deployment (recommended) • Server-only deployment

• SPAN port deployment

Standard Inline Network Configuration

The Standard Inline Network Configuration deployment requires that the Barracuda IM Firewall be installed between your corporate firewall and your network’s core switch or hub. Your core switch or hub is the device through which all network traffic must pass before leaving your network. This configuration allows the Barracuda IM Firewall to log or block all IM traffic on your network no matter whether it comes from AIM, Yahoo Messenger, MSN or the Barracuda IM Client. The following table shows the advantages and disadvantages of this type of deployment.

Advantages Disadvantages

Allows logging of public IM clients like AOL, Yahoo, and MSN instant messengers.

If more users are on your network than the Barracuda IM Firewall is designed for, latency may occur.

Allows blocking of public IM clients like AOL, Yahoo, and MSN instant messengers.

Network traffic is interrupted during installation.

Allows use of the IM server without using an additional network port.

Can provide both IM server and gateway functionality.

(10)

Figure 1.1 illustrates a basic installation using the standard inline network configuration Figure 1.1: Standard Inline Network Configuration

LAN WAN

Client Internet

Barracuda IM Firewall Firewall

(11)

Introduction 11

Server Only Configuration

For a server only deployment, the Barracuda IM Firewall is installed in a demilitarized zone (DMZ) with your email server, and your client machines are connected directly through the corporate firewall.

The following table describes the advantages and disadvantages of deploying your Barracuda IM Firewall in server only deployment.

SPAN Port/Network Tap Configuration

For the SPAN port or network tap deployment, you connect the Barracuda IM Firewall to a SPAN port on your core router or switch that connects to all your client machines. The placement of your corporate firewall and its functionality may have an impact on the Barracuda IM Firewall

deployment. A network tap can also be used in between your core router or switch and the Barracuda IM Firewall. Some configurations may require technical assistance from Barracuda Technical Support.

In this deployment, the Barracuda IM Firewall detects all messages and can block all public IM clients.

We recommend deploying the Barracuda IM Firewall in this mode if public IM network blocking is not required, but you must log public clients.

The following table describes the advantages and disadvantages of deploying your Barracuda IM Firewall in SPAN port or network tap deployment.

Advantages Disadvantages

Initial setup does not require any disruption to your network traffic.

Cannot log or monitor public IM clients like AOL, Yahoo, and MSN instant messengers.

The Barracuda IM Firewall can sit in your DMZ with other servers.

Advantages Disadvantages

Allows logging of public IM clients like AOL, Yahoo, and MSN instant messengers.

Cannot block use of public IM clients like AOL, Yahoo, and MSN instant messengers.

Can provide both IM server and gateway functionality

Network traffic is interrupted during installation (network tap configuration only).

(12)
(13)

Installation and Configuration 13

Chapter 2

Installation and Configuration

This chapter provides general instructions for installing the Barracuda IM Firewall. This chapter covers the following topics:

Network Considerations... 14 Installing and Configuring the Barracuda IM Firewall... 16

(14)

Network Considerations

The Barracuda IM Firewall can be deployed as a bridge, as a stand-alone server, on a network tap, or inline with your other network devices. These pre-installation considerations may help you

understand some of the issues that may occur.

Firewalls

TheBarracuda IM Firewall can manage and log all instant messages, provided that all instant messaging traffic is sent through the Barracuda IM Firewall. Because the Barracuda IM Firewall allows you to choose who is allowed to use public instant messaging services, and logs the

communications that go through those services, it is advantageous to ensure that users are only using the Barracuda IM client and server for their communications.

The easiest way to do this is to install the Barracuda IM Firewall inline and use the Policy > Public IM Access page to block users from using public IM clients like Yahoo Messenger. Public IM clients are specifically designed to bypass conventional firewall policies. To block public IM traffic, we strongly recommend that you use a tool designed for this purpose, such as the Barracuda IM Firewall or the Barracuda Web Filter.

If you cannot install the Barracuda IM Firewall inline, your existing corporate firewall may be able to block the public IM traffic. Check with your corporate firewall vendor for configuration

recommendations.

An alternative to blocking public IM traffic is to install the Barracuda IM Firewall in a location where it can record all public IM traffic, and then use the recorded messages to enforce your company’s security protocol.

Routers

Make sure the default gateway is properly set to reach the Internet. Also, if you are testing the Barracuda IM Firewall in one portion of your network and move to another portion of the network for deployment, make sure that you check the default gateway and make changes as necessary.

External DNS

If your clients will connect to the Barracuda IM Firewall using an IP address, no external DNS configuration is required. However, if you plan to have Barracuda IM clients running outside your network that need to resolve addresses using your internal DNS name, you will need to ensure that your external DNS is configured.

Enterprise class Layer 3 Switch, VLANs, VPN concentrators

These device types are normally capable of handling multiple subnets and providing default routes to clients. However, they may affect the Barracuda IM Firewall deployment in the following ways: • A Layer 3 switch can also be setup to have multiple VLANs (Virtual Local Networks) using

port assignments. There is no side effect by having VLAN tags in the traffic that is visible to the Note It is important to allow the IP address of the Barracuda IM Firewall access to the outgoing ports

or none of the public service transports will function. Refer to Table 2.1 for a list of the ports used by each public IM client.

(15)

Installation and Configuration 15

Barracuda IM Firewall. However, when the Barracuda IM Firewall is set up to a single subnet, it needs to have routes to process requests for other subnets.

• A standard solution is to add static routes to these foreign subnets. All Layer 3 switch subnets should use its IP address as the gateway. In the case of a VPN concentrator, use the IP of the concentrator as the default gateway for all the networks aggregated by that VPN concentrator.

Firewall DMZ

A demilitarized zone (DMZ) is an area where any servers that access the Internet are placed. Servers inside this zone may be configured to access certain servers within an internal network with their own security rules set up. Normally these servers need to be accessible from the Internet such as email servers.

Mounting and Cabling Considerations

To install the Barracuda IM Firewall you need to: • Mount it on a rack or shelf

• Cable it to other network devices

The Barracuda IM Firewall is designed to be installed in a data center with other networking devices and servers. Its dimensions are suitable for a 19-inch rack. You must position it within cabling distance of any switches or other devices that access the network segments that you want to protect. The appliance can be mounted facing either direction in your rack, so consider which side will have access to the ports. Under normal operation, only the front ports are in use. However, when deployed in listen-only mode, the front ports are used to log native IM client traffic, and the back port is used for management

(16)

Installing and Configuring the Barracuda IM Firewall

These are the general steps to set up your Barracuda IM Firewall. For more detailed instructions for each step, see the following reference pages.

Step 1. Verify You Have the Necessary Equipment on page 16 Step 2. Install the Barracuda IM Firewall on page 16

Step 3. Configure the Barracuda IM Firewall IP Address and Network Settings on page 17 Step 4. Configure Your Corporate Firewall on page 18

Step 5. Configure the Barracuda IM Firewall on page 18 Step 6. Update the Barracuda IM Firewall Firmware on page 19 Step 7. Verify Your Subscription Status on page 20

Step 8. Update the Virus Definitions on page 22 Step 9. Set the Current IM Client Version on page 22 Step 10. Test your Barracuda IM Firewall on page 22

Step 1. Verify You Have the Necessary Equipment

Before installing your Barracuda IM Firewall, make sure you have the following equipment: • Barracuda IM Firewall (check that you have received the correct model)

• AC power cord • Ethernet cables

• Mounting rails and screws (available for models 620 and 820 only) • VGA monitor with cable (recommended)

• PS2 keyboard with cable (recommended)

Step 2. Install the Barracuda IM Firewall

This section describes how to physically install your Barracuda IM Firewall. There are only four cables you need to plug into the system: the AC Power cable, the monitor cable, the keyboard cable, and two CAT-5 cables for inline, span, and network tap setups. Only one CAT-5 cable is provided with your Barracuda IM Firewall.

To physically install the Barracuda IM Firewall:

1. Fasten the Barracuda IM Firewall to a standard 19-inch rack or other stable location.

2. Attach the power cord. Connect the (provided) AC power cord to the correct location on the rear of your Barracuda IM Firewall.

After you connect the AC power cord, the Barracuda IM Firewall may power on for a few seconds and then power off. This behavior is normal.

Caution

(17)

Installation and Configuration 17

3. Connect the Barracuda IM Firewall to your network. Attach one end of the CAT-5 network cable to the LAN port on the front panel of the Barracuda IM Firewall. Attach the other end of the network cable to your network.

The Barracuda IM Firewall supports 10BaseT, 100BaseT, and Gigabit Ethernet (higher end models only).

Do not connect any other cables to the unit at this time.

4. Connect your monitor cable and keyboard cable to the back panel of the Barracuda IM Firewall.

5. Press the Power button located on the front of the unit.

The power light on the front of the Barracuda IM Firewall turns on. The login prompt for the administrative console displays on the monitor.

Step 3. Configure the Barracuda IM Firewall IP Address and Network Settings

The Barracuda IM Firewall is assigned a default IP address of 192.168.200.200. You can change the address using the administrative console or by pressing and holding the Reset button on the front panel.

Holding Reset for five seconds changes the default IP address to 192.168.200.200. Holding the button for eight seconds changes the default IP address to 192.168.1.200. Holding the button for 12 seconds changes the IP address to 10.1.1.200.

Figure 2.1: Front panel of the Barracuda IM Firewall

Network Switch Barracuda Spyware FirewallBarracuda IM Firewall

(18)

To set a new IP address from the administrative console:

1. At the barracuda login prompt, enter admin for the login and admin for the password.

The Administrative Console displays the current IP configuration of the Barracuda IM Firewall.

2. Using your Tab key, select Change and clickEnter to change the IP configuration.

3. Enter the new IP address, netmask, primary DNS, and default gateway for your Barracuda IM Firewall. Select Save to enter your changes. The secondary DNS field is optional. Select Exit. The new IP address and network settings are applied to your Barracuda IM Firewall.

Step 4. Configure Your Corporate Firewall

If your Barracuda IM Firewall is located behind a corporate firewall, refer to Table 2.1 for the ports that need to be opened on your corporate firewall to allow communication between the Barracuda IM Firewall and remote servers.

In addition to the ports listed above, you may have to configure your corporate firewall to allow the Barracuda IM Firewall to email system alerts and reports. Some organizations create firewall rules that only allow emails to be sent from the IP address of their email server. In this case, you should configure your corporate firewall to allow emails to be sent from the Barracuda IM Firewall as well. If your Barracuda IM Firewall is located in a DMZ, you may need to configure your corporate firewall to allow the Barracuda IM Firewall to send notifications to your internal email server.

Step 5. Configure the Barracuda IM Firewall

After specifying the IP address of the Barracuda IM Firewall and opening the necessary ports on your corporate firewall, configure the Barracuda IM Firewall from the administration interface. Make sure the client’s computer is connected to the same network as the Barracuda IM Firewall and that the appropriate routing is in place to allow connection to the Barracuda IM Firewall’s IP address via a Web browser.

Table 2.1: Ports to Open on Your Corporate Firewall

Port Direction Protocol Description

22 Out TCP Remote diagnostics and technical support services

25 Out TCP Rollout and notification emails 53 Out UDP DNS (Domain Name Server) 80 Out TCP Virus and firmware updates 123 In/Out UDP NTP (Network Time Protocol)

5190 In/Out AOL® Instant Messenger™ (AIM)

1863 & 443 In/Out MSN ® Messenger

5050 In/Out Yahoo!® Messenger

4000 In/Out ICQ ®

53 In/Out Name Server Lookup (necessary for

(19)

Installation and Configuration 19

To configure the Barracuda IM Firewall:

1. From a Web browser, enter the IP address of the Barracuda IM Firewall followed by port 8000. For example: http://192.168.200.200:8000.

2. To log into the administration interface, enter admin for the username and admin for the password.

3. Select Basic > IP Configuration, and perform the following steps:

3a. Enter the IP address of your primary and secondary DNS servers (if these have not yet been set up).

3b. (Optional) Configure any static routes.

3c. Click Save Changes.

4. Select Basic > Administration, and perform the following steps:

4a. Make sure the local time zone is set correctly.

Time on the Barracuda IM Firewall is automatically updated via NTP (Network Time Protocol). It requires that port 123 is opened for inbound and outbound UDP (User Datagram Protocol) traffic on your firewall (if the Barracuda IM Firewall is located behind one).

It is important that the time zone is set correctly because this information is used to determine the delivery times for messages and is displayed in certain mail reading programs.

4b. If necessary, change the port number used to access the Barracuda IM Firewall administration interface. The default port is 80.

4c. Enter the amount of time for the session expiration length (in minutes) of your administration interface session.

At expiration, you are required to log back into the administration interface.

4d. Enter the email address for the Barracuda IM Firewall administrator. This email address is included in the rollout emails so users know who to contact if they have questions about their new IM client.

4e. Click Save Changes.

5. Change the password for the admin account:

5a. Select Users > Account View

5b. Under the Administrator Actions column, click the Password link for the Admin account to change the password.

Step 6. Update the Barracuda IM Firewall Firmware To update the firmware on the Barracuda IM Firewall: 1. Select Advanced > Firmware Update.

2. Read the release notes to learn about the latest features and fixes provided in the new firmware version.

3. Click Download Now next to Latest General Release. Click OK on the download duration window.

Note

If the IP address of your Barracuda IM Firewall on the IP Configuration page is changed, you are disconnected from the administration interface. Please log in again using the new IP address.

(20)

Updating the firmware may take several minutes. Do not turn off the unit during this process.

Download Now is disabled if the Barracuda IM Firewall is already up-to-date with the latest firmware version.

The Barracuda IM Firewall begins downloading the latest firmware version. During download, you can view the status by clicking Refresh, or via the Task Manager. A message displays once the download is complete.

4. Click Apply Now when the download completes.

5. Click OK when prompted to reboot the Barracuda IM Firewall.

A Status page pops up to display the time left for the reboot process to complete. Once the reboot is complete, the login page appears.

Step 7. Verify Your Subscription Status

Once you install the Barracuda IM Firewall, your Energize Update and Instant Replacement subscriptions are most likely active. However, it is important you verify the subscription status so your Barracuda IM Firewall can continue to receive the latest virus updates from Barracuda Central. The Energize Update service is responsible for downloading these virus definitions to your

Barracuda IM Firewall.

To check your subscription status: 1. Select Basic > Status.

2. From the Subscription Status section, verify that the word Current appears next to Energize Updates and Instant Replacement Service (if purchased).

(21)

Installation and Configuration 21

Figure 2.2 shows the location of the Subscription Status section.

3. If your subscription is not current, perform the following steps:

3a. Click the Activate link as shown in Figure 2.3. The product activation displays in a new browser window.

3b. On the Product Activation page, fill in the required fields and click Activate. A confirmation page opens to display the terms of your subscription.

3c. After a few minutes, from the Barracuda IM Firewall administration interface, click

Refresh in the Subscription Status section of the Basic > Status page. The status of your subscriptions displays as Current.

Figure 2.2: Subscription Status

Figure 2.3: Location of the Activate Link

Note

If your subscription status does not change to Current, or if you have trouble filling out the Product Activation page, call your Barracuda Networks sales representative.

Verify your subscriptions are current

Click to activate your subscription

(22)

Step 8. Update the Virus Definitions To update the virus definitions:

1. Select Advanced > Energize Updates.

2. Check to see if the current version is the same as the latest version available for virus definitions. If it is, bypass this step. If it is not, go to the next step.

3. Click Update next to the Latest General Release.

4. Select Hourly or Daily for Update Frequency. The recommended setting is Hourly.

5. Click Save Changes.

Step 9. Set the Current IM Client Version

To ensure you are rolling out the latest IM client version: 1. Select Advanced > Set Current Client.

2. Select the IM client version that you want your organization to use for each operating system. The users in your organization will be able to download this client version from their welcome email. All users that are added to the system automatically receive a welcome email. For more information on adding user accounts, refer to Chapter 3 Managing User Accounts.

3. Click Save Changes.

Step 10. Test your Barracuda IM Firewall

To test your Barracuda IM Firewall you will need to send an instant message from the Barracuda IM client to make sure the Barracuda IM Firewall is able to log the message.

If your Barracuda IM Firewall is configured for Standard or Listen-only mode, you should also make sure your Barracuda system is able to log messages from third-party IM clients (like AIM or Yahoo), as described in step 3 below.

To test your Barracuda IM Firewall:

1. Create two user accounts by performing the following steps:

1a. Select Domains > Add Domains. A domain is required to add users.

1b. Select Users > User Add/Update to create a new user.

1c. Enter your e-mail address. Your username is created as your e-mail address.

1d. Click Save Changes. A Rollout Email is sent to this address that contains a link to download the Barracuda IM client.

1e. Repeat the steps to create an account for another user.

2. Download the Barracuda IM Firewall client by performing the following steps:

2a. Click the link in the Rollout Email to download the Barracuda IM client.

2b. Download the client associated with your operating system.

The Barracuda IM Client is available for a number of operating systems. The client download page makes it easy to find the appropriate client for your operating system. Note

You can add multiple users simultaneously by entering email addresses one per line. All users will received a unique Rollout Email.

(23)

Installation and Configuration 23

You will see two tables at the top of the page that will indicate the appropriate client to use with your platform.

2c. When you have successfully downloaded the appropriate client for your system, follow the Client Installation Instructions in the Rollout Email.

2d. Send an instant message to the other Barracuda IM Firewall user that you created in Step 1.

2e. From the Barracuda IM Firewall Web GUI, select Logging/Reporting > Message Log

and ensure that your instant message has been logged.

3. Connect to the Barracuda IM server using an AIM, Yahoo, ICQ, or MSN IM client:

3a. Open the AIM, Yahoo, ICQ, or MSN IM client.

3b. Login with your credentials and send an instant message to another user on that service.

3c. From the Barracuda IM Firewall Web GUI, select Logging/Reporting > Message Log

and ensure that your instant message has been logged.

If your messages do not appear in the log, go back through the installation and configuration steps described earlier in this chapter to make sure your Barracuda IM Firewall has been installed correctly.

(24)
(25)

Managing User Accounts 25

Chapter 3

Managing User Accounts

This chapter explains how to manage user accounts on your Barracuda IM Firewall. This chapter covers the following topics:

Overview ... 26 Creating User Accounts Manually... 26 Importing User Accounts from an External Directory Server... 27 Customizing the User Rollout Message ... 29 Viewing and Modifying Accounts ... 30 Creating Rosters ... 32

(26)

Overview

Each user that you want to chat securely over your network needs to have an account on the Barracuda IM Firewall.

You can use either of the following methods to add user accounts to your Barracuda system: • Create accounts manually, as described on page 26.

• Import accounts from your external directory server, as described on page 27.

In some cases, you may need to manually create accounts as well as import them from LDAP. For example, if your organization’s regular employees have LDAP accounts but your contractors or consultants do not, then you may need to manually create accounts for contractors if you want them to chat securely with your internal employees using the Barracuda IM client.

Creating User Accounts Manually

When you create an account manually, the Barracuda IM Firewall: • Generates a unique password for the account.

• Emails a rollout message to the new account. This message contains the user’s login and password information, provides a link to the Barracuda IM client installation, and describes how to download the Barracuda IM client.

Before you create a user account, perform the following tasks:

• If desired, customize the rollout message as described in Customizing the User Rollout Message on page 29. The Barracuda IM Firewall automatically sends a rollout message to new user accounts so you need to modify this message before you create accounts on the system. • View the default settings for the Barracuda IM Client and make any desired changes.

The default settings are located on the Policy > Default Client Configuration page, and the online help describes each setting in detail. You should make any necessary changes before users start downloading the IM client from their rollout email.

To manually create a user account:

1. Add one or more domains to the Barracuda IM Firewall by performing the following steps:

1a. Select the Domains tab.

1b. Enter the name of the domain in the provided field, and click Add Domain.

1c. Add more domains as necessary.

You must add at least one domain before you can create a user account.

2. Select Users > User Add/Update.

3. From the drop-down menu in the upper-right corner of the page, select the domain that you want the new user to reside in.

4. Enter the email address (one per line) for each user account you want to create.

If you enter an email address for an account that already exists, the Barracuda IM Firewall generates a new password for the account and sends a new rollout message to the user.

5. Click Save Changes. The Barracuda IM Firewall emails a unique rollout message to each new account.

6. To change this account to an admin or domain admin account, see Changing the Role of an Account on page 30. By default, all new accounts are automatically assigned the role of user.

(27)

Managing User Accounts 27

Importing User Accounts from an External Directory Server

If you already use an external directory server like LDAP for authentication, you can enable your Barracuda IM Firewall to import these accounts so you do not need to create them manually. The Barracuda IM Firewall is compatible with any LDAP-compliant external directory server. Before you import user accounts, perform the following tasks:

• If desired, customize the rollout message as described in Customizing the User Rollout Message on page 29.

The Barracuda IM Firewall automatically sends a rollout message to new user accounts so you need to modify this message before you import accounts to the system. You can disable the rollout emails on the Users > User Rollout page.

• View the default settings for the Barracuda IM Client and make any desired changes.

The default settings are located on the Policy > Default Client Configuration page, and the online help describes each setting in detail. You should make any necessary changes before users start downloading the IM client from their rollout email.

To import users from your external directory server: 1. Select Advanced > External Directory Services

2. Select a domain from the drop-down menu in the upper-right corner of the interface.

3. Enter information for the following fields:

Field Description

LDAP Server The network address of your directory server (domain name or IP address). Typical LDAP servers in a Microsoft network are the Active Directory server and the Exchange server.

LDAP Port The network port where your directory server receives requests (typically port 389).

LDAP Search Base The DN of the branch of the directory where all searches should start from. At the very least, this must be the top of your directory tree, but could also specify a subtree in the directory.

Bind DN Username used to bind to the server when searching for entries. If not provided the server will use an anonymous bind.

Bind Password A bind password to use in conjunction with the bind DN.

UID Attribute The attribute to search for. You should choose an attribute that will be unique across all the user entries in the subtree you will be searching. The UID attribute in Active Directory is typically sAMAccountName.

(28)

P

4. Click Edit Attribute Mappings to review the default attribute mappings to ensure they are appropriate for your LDAP settings. The following table describes each field and how it maps to LDAP. The default attributes map to Active Directory fields.

5. Click Save Changes.

The Barracuda IM Firewall retrieves the list of users from the LDAP server.

6. Select the checkbox next to each user that you want to import, or select the top checkbox to import all users on the page.

7. Click Import. If configured to send rollout emails, the Barracuda IM Firewall emails a rollout email to the users you imported

8. To change this account to an admin or domain admin account, see Changing the Role of an Account on page 30.

By default, all new accounts are automatically assigned the role of user.

Field LDAP Mapping

First Name First Name of the user. The default is givenName. Last Name Last Name of the user. The default is sn.

Address Line 1 First address line of the user. The default is street.

Address Line 2 Second address line of the user. The default is postOfficeBox. City City the user resides in. The default is l.

State State the user resides in. The default is st.

Zip Code User’s zip/postal code. The default is postalCode. Country Country the user reside in.

Employee Title Professional title of the user. The default is title. Email Address Email address of the user. The default is mail. Phone Number User’s phone number. The default is homePhone. Description Brief description of the user. The default is description.

Note

If information is not showing up that you know is available for a user, you may have to adjust the property fields. Click the Edit LDAP Attribute Mappingbutton to configure them.

(29)

Managing User Accounts 29

Customizing the User Rollout Message

The Users > User Rollout page lets you modify the rollout message that the Barracuda IM Firewall sends to each new user account. You should customize this message before creating or importing user accounts.

The following paragraphs show an example of the default user rollout message:

Congratulations __USERNAME__! Your company has successfully created an account for you on their new Barracuda IM Firewall corporate instant messaging solution. Barracuda IM Firewall provides secure corporate instant messaging within your company, as well as connectivity to AOL, Yahoo!, MSN, and ICQ instant messaging networks, all from a single client. To begin using your new account, simply follow the instruction in this email.

Below you will find your username and password, a link to download the client, and installation instructions.

Username: __USERNAME__ Password: __PASSWORD__ Server: __SERVER__

To customize the user rollout message: 1. Select Users > User Rollout.

2. Make sure Send Rollout Emails is set to Yes.

3. Customize the Introductory Message text as appropriate.

The following variables will be replaced with valid information in the message:

_USERNAME_, _PASSWORD_, and _SERVER_. Do not remove these variables unless you have another method of distributing this information to your users.

4. In the Client Download Instructions section, select No next to the operating systems that do not need installation instructions.

5. In the Help and Support section, enter any information that you want to appear at the bottom of the rollout message.

For example, you can include the phone number and email address of your organization’s help desk so users know who to contact if they need to resolve issues with the Barracuda IM client.

(30)

Viewing and Modifying Accounts

The Users > Account View page displays all the accounts that have been created manually or imported from your external directory server and use the Barracuda IM client. This page lets you view details about each account and perform the following tasks:

• Change the role of the account • Change the account password

• Log into the administration interface as that account by clicking the Edit Account link. • Send the account a rollout email

• Delete the account

To quickly locate a specific account, use the filter feature at the top of the page to search for specific patterns in the account details.

The Users > Third Party IM Users page displays all the accounts that use a native IM client like MSN Messenger or Yahoo Messenger. These accounts are not displayed on the Users > Accounts View

page because they do not use the Barracuda IM client. The Protocol column on this page identifies the type of third party IM client each account uses.

You can click the Modify link to change the user ID associated with the third party IM user.

Changing the Role of an Account

By default, every new account that you create or import is assigned the role of user. However, you may need to change the role of an account so it can be used to manage specific domains on your Barracuda system.

You can assign the following types of roles to an account:

• Admin—Manages all the domains on the Barracuda system and can configure system-wide settings. The Barracuda IM Firewall comes with one admin account.

• Domain Admin—Manages specific domains but cannot configure system-wide settings. Domain admins can view logging information, create users, and configure policies for their domains but do not have access to the system-wide settings on the Basic > IP Configuration

page, Basic > Administration page, and Advanced tab.

• User—Manages only their account by viewing their own IM logs, modifying their vCard information, and changing their password. The Barracuda IM Firewall automatically sends a rollout email to each new user account.

To change the role of an account: 1. Select the Users > Accounts View page.

2. Locate the account you want to change, and click the link in the Role column. A pop-up window appears.

3. From the Role drop-down menu, select the role for the account. Note

The Users > Third Party IM Users page is only displayed when your Barracuda IM Firewall is in Standard (default) mode or Listen Only mode.

(31)

Managing User Accounts 31

4. In the Domains Managed area, enter the domains (one per line) that you want the account to manage. These domains must match the domains that have already been created on the system. To configure the account to manage all domains, enter all_domains.

If you are changing the role of an account to a User role, do not enter any domains. User accounts do not manage domains.

(32)

Creating Rosters

The Users > Roster Creation page lets you create rosters (also known as buddy lists) for your users. When you create a roster, you can push the roster out to your users immediately or wait until the Barracuda system automatically distributes new rosters every night at midnight.

To create a new roster:

1. Select the Users > Roster Creation page.

2. In the Roster Name field, enter the name of your roster list. This name is used as a label for your convenience and has no other function.

3. In the Users area, enter the usernames, LDAP groups, or a combination of both that you want to receive this roster (one name or group per line).

We recommend using LDAP groups because as changes occur in the LDAP directory, the Roster that includes the LDAP group will be automatically updated.

4. In the Roster field, enter the usernames, LDAP groups, or a combination of both that you want to be members of this roster. Enter one username or LDAP group per line.

You can organize a roster into subgroups by placing brackets around the subgroup name and listing users and LDAP groups under that subgroup.

For example, you may want to create a roster that contains the subgroups [Finance] and [Human Resources] with users listed under each of these subgroups. Refer to Figure 3.1to view an example of a roster that contains subgroups.

If you do not include subgroups in your roster, then all roster members are put under the General group in the IM client.

5. Enter a description of this roster (optional). This description can help other administrators understand the purpose of the roster. The description is not displayed to users.

6. Click Add Roster. Once created, the roster is pushed out to the users’ clients every night at midnight.

7. To push out the roster immediately and update users’ clients, click Push all currently defined rosters to users’ clients.

After you create a roster, it appears at the bottom of the page where you can select to delete or modify the roster.

Roster Example

Figure 3.1 shows an example of a roster that created in the Web GUI and distributed to a user’s Barraucda IM client. Notice that this roster uses the subgroups Finance and Human Resources to organize the roster members.

(33)

Managing User Accounts 33

(34)
(35)

Configuring, Monitoring, and Managing the Barracuda IM Firewall 35

Chapter 4

Configuring, Monitoring, and Managing the

Barracuda IM Firewall

This chapter describes the configuration, monitoring, and management tasks you can perform from the administration interface. The following topics are covered:

Configuring the Barracuda IM Firewall ... 36 Defining Policies for your IM Environment ... 40 Monitoring the Barracuda IM Firewall... 43 Managing the Barracuda IM Firewall ... 45

Note

For more detailed information about a specific page in the administration interface, view the online help by clicking the question mark icon on the right side of the interface.

(36)

Configuring the Barracuda IM Firewall

This section describes the configuration tasks you can perform from the administration interface. This section covers the following topics:

Configuring System IP Information ... 36 Controlling Access to the Administration Interface ... 36 Customizing the Appearance of the Administration Interface... 36 Changing the Language of the Administration Interface ... 36 Setting the Time Zone of the System ... 37 Enabling and Disabling Virus Protection... 37 Enabling SSL ... 37

Configuring System IP Information

The Basic >IP Configuration page contains the network configuration for your Barracuda IM Firewall. This page allows you to change the following settings:

• System IP address and domain configuration • DNS servers

• Static routes

• Proxy server—If your Barracuda IM Firewall is behind a proxy server, you should enter the proxy server information so the Barracuda system can download updated firmware and receive Energize Updates.

Controlling Access to the Administration Interface

The Basic > Administration page allows you to perform the following tasks: • Change the port used to access the administration interface

• Change the length of time users can be logged into the administration interface (default is 60 minutes).

Customizing the Appearance of the Administration Interface

The Advanced > Appearance page allows you to customize the default images used on the

administration interface and in the email quarantine messages sent to users. This tab is only displayed on the Barracuda IM Firewall 420 and above.

Changing the Language of the Administration Interface

You can change the language of the administration interface by selecting a language from the drop-down menu in the upper right corner of the window. Supported languages include Chinese, Japanese, Spanish, French, and others.

The language you select is only applied to your individual administration interface. No other user’s administration interface is affected.

(37)

Configuring, Monitoring, and Managing the Barracuda IM Firewall 37

Setting the Time Zone of the System

The Basic > Administration page allows you to set the time zone of your Barracuda IM Firewall.

Enabling and Disabling Virus Protection

The Basic > Virus Checking page allows you to turn off virus scanning, which is not recommended. By default, virus scanning is automatically enabled, and the virus definitions are updated on a regular basis (hourly by default) using Energize Updates.

When virus scanning is enabled, all file transfers processed by the Barracuda IM Firewall is scanned for viruses and any traffic that contains a virus is blocked.

Enabling SSL

The Advanced > SSL page allows you to enable SSL on your Barracuda IM Firewall. Click Save Changes after making any changes.

SSL not only ensures that your passwords are encrypted, but also ensures that the rest of the data transmitted to and received from the administration interface is encrypted as well. For users who want to only allow secured connection, set up SSL.

To enable SSL

1. Select Advanced > SSL.

2. Select Yes to enable HTTPS/SSL access only.

3. Select Yes to use HTTPS links in emails.

4. Enter the HTTPS port. The default is 443.

The following table describes the fields on the Advanced > SSL page Table 4.1: SSL Fields

Field Description

Web Interface HTTPS/SSL Configuration

HTTPS/SSL access only: Select Yes to enable SSL and only allow access to the Administration interface via SSL. Select No to use standard HTTP access.

Use HTTPS links in e-mails Whether the Barracuda IM Firewall uses https:// (instead of

http://) in the links included in system e-mails. Keyword notifications, system alerts, and rollout emails are sent out by the system. This setting does not apply to e-mails sent out by users.

This setting is automatically set to Yes when you enable HTTPS/SSL access.

Web Interface HTTPS/SSL port The SSL port used by the Barracuda IM Firewall. Default port for SSL is 443.

(38)

SSL Certificate Configuration

Certificate Type Select one of the following certificates for SSL:

Default (Barracuda Networks) certificates are free but generate browser alerts. The default certificate is signed by Barracuda Networks and provided free as the default type of certificate.

Private (self-signed) certificates provide strong encryption without the cost of purchasing a certificate from a trusted certificate authority (CA). However Web browsers cannot verify the authenticity of the certificate and therefore display a warning every time a user accesses the administration interface. To avoid this warning, download the private root certificate and import it into your browser.

Trusted certificates are issued by trusted Certificate Authorities (CA), which are usually recognized by your Web browser so no additional configuration is required.

Certificate Generation

Organization Info The information stored in your certificates and Certificate Signing Requests. Provide the following information:

Common Name is the fully qualified domain name used to access the administration interface. For example: “barracuda.yourdomain.com”

Country is the two-letter country code where your organization is located.

State or Province Name is the full name of the state or province where your organization is located.

Locality Name is the city where your organization is located.

Organization Name is the legal name of your company or organization.

Organization Unit Name is an optional field in which to specify a department or section within your organization. Download Certificate Signing Request

(CSR)

Click Download to obtain a certificate signing request that is required to purchase a signed certificate from a trusted certificate authority. The certificate is generated with a 1024-bit key length.

Download Private key Click Download to obtain a copy of the private key used for the CSR. The certificate authority where you purchased your certificate may ask for this key, which is only available after you download a CSR.

Download Private Root Certificate Click Download to obtain the private root certificate and import it into your Web browser. This is recommended if you selected a Private certificate type.

Once you have imported the certificate, your Web browser is able to verify the authenticity of the Barracuda IM Firewall’s SSL certificate, and should no longer issue a warning when you visit the administration interface.

Table 4.1: SSL Fields (Continued)

(39)

Configuring, Monitoring, and Managing the Barracuda IM Firewall 39

Trusted Certificate

Upload Signed Certificate After purchasing the certificate using the Certificate Signing Request (CSR), browse to the location of the certificate and click Upload. Once you upload the certificate, your

Barracuda IM Firewall automatically begins using it.

Once you have uploaded your signed certificate, make sure

Trusted is selected for the Certificate Type (described above).

Upload Private key After downloading the private key, browse to the location of the key and click Upload.

Table 4.1: SSL Fields (Continued)

(40)

Defining Policies for your IM Environment

This section describes the Policy tab, which allows you to customize your IM environment by setting the default behavior and capabilities of the Barracuda IM client.

This section contains the following topics:

Controlling Public IM Access... 40 Controlling File Transfer Access ... 40 Configuring the Default Settings of the Barracuda IM Client ... 40 Adding a Disclaimer to Instant Messages ... 41 Setting the Current Client Version... 41 Setting up Keyword Notification... 41 Creating Server Filters ... 42

Controlling Public IM Access

The Policy > Public IM Access page lets you control which users have access to public IM networks. You can allow all users access to public IM networks, block all users from accessing these networks, or manually specify users that you want to allow access (all other users will be denied access). The settings on this page apply only to third party IM use through the Barracuda IM client.

The Public IM Gateway section at the bottom of the page should only be used for inline deployments so you can block public IM clients from connecting to your Barracuda IM Firewall. This is useful if you want to prevent users from using public IM clients (like AIM and Yahoo Messenger) to connect to their respective public networks. If you block these services, users can still access them through the Barracuda IM Client if they have been given permission in the Public IM Proxy section at the top of the page.

Controlling File Transfer Access

The Policy > File Transfer Access page lets you control which users and groups are allowed to send files from their Barracuda IM client. The settings on this page do not apply to third party IM clients like Yahoo Messenger.

If you are not routing all your IM traffic through the Barracuda IM Firewall, then this setting will not affect users bypassing the Barracuda system.

All file transfers are scanned for viruses. Zipped files are also decompressed to check for viruses.

Configuring the Default Settings of the Barracuda IM Client

The settings on the Advanced > Default Client Configuration page let you pre-configure the Barracuda IM Client for your users. The online help describes each field in detail.

Note Be sure to modify this page before you rollout the Barracuda IM Client. Once a user installs the Barracuda IM client, their client is not updated to reflect the changes you make on the Default Client Configuration page. Only new client installations will reflect the recent changes.

(41)

Configuring, Monitoring, and Managing the Barracuda IM Firewall 41

Adding a Disclaimer to Instant Messages

A disclaimer is a short statement that appears in front of the first instant message sent from a user. You can use disclaimers to:

• Inform users that their IM session is being logged

• State policies that impact a user’s IM session. For example, if you have a content filter that blocks messages containing swear words, you can use a disclaimer to notify users about this policy so they can avoid having their messages blocked.

A new disclaimer is prepended each time a user’s status is changed from offline to online.

Setting the Current Client Version

The Advanced > Set Current Client page lets you specify the Barracuda IM client that you want to make available to your users. After you download and install a new firmware version on your Barracuda system, check the Set Current Client page to see if a new IM client is included with the latest firmware. If a new IM client is included, you can select the new version and your users will be notified that an updated IM client is available.

Setting up Keyword Notification

The Policy > Keyword Notification page lets you set up the Barracuda IM Firewall to send an email or IM notification when a user includes a specific keyword in an instant message. For example, you can set up the system to send you an email when a user includes inappropriate language in an instant message. You can use these notifications to identify users that need to be reminded of your

organization’s IM standards and policies.

The bottom of the page allows you to delete or modify any existing rules on the system.

To set up keyword notifications:

1. Enter a name for the keyword notification rule.

2. In the Keywords area, enter the keyword or regular expression that you want to trigger a notification. You can enter multiple keywords or regular expressions by entering one per line.

3. To set up the system to send email notifications, enter the email addresses (one per line) of the users that you want to be notified when the keyword is used.

To set up the system to send IM notifications, enter the username (one per line) of each user that you want to be notified when the keyword is used.

4. Click Add Rule.

The new rule appears in the Keyword Notifications list at the bottom of the page. Note

(42)

Creating Server Filters

The Policy > Server Filtering page allows you to configure content filters for the Barracuda IM Firewall to block or filter messages that contain specific keywords, phrases, or regular expressions. For example, you can use content filters to prevent swear words from appearing in the instant messages sent from your users.

To create a content filter:

1. Enter a name for the content filtering rule you wish to create.

2. From the Block/Filter drop-down menu, select one of the following options:

Blocks: The Barracuda IM Firewall blocks the entire message from being sent when the keyword is used.

Filters: The Barracuda IM Firewall replaces the offending keyword with hash marks (######) and then sends the instant message to the intended recipient. This is the recommended setting.

3. In the Keywords area, enter the keyword or regular expression that you want to be filtered or blocked. You can enter multiple keywords or regular expressions by entering one per line.

4. Enter a reason that explains why the instant message was blocked or filtered. This reason will be included in the email or IM notification and will also be sent to the sender of the instant message so they know why their message was blocked or filtered.

5. To set up the system to send email notifications when the keyword is used, enter the email addresses (one per line) of the users that you want to be notified when the keyword is used. To set up the system to send IM notifications, enter the username (one per line) of each user that you want to be notified when the keyword is used.

6. Click Add Rule.

The new rule appears in the Keyword Notifications list at the bottom of the page. Note

(43)

Configuring, Monitoring, and Managing the Barracuda IM Firewall 43

Monitoring the Barracuda IM Firewall

This section describes the monitoring tasks you can perform from the administration interface and from the front panel of the Barracuda IM Firewall. This section covers the following topics:

Viewing Performance Statistics ... 43 Automating the Delivery of System Alerts and Notifications ... 43 Viewing System Tasks... 43

Viewing Performance Statistics

The Basic > Status page provides an overview of the health and performance of your Barracuda IM Firewall:

• Number of messages blocked and allowed

• Performance statistics, such as CPU temperature and system load • Number of file transfers that were blocked and allowed

• Your subscription status

• Number of connected users and their status

Performance statistics displayed in red signify that the value exceeds the normal threshold.

Automating the Delivery of System Alerts and Notifications

The Basic > Administration pageallows you to configure the Barracuda IM Firewall to automatically email system notifications to the email addresses you specify. The email address you specify on this page will also be listed as the “reply to” address in any emails sent from the Barracuda IM Firewall to users.

System alerts notify you when:

• Your Energize Update subscription is about to expire • New virus definitions are available

• Your system is low on disk space

Viewing System Tasks

The Advanced > Task Manager page provides a list of tasks that are in the process of being performed and also displays any errors encountered when performing these tasks.

Some of the tasks that the Barracuda IM Firewall tracks include: • Configuration restoration

• Added users • Firmware updates

If a task takes a long time to complete, you can click the Cancel link next to the task name and then run the task at a later time when the system is less busy.

(44)

The Task Errors section will list an error until you manually remove it from the list. The errors are not phased out over time.

Using a Syslog Tool to Monitor IM and Web Syslogs

The Advanced > Syslog allows you to monitor the IM logging information such as IM message traffic and to monitor Web GUI related logging information.

Table 4.2 describes the two types of data you can monitor. Table 4.2: Syslog Monitoring

Syslog Description

IM Syslog Configuration Click Monitor IM Syslog to view the IM message syslog output in a new window.

The IM syslog does not display the actual IM messages sent between users.

Web GUI Syslog Configuration A few examples of the actions the Web syslog tracks include: • When a user logs into the system

• Any configuration changes made to your Barracuda IM Firewall

• When system reports are generated

Click Monitor Web Syslog to view the Web syslog output in a new window.

(45)

Configuring, Monitoring, and Managing the Barracuda IM Firewall 45

Managing the Barracuda IM Firewall

This section describes how to manage and maintain your Barracuda IM Firewall using the administration interface.This section covers the following topics:

Backing up and Restoring System Configuration ... 45 Updating the Firmware of your Barracuda IM Firewall ... 45 Updating the Virus Definitions ... 46 Replacing a Failed System ... 46 Resetting and Shutting Down the System ... 46 Using the Built-in Troubleshooting Tools ... 47 Rebooting the System in Recovery Mode... 47

Backing up and Restoring System Configuration

The Advanced > Backup page lets you back up and restore the configuration of your Barracuda system. You should back up your system on a regular basis in case you need to restore this information on a replacement Barracuda IM Firewall or in the event your current system data becomes corrupt. If you are restoring a backup file on a new Barracuda IM Firewall that is not configured, you need to assign your new system an IP address and DNS information on the Basic > IP Configuration page. Note the following about the backup file:

• Do not edit backup files. Any configuration changes you want to make need to be done through the administration interface. The configuration backup file contains a checksum that prevents the file from being uploaded to the system if any changes are made.

• You can safely view a backup file in Windows WordPad or Microsoft Word. You should avoid viewing backup files in Windows Notepad because the file can become corrupted if you save the file from this application.

• The following information is not included in the backup file: • System password

• System IP information • DNS information

Updating the Firmware of your Barracuda IM Firewall

The Advanced > Firmware Update page allows you to manually update the firmware version of the system or revert to a previous version. The only time you should revert back to an old firmware version is if you recently downloaded a new version that is causing unexpected problems. In this case, call Barracuda Networks Technical Support before reverting back to a previous firmware version. If you have the latest firmware version already installed, the Download Now button will be disabled. Note

Applying a new firmware version results in a temporary loss of service. For this reason, you should apply new firmware versions during non-business hours.

Figure

Figure 1.1 illustrates a basic installation using the standard inline network configuration
Figure 2.1: Front panel of the Barracuda IM Firewall
Table 2.1: Ports to Open on Your Corporate Firewall
Figure 2.2: Subscription Status
+7

References

Related documents

For purposes of this Agreement, "Energize Update Software" shall include (and the terms and conditions of this Agreement shall apply to) any Energize Update upgrades,

Unless otherwise expressly provided in the documentation, Customer shall use the Energize Update Software solely as embedded in, for execution on, or (where the

For purposes of this Agreement, "Energize Update Software" shall include (and the terms and conditions of this Agreement shall apply to) any Energize Update upgrades,

Note: If you will be using your Barracuda Spam Firewall to scan outgoing messages instead of incoming messages, refer to Configuring your System for Outbound Mode on page 27 before

Computer(s) on which all versions of the SOFTWARE or SOFTWARE PRODUCT may be installed shall not exceed the Permitted Number of Computer(s) unless otherwise expressly stated in

Save as otherwise expressly provided in the relevant Service Description, in the event of any fault or defect in the Third Party Software, the Customer shall be entitled to

1.3 Any advice rendered by TMG hereunder, unless otherwise expressly agreed in an individual agreement, is provided to the Customer solely for Customer's benefit and may not

21.2 Notices given by AT&T NEVADA to the CLEC under this Agreement shall be in writing (unless specifically provided otherwise herein), and unless otherwise expressly required