- Computers & electronics
- Networking
- Hardware firewalls
- Barracuda
- NextGen Firewall F
- User Guide
- 5 Pages
Barracuda NextGen Firewall F Firewall User Guide
Below you will find brief information for Firewall NextGen Firewall F. The Firewall NextGen Firewall F is a powerful device that allows you to connect to the internet using a 3G modem for locations without a land-based internet connection or for backup purposes. You can configure the device to use the 3G modem as a primary or a backup connection. If you are using it as a backup, you can set it to standby mode, where the connection is manually activated by a command line script. The Firewall NextGen Firewall F supports various features such as connection monitoring, dynamic DNS, and policy routing.
advertisement
Assistant Bot
Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.
Barracuda NextGen Firewall F
How to Configure an ISP with UMTS/3G
For locations without land-based Internet connection, or as a backup in case the land-based ISP connections fail, you can use a UMTS/3G broadband modem to connect to a 3G network. Configure the connection settings and introduce a network route via the 3G WAN interface. You can operate the UMTS link in active or standby mode.
With active mode, the link is automatically brought up with the network activation process. When operating the link in standby mode, the link is manually brought up and down by a command script.
In this article:
Before you Begin
Connect a supported (e.g., Barracuda 3G Modem) to the USB port of the Barracuda NG Firewall.
You need the APN configurations settings for your mobile broadband provider.
(optional) PIN code to unlock your SIM card.
Step 1. Configure Connection Details
Configure the settings for your UMTS card and specify the connection details.
1.
2.
3.
Open the Network page (Config > Full Config > Box).
In the left menu, select UMTS/3G.
Click Lock.
4.
Set UMTS/3G Enabled to Yes.
5.
To use the 3G modem as a backup connection, set Standby Mode to Yes.
Standby connections must be started by a command line script. For more information, see Operating an
.
6.
7.
8.
Select your UMTS/3G modem from the UMTS/3G Modem Card list. E.g., Barracuda 3G Modem
Select the interface associated with the UMTS card from the Modem Interface list.
Enter the Access Point Name (APN) as suggested by your provider.
9.
If your SIM card has a PIN code to unlock, enter the SIM PIN.
10.
If required, enter the Phone Number. (Do not enter the # sign.)
If your mobile broadband provider does not assign a number that ends in 1, switch to Advanced
Configuration Mode and change the Context Identifier setting in the PDP Context section
How to Configure an ISP with UMTS/3G
1 / 5
Barracuda NextGen Firewall F accordingly.
Step 2. Configure Authentication
Select an authentication method and enter the PPP credentials provided by your ISP. You can also set up dynamic DNS.
1.
2.
3.
4.
5.
6.
In the Authentication section, select the Authentication Method that is used for the connection.
In the User Access ID field, enter the principal account name (PPP username) assigned to you by your provider.
If your provider assigned a sub-ID to you, enter it in the User Access Sub-ID field. Do not enter the # sign.
Enter the PPP Access Password assigned to you by your ISP.
Select Use ProviderDNS to use the DNS servers assigned by your provider. To use dynamic DNS, select Use Dynamic DNS and click Set. The Dynamic DNS Params window opens.
1.
Select a dynamic DNS Service Type. For information on DynDNS service types, see http://www.dyndns.com/services/ [1] .
2.
3.
Enter the Dyn DNS Name that was registered on dyndns.org.
Enter the User Access ID and Password for accessing the dyndns.org service.
Click OK.
Step 3. Configure Routing Settings
Configure the routes and routing tables for the UMTS link.
1.
2.
3.
4.
5.
6.
7.
8.
9.
In the Routing section,
Disable Own Routing Table to only insert routes in the main and default tables, or
Enable Own Routing Table to use policy routing. With policy routing, a new table named 'umts1' is introduced to the main routing table where UMTS routes are inserted.
1.
To use the IP address dynamically assigned by your ISP as the source network for policy routing, select Use Assigned IP. Until the ISP has successfully assigned an address, the
2.
rule uses 0.0.0.0 as a source address.
In the Source Networks table, add source networks or single hosts that will point to the 'umts1' table (IP address/netmask notation; for a single host, enter 32 as netmask (e.g.,
192.168.0.55/32).
Enable Create Default Route to automatically introduce the default route assigned by the provider.
When disabling Create Default Route, you must add Target Networks that are supposed to be reachable through this link.
Use the Remote Peer IP override mechanism if your provider does not assign a remote gateway IP address.
If your default route should be set dynamically when the xDSL connection is established, add 0.0.0.0/0 to the Target Networks table.
When the OSPF/RIP/BGP service is used, select Advertise Route.
Select a Trust Level to define which IP address types are counted by the firewall for traffic on this interface.
Enable Clone Routes to clone the dynamic routes to the main or default table if Create Default Route is disabled. This setting is useful for setups where application-based selection (explicit binding in a firewall rule) of a traffic path is supposed to coexist with link failover (proxy dynamic).
Specify a Route Metric to assign a preference number to the routes to the specified target networks or if multiple dynamic links are available. To use your UMTS uplink as a backup connection (provider failover), enter a value larger than 0.
Enable GRE with Assigned IP to register the assigned IP address for IP protocol 47.
How to Configure an ISP with UMTS/3G
2 / 5
Barracuda NextGen Firewall F
Step 4. Configure Connection Monitoring
C onfigure connection monitoring by entering a list of health check targets that are only reachable through this connection. Should the ping to these health check targets fail, the Barracuda NG Firewall will terminate and reestablish the connection until the monitoring target IP addresses are reachable again.
1.
In the Connection Monitoring section, select the Monitoring method:
LCP – If ping fails, the dial in daemon is probed directly via LCP.
ICMP – The Barracuda NG Firewall probes the Reachable IPs and. if there is no response, the gateway.
StrictLCP – No ICMP probing occurs.
2.
Enter one or more Reachable IPs to monitor the availability of the connection. The target IP addresses should only be accessible via this connection.
Do not use the Modem Error Policy setting for USB modems such as the Barracuda M10 USB modem .
To reset the bus for PCMCIA type modems on persistent error conditions, select Reset-Modem.
3.
Select the Unreachable Action to be taken if the connection cannot be established. The following options are available:
Restart – Restarts the connection.
Increase-Metric – Changes the preference for UTMS/3G routes until the probe succeeds.
4.
Click OK.
5.
Click Send Changes and Activate.
Your UMTS/3G connection is now active and the IP address assigned by your ISP is visible on the CONTROL >
Network page. All status icons next to the ppp5 interface are green, indicating an active connection. If the
UMTS/3G connection is your primary uplink, the default route pointing to the ppp5 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.
Step 5. Activate Network Changes
You must activate the network changes to bring up the xDSL connection.
1.
2.
3.
Open the Box page (Control > Box).
In the left menu, expand the Network section and click Activate new network configuration.
Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.
Your xDSL connection is now active and the IP address assigned by your ISP is visible on the CONTROL >
Network page. All status icons next to the ppp1 interface are green, indicating an active connection. If the xDSL connection is your primary uplink, the default route pointing to the ppp1 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.
Operating an UMTS/3G Link in Standby Mode
Enable Standby Mode in the link configuration if the UTMS/3G connection is used as a backup connection. In standby mode, the activation and subsequent monitoring of the link must be triggered externally. Standby
How to Configure an ISP with UMTS/3G
3 / 5
Barracuda NextGen Firewall F mode also lets you combine HA setups for HA UMTS/3G connections.
1.
2.
The UMTS/3G routes are set to pending, and the Barracuda NG Firewall does not check whether they are established.
The configuration is completely run through but the connection is not yet established.
Standby connection can only be started by a command line script. Example usage:
Start UMTS connections - /etc/phion/dynconf/network/openumts start first &
Stop UMTS connections - /etc/phion/dynconf/network/openumts stop first &
To enable link operation in standby mode,
1.
2.
3.
4.
On the UMTS/3G page, enable Standby Mode.
Select Register in Standby. This accelerates the dial-in process when the link is fully activated.
In the UMTS/3G Connection Details, enable Active GSM Channel to register on the 3G network. No data connection is established when registering on the 3G network.
Click Send Changes and Activate.
You can now use the command line scripts listed above to enable the UMTS/3G connection.
How to Configure an ISP with UMTS/3G
4 / 5
Barracuda NextGen Firewall F
Links
How to Configure an ISP with UMTS/3G
5 / 5
advertisement
Key Features
- Connect to internet using 3G modem
- Use as primary or backup connection
- Standby mode for manual activation
- Connection monitoring
- Dynamic DNS
- Policy routing