Barracuda Networks CloudGen Firewall - RSA MFA API (REST) Configuration - RSA Ready Implementation Guide
2 years ago
This article describes how to integrate Barracuda Networks CloudGen Firewall with RSA Authentication Manager using RSA MFA API (REST).

Configure RSA Authentication Manager

Perform these steps to configure RSA Authentication Manager using RSA MFA API (REST).
Procedure
  1. Sign in to Security Console and navigate to Access > Authentication Agents.
  2. Add an agent host by selecting Agent Type as Standard Agent or Web Agent.
  3. Go to Setup > System Settings > RSA SecurID Authentication API and activate Enable Authentication API to allow the use of the REST API.

Configure Barracuda Networks CloudGen Firewall

To configure the Barracuda CloudGen Firewall with RSA Authentication, download and install Barracuda Firewall Admin.

Configure the Authentication

Procedure
  1. Start Barracuda Firewall Admin and sign in to Barracuda CloudGen Firewall.                                                                                            image.png
  2. Click the Configuration tab and click Box > Infrastructure Services > Authentication Service.                                                              image.png
  3. On the left panel, go to RSA-ACE Authentication, and click Lock to change the settings.                                                             image.png
  4. In the Activate Scheme drop-down list, select Yes.
  5. Add RSA Authentication Manager and specify its fully qualified domain name.                                                                                        image.png
  6. In the RSA Client ID field, enter the agent hostname of your firewall as configured in the RSA Authentication Manager under Access > Authentication Agents in the Security Console.
  7. In the RSA Client Key field, enter the Setup > System Settings > RSA SecurID Authentication API > Access Key value from the Security Console.
  8. Click Send Changes and click Activate to activate the new configuration.
  9. Confirm the activation.

Configure a Service

Barracuda CloudGen Firewall can host several services, such as the HTTP Proxy, SSL VPN, VPN, URL Filter, and Virus Scanner services.
Procedure
  1. In the configuration tree, select Network.                                                                                                                                                          image.png
  2. Add a shared IP for the firewall and its services.                                                                                                                                              image.png              image.png

Configure a VPN Service

Procedure
  1. In the configuration tree, go to Box > Assigned Services.
  2. Right-click Assigned Services and click Create Service.                                                                                                                             image.png
  3. Enter a Service Name.
  4. In the Software Module drop-down list, select VPN Service.                                                                                                                       image.png

Configure RSA SecurID on an SSL VPN Service

Procedure
  1. In the configuration tree, double-click Box > Assigned Services > VPN (VPN-Service) > SSL-VPN.                                                               image.png
  2. In the service settings under Service Setup, click Lock, and set Enable SSL VPN to yes.                                                                            image.png
  3. In the Listen IPs table, add the listen IP address for the SSL VPN.                                                                                                       image.png
  4. In the Service Identification section, select the certificate type to use.
  5. Click Send Changes and click Activate to activate the new configuration.
  6. Confirm the activation.
  7. In the Login section, click Lock.
  8. In the Identity Scheme list, select RSA SecurID.                                                                                                                                            image.png
  9. Click Send Changes and click Activate to activate the new configuration.
  10. Confirm the activation.

Configure the VPN Settings

Refer to https://campus.barracuda.com/product/cloudgenfirewall/doc/98210126/client-to-site-vpn/ for the general setup guide for Client-to-Site VPN.
Procedure
  1. In the configuration tree, double-click Box > Assigned Services > VPN (VPN-Service) > VPN Settings.                                                    image.png
  2. Click Lock.                                                                                                                                                                                                    image.png
  3. Scroll down to the General section.                                                                                                                                                        image.png
  4. In the Access Control Service section, enter the IP Address for the VPN service.
  5. In the Server Configuration section, set the required options.
  6. In the Default Server Certificate section, click Ex/Import > New/Edit Certificate to create a new certificate.
  7. Click OK.
  8. In Server Settings, under the Default Key section, click Ex/Import > New 2048Bit RSA Key to create a new RSA key.
  9. Click OK to confirm the Server Settings.
  10. On the VPN Settings Configuration page, click Client Networks.                                                                                                         image.png
  11. Click Lock.
  12. Right-click the table and select New Client Network.
  13. Enter the required settings and click OK.                                                                                                                                                        image.png
  14. Click Send Changes and click Activate to activate the new configuration.
  15. Confirm the activation.

Configure RSA SecurID on a VPN IPsec Service

Procedure
  1. In the configuration tree, click Box > Assigned Services > VPN (VPN-Service) > Client to Site.
  2. Click Lock.
  3. In the External CA tab, click the Click here for options link.                                                                                                                           image.png
  4. In Group VPN Settings, under the X509 Client Security section, select the External Authentication check box.                                        image.png
  5. In the Server section, click Default Authentication Scheme as Authentication Scheme.
  6. Select rsaace as Default Authentication Scheme.
  7. Click OK.
  8. Click Send Changes and click Activate to activate the new configuration.
  9. Confirm the activation.

Create a VPN Group Policy

Procedure
  1. In the External CA tab, click the Group Policy sub-tab.
  2. Right-click the table and select New Group Policy.
  3. Enter a name for the Group Policy.                                                                                                                                                               image.png
  4. In the Network list, select the VPN client network that you created before.
  5. In the Network Route section, enter the network that must be reachable through the VPN connection.
  6. Right-click the Group Policy Condition table and select New Rule.
  7. In the Group Pattern field, define the group or leave it blank if no groups are used.                                                                                   image.png
  8. Click OK to confirm the Group Policy Condition changes.
  9. Click OK to confirm the Group Policy changes.
  10. Click Send Changes and click Activate to activate the new configuration.
  11. Confirm the activation.
     
The configuration is complete.
Return to Barracuda Networks CloudGen Firewall - RSA Ready Implementation Guide.

 

Related Articles

Trending Articles

Don't see what you're looking for?