12-Jan-2018   |     |   0

6 Key Advantages to Using Managed Services

By giving IT staff more time to focus on innovation and reducing unexpected costs, managed services provide businesses the support and room they need to thrive.

Organizations across every industry are discovering how today’s technologies help them achieve their objectives. For example, retailers use beacons to personalize marketing messages to individual customers based on where they are inside a store. Hospitals use technology to track patients and understand their experiences, helping to reduce readmission rates. Airlines use apps to streamline check-in, and sports teams use them to boost stadium attendance.

While new technologies present powerful opportunities for enterprises, they also introduce challenges. The pace of change in IT is unprecedented. No longer can IT departments standardize on one or two computer models, a single operating system, and a short list of approved applications. The mobile devices and cloud-based technologies that have brought so much possibility have also introduced a hodgepodge of devices, platforms and apps for IT departments to manage and secure.

For many organizations, those challenges add up to significant expenses: the cost of hiring and training qualified workers, purchasing the infrastructure to support emerging technologies, and keeping systems up to date and secure. Rather than struggle to keep pace with technology, many organizations turn to managed services providers for help. By trusting a third party such as CDW to handle cloud deployments, data center solutions, mobile initiatives, collaboration tools and security, organizations can focus their time and resources on their core business objectives.

Managed service providers take a holistic approach to IT services, resulting in a higher standard than many organizations are able to achieve in-house. Top service providers also offer ongoing management and maintenance of the underlying infrastructure, along with end-user support and service guarantees.

The benefits are clear: In 2014, only 30 percent of organizations used managed services, but within a year, that figure had nearly doubled. Managed services can cut IT costs by as much as 40 percent while doubling operational efficiency.

Turning to a trusted partner offers several advantages, including:

1. FREEING UP IT STAFF

Most IT departments are stretched thin. By outsourcing back-end functions or complex, rapidly changing technologies, organizations dedicate their in-house technology experts to projects that will further their core objectives and promote innovation.

2. KEEPING PACE WITH THE DEMANDS FOR IT EXPERTISE

Organizations around the world are struggling to fill IT positions, particularly in cybersecurity and mobile app development. Outsourcing these functions to a partner with technically skilled and specialized engineers in new and emerging technologies alleviates these pressures.

3. GREATER SCALABILITY

IT shops spend months — even years — deploying massive systems. Many organizations are finding it more effective to start small, move fast and expand as needed. CDW’s modular approach to managed services makes it easy for enterprises to scale up or down depending on demand, such as a retailer increasing capacity around the holidays, or a startup experiencing sudden growth.

4. 24/7 AVAILABILITY

The 9-to-5 workday is as outdated today as the phone booth. When users work around the clock, so must the network. With a managed services provider, help is always available — days, nights, weekends or holidays — to support users.

5. SHIFTING THE BURDEN OF COMPLIANCE

In addition to regular audits, many organizations are obligated to meet standards and requirements with their IT initiatives. The Health Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, Gramm–Leach–Bliley Act, Payment Card Industry Data Security Standard and Sarbanes–Oxley Act spell out rules regarding privacy, reporting and security in the healthcare, education, financial services and retail industries. CDW understands the regulations that organizations are bound by, and can provide the systems, processes and reports to guarantee that organizations meet their requirements — without placing that burden on in-house staff.

6. PREDICTABLE MONTHLY COSTS

Every IT investment comes with peripheral costs. Organizations need adequate networks, storage, and security. They must train staff, deploy systems and manage equipment. Unexpected costs arise at any time. By outsourcing initiatives to a managed service provider, organizations can break down their costs into fixed monthly payments, as opposed to the large capital expenditures that come with managing systems in-house.

Download the white paper, “Managed Services: Helping Organizations Focus on Business,” to learn more about managed services for cloud environments, data centers, collaboration and security.

09-Jan-2018   |     |   0

Barracuda Web Security Gateway API Guide

IT administrators can easily manage large blocks of usernames, create local or IP groups, and configure most global settings using the Barracuda Web Security Gateway APIs. The APIs allow remote administration to set single variables and to simplify data-intensive tasks such as:

  • Quickly add, update, list or delete usernames and passwords in bulk
  • Create IP Subnet/Groups
  • Assign users to groups
  • Get and set single global variables

This guide includes examples of the XML-RPC code to execute various tasks, along with example Perl scripts. Any API call requires a password that you securely configure on the Barracuda Web Security Gateway BASIC > Administration page when logged in as the administrator.

The Barracuda APIs allow remote administration and configuration of the Barracuda Web Security Gateway version 5.x and higher.

How the Barracuda API Works

The framework of the API allows a programmer to get or set variables inside an XML-RPC request corresponding to field values in the configuration database of the Barracuda Web Security Gateway. Some languages, Perl is one example, provide wrappers for XML-RPC requests, providing an interface to form the request.

What Can Be Configured With the APIs

The APIs work through manipulation of variables inside the system configuration database. Variables that meet the following criteria can be manipulated by these APIs:

  • All global variables with a simple setting that are not policy-related. This includes most settings you can set by clicking the Save button in the Barracuda Web Security Gateway web interface. For example, from the BASIC > IP  Configuration page, you can enable or disable Virus Protection for the Barracuda Web Security Gateway and then click the Save Changes button:

 

What Cannot be Configured With the APIs

  • Any variables on any page on the BLOCK/ACCEPT tab with the Policy dropdown at the top:
  • Variables with a list of associated values; for example, you cannot use an api to create a custom category and add a list of related domains.
  • Deleting any policy or configuration which is part of a list. For example: exceptions, custom categories.
  • Most things that correspond to “action” buttons in the web interface. For example, from the BASIC > Administration page, you can click a button to restart the system or shut it down, but you cannot execute these “actions” via the APIs. An exception to this is the Reload feature/button, which has an API that re-applies the system configuration.

 

Secured Access to the APIs

Access to these APIs are limited to IP addresses on a trusted IP address list configured on the BASIC > Administration page in the Allowed API IP/Range section of the Barracuda Web Security Gateway web interface. Be sure you enter the IP address(es) where you will access the APIs in this section of the web interface before using the APIs. Attempts to call these APIs from any IP address not listed as an allowed API IP address are denied. All calls to the APIs require you to use the API password, set on this same page and section of the web interface.

XML-RPC Model

In the APIs, action parameters are received as XML strings that comply with the XML-RPC specification, which can be viewed here:  http://www.XMLrpc.com/spec. So requests for all actions must be in the form of an HTTP POST request. All actions roll into one CGI script (for example: api.cgi)  and map to an XML-RPC method, with those parameters needed for the action to complete.

For example, the get action maps to the  config.get  XML-RPC method and all parameters needed for the get are sent in the XML body. The Perl module XML::RPC (note that this is not a part of the standard Perl distribution) is used by api.cgi to retrieve the requested method and parameters. Then the action is performed and the response is sent back to the client. When there is an error, a response complying with the fault response of the XML-RPC specification is sent (see examples below). The error response contains both a fault code and a meaningful fault string. See Appendix 1 of this guide for a list and explanation of fault codes.

The XML-RPC Request and Response

The XML script is called from a Perl script or other scripting language. Each API takes its own set of parameters which are submitted in the XML body of the request. Examples of possible XML output are shown below, both for a successful request and for a request that returns an error. The single-value request / response involves a single variable value. Responses containing multiple values send the values back as an XML-RPC array.

To make the request, use the base URL of the Barracuda Web Security Gateway you use for connecting to the web interface, and append the script name you wish to use. For example, if your script is called ‘api.cgi’, your URL might look something like this:

http://barracuda.mydomain.com:8000/cgi-mod/api.cgi

Typical parameters used to build the request include some or all of the following:

  • variable :: A required parameter that tells the API which variable to return from the configuration. For example, the configuration variable ‘alerts_email_address’ represents the global System Alerts Email Address, set on the BASIC > Administration page in the web interface. To get or set this variable value,  put ‘alerts_email_address’ in the XML request body specified as a variable:

<name>variable</name>
<value>
<string><![CDATA[alerts_email_address]]>
</string>
</value>

  • password :: A required parameter used to authenticate access to a page and set by the administrator on the BASIC > Administration page in the API Password field. For example:
    # API Password
    my $password = “1234”;my $url = ” http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password “;See the contents of  ‘my $url’ in the Perl example under How to get the current value of a global variable below, which uses a password of ‘1234’.
  • type :: A parameter that specifies the class/scope of a variable. The “scope” of variables you can set with these APIs is always ‘global’.
Success Responses

The output of a successful call where no variable is being returned is a simple ‘200 OK’ as shown below. Otherwise, successful responses with returned values are shown with each example.

<?xml version=”1.0″ encoding=”UTF-8″ ?>
<methodResponse>
<params>
<param>
<value>
<struct>
<member>
<name>Result</name>
<value><string><![CDATA[200: OK]]></string></value>
</member>
</value>
</struct>
</value>
</param>
</params>
</methodResponse>
Error Responses

Error responses use the XML-RPC faultCode and faultString formats. The error code is the value of the faultCode member and the error string is the value of the faultString member. SeeAppendix 1 for a list of faultCodes and descriptions of possible errors. Here is an example of an error response, showing the XML:

<?xml version=”1.0″ encoding=”UTF-8″ ?>
<methodResponse>
<fault>
<value>
<struct>
<member>
<name>faultCode</name>
<value><i4><500></i4></value>
</member>
<member>
<name>faultString</name>
<value>
<string>No such variable in configuration</string>
</value>
</member>
</struct>
</value>
</fault>
</methodResponse>

How to List Variables in the Configuration

The examples in this guide demonstrate getting and setting some of the variables in the configuration database. Some examples use variable names in the method calls, while other examples use explicit values, just to demonstrate both ways of making API calls. The config.varlist is a utility that provides information on scope of configuration variables to help you understand how to access and use them. Calling this method prior to using the other APIs will provide a good reference of the configuration variables.

Config.varlist

There are no arguments for this API.

Sample Request:

<?xml version=”1.0″ encoding=”UTF8″?>

<methodCall>
<methodName>config.varlist</methodName>
<params>
<param>
<value>
<struct>
</struct>
</value>
</param>
</params>
</methodCall>

Perl code for this example:

use strict;
use warnings;

use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = “http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password“;

#Create the XML::RPC object
my $xmlrpc = XML::RPC->new ($url);
my $result;

$result = $xmlrpc->call (‘config.varlist’,
{
});

# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;
print $xmlrpc->xml_in();
# END

How to Access Variables in the Configuration

To determine the name of the variable you want to configure, log into the Barracuda Web Security Gateway web interface as admin. On the page where you configure the setting, highlight the value field, right click and select Inspect Element. The <input_id> typically contains the name of the configuration variable. See the blue highlight in the figure below: the part of the <input_id> after  UPDATE_ is the variable name. In this case, it is   alerts_email_address.

How to get the current value of a global variable

Getting the current value of a system variable uses the config.get method. This example gets the value of the System Alerts Email Address variable, typically set from the BASIC > Administration page.

Arguments:

  • type: global
  • variable: alerts_email_address

The name of the variablealerts_email_address , is shown in the <input_id>, to the right of Update_.

XML code for this example

Note that the <name> tag indicates that the API applies to a single variable in the configuration. The <value> tag indicates that the expected value of that variable is a string, and takes the variable name noted above, alerts_email_address, as the input.

<?xml version=”1.0″ encoding=”UTF8″?>

<methodCall>
<methodName>config.get</methodName>
<params>
<param>
<value>
<struct>
<member>
<name>variable</name>
<value><string><![CDATA[alerts_email_addressl]]></string>
</value>
</member>
<member>
<name>type</name>
<value><string><![CDATA[global]]></string>
</value>
</member>
</struct>
</value>
</param>
</params>
</methodCall>

Perl code for this example:

Be sure to use single quotes to surround literal values in your calls, and use double quotes to surround variables.

use strict;
use warnings;

use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = ” http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password “;

#Create the XML::RPC object
my $xmlrpc = XML::RPC->new ($url);
my $result;

$result = $xmlrpc->call (‘config.get’,
{
type => ‘global’,
variable => ‘alerts_email_address’,
});

# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;
print $xmlrpc->xml_in();
# END

XML response returned by Perl script:

Here is the XML response returned after running the above Perl script, returning  myalerts@barracuda.com  as the System Alerts Email Address:

— RESPONSE —<?xml version=”1.0″ encoding=”UTF-8″ ?>
<methodResponse>
<params>
<param>
<value>
<string><![CDATA[myalerts@barracuda.com]]></string>
</value>
</param>
</params>
</methodResponse>

How to set the value for a single variable

Use the config.set method to set a value for a single variable. This example sets the Session Expiration Length, which specifies the elapsed time allowed before a user login expires and re-authentication is required. Minimum setting for this value is 1 minute. This variable is set on the BASIC > Administration page.


The variable name can be changed to make other configuration changes. In this example, the Session Expiration Length is set to 30 minutes.

Arguments

  • type : ‘global’
  • variable : http_session_length => ’30’

XML code for this example
Note that, with the config.set method, the <name> tag indicates the name of the single variable in the configuration. The <value> tag indicates that the value of that variable is an integer, and explicitly sets that value to ’30’ as the input.

<?xml version=”1.0″ encoding=”UTF8″?>

<methodCall>
<methodName>config.set</methodName>
<params>
<param>
<value>
<struct>
<member>
<name> http_session_length </name>
<value><i4><![CDATA[30]]></i4>
</value>
</member>
<member>
<name>type</name>
<value>
<string> <![CDATA[global]]></string>
</value>
</member>
</struct>
</value>
</param>
</params>
</methodCall>

 

Perl code for this example:

use strict;
use warnings;
use XML::RPC;# IP Address of your Barracuda
my $cuda_ip = “10.5.7.211”;
# API Password
my $password = “1234”;
my $url = “http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password”;#Create the XML::RPC object
my $xmlrpc = XML::RPC->new ($url);
my $result = $xmlrpc->call(‘config.set’,{ type => ‘global’, http_session_length => ’30’, }

);
print $xmlrpc->xml_in();

XML response returned by Perl script:

Here is the XML response returned after running the above Perl script indicating success.

— RESPONSE —<?xml version=”1.0″ encoding=”UTF-8″ ?>
<methodResponse>
<params>
<param>
<value>
<struct>
<member>
<name>Result</name>
<value>
<string><![CDATA[200: OK]]></string>
</value>
</member>
</struct>
</value>
</param>
</params>
</methodResponse>

How to set values for several global variables

This example modifies multiple global variables using the config.set method, setting the Web Interface HTTP Port (http_port) to 8000 and Session Expiration Length (http_session_length) to 20 (minutes). These variables are set on the BASIC > Administration page. To set several variables at once, simply list the variable names and values to set, separated by commas, as shown in the variable list:

Arguments:

  • type: ‘global’
  • variable list: http_session_length => ’20’, http_port => ‘8000’

Perl code for this example:

use strict;
use warnings;
use XML::RPC;

# IP Address of your Barracuda
my $cuda_ip = “10.5.7.211”;
# API Password
my $password = “1234”;
my $url = “http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password”;

#Create the XML::RPC object
my $xmlrpc = XML::RPC->new ($url);
my $result = $xmlrpc->call(‘config.set’,

{ type => ‘global’, http_session_length => ‘100’, http_port => ‘8000’, }

);
print $xmlrpc->xml_in();

Use Cases

Reloading the configuration

Use the config.reload method to re-apply the system configuration, corresponding to the Reload button on the BASIC > Administration page of the web interface.

Perl code for this example:

use strict;
use warnings;

use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = “http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password”;

#Create the XML::RPC object
my $xmlrpc = XML::RPC->new ($url);
my $result;

$result = $xmlrpc->call (‘config.reload’,
{
});

# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;
print $xmlrpc->xml_in();
# END

Response indicating success:

— RESPONSE —<?xml version=”1.0″ encoding=”UTF-8″?>
<methodResponse>
<params>
<param>

<value>
<struct>
<member>
<name>Result</name>
<value>
<string><![CDATA[200: OK]]></string>
</value>
</member>
</struct>
</value>
</param>
</methodResponse>

Managing user accounts

These APIs allow the following:

  • Create users
  • Remove users
  • Update users (change password, etc.)

Note that the user.create , user.update and user.remove methods do not require the type parameter.The output of a successful call is simply ‘200 OK’.

Create a local user

This example creates the user ‘xyzuser’ with a password of ‘BWFpwd’ and assigns the user to the local group ‘Students’, as configured on the BLOCK/ACCEPT > New Users page. The Force Password Change On Next Signonoption, represented by the ‘force_password_change’ variable, is left out in this example since it is optional, and the default is No.

Arguments:

  • user: xyzuser
  • password: BWFPwd
  • groups: Students

 

use strict;
use warnings;
use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = “ http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password “;
#Create the XML::RPC object
my $xmlrpc = XML::RPC->new($url);
my $result = $xmlrpc->call(‘user.create’,

{ user => ‘xyzuser’, password => ‘BWFPwd’, groups => ‘Students’, change => ‘No’, }

);
# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;
print $xmlrpc->xml_in();
# END

Remove a local user

This example removes the user ‘xyzuser’.

Arguments:

  • user: xyzuser

use strict;
use warnings;
use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = “ http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password “;
#Create the XML::RPC object
my $xmlrpc = XML::RPC->new($url);
my $result = $xmlrpc->call(‘user.remove’,

{ user => ‘xyzuser’, }

);
# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;
print $xmlrpc->xml_in();
# END

Update a local user

This example updates the password for user “xyzuser” and adds the user to two groups, ‘Faculty’ and ‘Staff’.

Arguments:

  • user: xyzuser
  • password: BWFPwd
  • groups: Faculty\nStaff

use strict;
use warnings;
use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = “ http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password “;
#Create the XML::RPC object
my $xmlrpc = XML::RPC->new($url);
my $result = $xmlrpc->call(‘user.update’,

{ user => ‘xyzuser’, password => ‘BWFPwd’, groups => “Faculty\nStaff”, change => ‘No’, }

);
# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;
print $xmlrpc->xml_in();
# END

The following results display in the Barracuda Web Security Gateway web interface on the USERS/GROUPS > Account View page by clicking Edit for user ‘xyzuser’. The USER INFORMATION popup shows the associated groups you added for ‘xyzuser’:

UserFacultyStudents.jpg

List all user accounts

The user.list method simply lists all user accounts currently on the system, as displayed on the USERS/GROUPS > Account View page.

use strict;
use warnings;
use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = “http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password“;
#Create the XML::RPC object
my $xmlrpc = XML::RPC->new ($url);
my $result;
$result = $xmlrpc->call (‘user.list’,
{
});
# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;print $xmlrpc->xml_in();
# END

Response

The successful response lists the two configured user accounts, ‘new_user’ and ‘xyz_user’. 

<?xml version=”1.0″ encoding=”UTF-8″ ?>
<methodResponse>
<params>
<param>
<value>
<array>
<data>
<value>
<string><![CDATA[new_user]]></string>
</value>
<value>
<string><![CDATA[xyz_user]]></string>
</value>
</data>
</array>
< /value>
</param>
</params>
</methodResponse>
Creating a New IP Subnet/Group

This example creates a new IP Subnet/Group called facilities with an IP address of 10.20.30.0 and a netmask of 255.255.255.0. This setting is configured on the USERS/GROUPS > IP Subnets/Groups page. The most common reason to create an IP group is to apply an exception policy to multiple users on the same IP network. Note that remote users whose web traffic is filtered via the Barracuda Web Security Agent (WSA) cannot be included in these groups.

This API is a bit more complex, with additional parameters used to build the request since this is an application of ‘tied variables’. These are variables that are dependent upon, or “tied to” a key variable. In this example, the two variables  LDAP_groups_IP_netmask  and  LDAP_groups_IP_comment  are dependent upon the  LDAP_groups_IP_address.

Arguments: The following arguments  are used by the config.create method:

  • parent_type :: A required parameter that tells the API about the class/scope of the parent container. In this case, the scope is ‘global’.
  • parent_path :: A required parameter that is the qualified name of a parent object under which a new object will be created. In this case, this variable is left blank.
  • type :: A required parameter that specifies the key variable that the other variables are tied to.
  • name :: A required parameter that specifies the explicit value of the key variable.
  • variable list :: An optional parameter that tells the API which variable(s) to set, including explicit values.

use strict;
use warnings;
use XML::RPC;

# IP Address of your Barracuda Web Security Gateway
my $cuda_ip = “10.5.7.211”;

# API Password
my $password = “1234”;

my $url = ” http://$cuda_ip:8000/cgi-mod/api.cgi?password=$password “;
#Create the XML::RPC object
my $xmlrpc = XML::RPC->new($url);
my $result;

$result = $xmlrpc->call (‘config.create’,

{ parent_type=>’global’,
parent_path => ”,
name => ‘10.20.30.0’,
type => ‘LDAP_groups_IP_address’,
LDAP_groups_IP_netmask => ‘255.255.255.0’,
LDAP_groups_IP_comment => ‘faciliies’,
});
# show the response from the Barracuda Web Security Gateway
print “— RESPONSE —“;
print $xmlrpc->xml_in();
# END

Response indicating success:

— RESPONSE —<?xml version=”1.0″ encoding=”UTF-8″ ?>
<methodResponse>
<params>
<param>
<value>
<struct>
<member>
<name>Result</name>
<value>
<string><![CDATA[200: OK]]></string>
</value>
</member>
</struct>
</value>
</param>
</params>
</methodResponse>

Appendix 1

See the Error Response format under The XML-RPC Request and Response above for an example of how the faultCodes (error codes), shown below, are returned with the XML response.

Error (Fault) Codes

Fault Code        Description                                   Example Fault Strings

400 Required arguments are missing Too few arguments: <error message>
401 Machine does not have access rights Your machine does not have access rights to administer…
402 Domain name error Domain <domain name> already exists

Domain <domain name> is not a valid domain

403 Access error Access denied <error message>
406 API was called with incorrect parameters Incorrect parameters for API call
411 Account error User account does not exist
412 Account error User account already exists
421 Account error Unable to validate account
425 Input object or variable is not valid Config: Error: Invalid variable: <variable name used in api> Config: Error: variable <variable name used in api> not recognized

Config: Error: Invalid object type: <variable name used in api>

Config: Error: <variable name used in api> is not tied to <parent type>

Config: Error: <variable name used in api> does not belong to any class

Config: Error: <variable name used in api> does not belong to <parent type>

Config: Error: <variable name used in api> is not of type <parent type>

426 Invalid operation Config: Error: invalid operation for variable <variable name used in api>

Config: Error: Cannot add values to tied variable <variable name used in api>

Config: Error: Cannot remove values from tied variable <variable name used in api>

427 The object does not exist in the database Config: Error: Could not find tied object: <parent type>, <parent path>  [<parent type>]

Config: Error: Could not find scoped object: <parent type>, <parent path> [global]

Config: Error: Could not find scoped object: <parent type>, <parent path> [<old parent type>, <old parent path>]

428 Input value being set is not valid Config: Error: Could not find values to delete in <parent path>: <list of invalid values>
429 Required variable is missing Variable  required to create object of type <parent type>
450 The method you used is unknown Unknown method called <API method>
499 Unknown error An unknown error has occurred
500 Unknown error An unknown error has occurred

Source

08-Jan-2018   |     |   0

Barracuda NG firewall Review

If you have used MS TMG for example for a browser proxy, you will be glad that Baracuda firewall works great for website filtering as well. In addition, files which are download are being checked in real-time for virus or malware infection. We have used TMG for increased protection against viruses with subscription and GFI add-on as well. If you still have a similar solution, you can switch to Barracuda easily now.

Baracuda firewall works great for website filtering. Where it really shines is traffic live feed and monitoring of live traffic in real-time. There is always current state on the display and when we click on the type of the traffic we get exact information.For example, if you want to see everything related to Youtube, we can select filter Youtube and we get information who, when and what has been watching on Youtube with connections to youtube videos. For every application, we can define a schedule when users can use it. For example, we can set a policy that Facebook is only available during the launch time. We can create QOS per application, meaning that we can change a priority for bandwidth. I think this feature is simply amazing as you can limit Youtube bandwidth. Many users listen to music by playing Youtube. If one user is playing a video that is fine. But when every second user is doing that, Youtube could quickly have the impact on the bandwidth. Youtube automatically detects your screen size, and can easily serve HD version of the song, affecting the bandwidth even further. By using QOS we can fix that.

We can also filter all reports and show them on the screen, but we can also export and view them in Excel.

barracuda-ng-firewall-monitor
barracuda-ng-firewall-monitor

I would like to mention that GUI is very easy to understand. And so is navigating and looking at what’s happening on the network. Dashboard will show you essential information, and from here you can move quickly to URL filtering for example.

Sometimes, we tend to forget about business continuity. Barracuda NGFW can work with multiple internet providers at the same time. That functionality is built in the core and is easy to configure. Feature wise it’s ready for the most demanding environments. It will intelligently move the session from between internet providers. If we have configured BGP, we can enable remote VPN connection without interruptions.

Configuration

You can use Baracuda NGFW as a default gateway, transparent proxy or as a standard firewall perimeter. You can configure an appliance from the console via a cable. You can also use SSH protocol for connecting through the network. Baracuda provides one of the best-looking configuration GUI’s called Baracuda NextGen Admin (also referred to as NG Admin) for graphical configuration.

You can use NG Admin to configure one device or you can use it to connect to the controlling unit. We can then manipulate other connected units.

If we have firewalls across the globe, we can use a program called NG Earth. We can see literally where on the Earth our firewalls are connected and what is the state of devices. If they are having problems we can spot problematic devices as they are shown in different colors. We can also see their connections in real time.

Centralized management of multiple units supports simultaneous configuration on various firewalls. We can save templates for the exact segment and use templates on a complete network. We can then segment firewall configuration. One of the usability advantages of Barracuda is Undo function. When we configure a firewall, we always have an option – Discard. We can undo our last configuration. Only when we save configuration it becomes active.

Baracuda can work as a classic NAT but it can work as a transparent proxy (that works only for physical appliance – you can not use a virtual appliance).

Creating objects which are later used in the rules is simple. We can block entire internet traffic or just a specific protocol. With just a couple of clicks, Barracuda NGFW also has a list of Countries built in. By having countries in the policy, it means that we have another option which we can use to secure our perimeter. Countries can be easily used in policies. For example, we can block all traffic coming in our out of the China. Using the countries in the policies can decrease attacks on our IP, but it doesn’t mean it will prevent all of them. Attackers are using cheap VPS servers which are available in all countries, including Europe and USA.

Most of a configuration works in a way that first rules allows the policy. The last are the one that block. If you remember, MS TMG works in a similar way so migration will be easy. We can segment the users based on groups, we can use Active directory integration, or we can use a local database if the environment is too small. We can use external Radius server for authentication. It has support for x.509 certificates. It also has support for SMS Passcode authentication . We can use it as a classic NAT or it can work as a transparent proxy.

For VPN authentication Barracuda supports SMS Passcode, making login process very secure.

Barracuda supports site to site VPN connection, SSL VPN (connecting to VPN through the browser), it supports all major protocols like IPSec, L2TP, PPTP. We can import a certificate from a certificate authority or we can generate one. Connections can be encrypted with AES 128/256, Blowfish, 3DES and with CAST crypto algorithms.

Mobile VPN application is available for devices with IOS and Android OS. VPN client is available in the app store of respective mobile OS.

Security

Barracuda NGFW protection is two-fold. First, it scans the packets for anomalies. With updates, it gets information about the latest vulnerabilities in programs and type of patterns which it finds in the traffic and protects internal systems from zero-day attacks. Definition Updates are automatic and work similar to anti-virus updates. It can protect against DOS and DDOS attacks.

Files which are being downloaded are checked in real-time for virus and malware infection.

Barracuda NGFW can also handle encrypted SSL connections. Once this option is enabled, firewall intercepts communication between the client and destination and can easily see if the traffic is against the policy we have set. By using Barracuda NGFW we can control applications which connect to the internet and can block them if required.

Summary

Baracuda has many models, therefore is suitable for SMBs and big companies. Functionalities that it offers are above most of the firewalls currently in use in the companies. They offer better protection which leads to increased productivity. In the past prices for such devices were very expensive, but now, we can get the entry model for the price of a good laptop.

Barracuda covers a complete range of next generation firewalls, from entry level to the enterprise solutions. You can choose a hardware or virtual appliance. Starter model comes equipped with Atom CPU, an SSD drive and a reasonable price. If you a looking for a Firewall replacement, I recommend that you get in touch with Barracuda representative. I hear they have great promotions and also offer a trial on your premises.

Source