Barracuda Networks SSL VPN Specifikace

Procházejte online nebo si stáhněte Specifikace pro Software Barracuda Networks SSL VPN. Barracuda Networks SSL VPN Specifications Uživatelská příručka

  • Stažení
  • Přidat do mých příruček
  • Tisk
  • Strana
    / 130
  • Tabulka s obsahem
  • Hodnocené. / 5. Na základě hodnocení zákazníků
Zobrazit stránku 0
B a r r a c u d a S S L V P N A d m i n i s t r a t o r s G u i d e
Version 1.0
Barracuda Networks Inc.
3175 S. Winchester Blvd
Campbell, CA 95008
Zobrazit stránku 0
1 2 3 4 5 6 ... 129 130

Shrnutí obsahu

Strany 1 - Version 1.0

B a r r a c u d a S S L V P N A d m i n i s t r a t o r ’ s G u i d e Version 1.0 Barracuda Networks Inc. 3

Strany 2 - Trademarks

10 Initial Setup Checklist for Unpacking Thank you for purchasing the Barracuda SSL VPN. Match the items on this list with the items in the box. I


100 Configuring Windows Explorer Drive Mapping A number of configuration properties can be accessed from Management Console > System Configuration


101 Applications This feature of the Barracuda SSL VPN allows for the publishing of applications that are to be either downloaded or launched by


102 Delete Application shortcut Edit Application shortcut details Execute resource (user console) Publish a new Application In order to demonstra

Strany 6 - Chapter 1

103 • Port: The port on which the remote is listening. If the VNC server uses display numbers instead of ports (i.e. if the VNC server is hosted on

Strany 7 - Overview

104 Step 5 This page allows for the configuration of policies to be applied against the new application record. Policies can be added, removed or ev

Strany 8 - Barracuda SSL VPN Models

105 SSL Tunnels SSL Tunnels allow for ad-hoc connections to be made between networked computers. What is an SSL Tunnel? An SSL Tunnel is simply

Strany 9 - Getting Started

106 Step 1 To create a new SSL tunnel, first click the “Create Tunnel” action from the SSL tunnel main page. This will then start the wizard, the

Strany 10 - Initial Setup

107 • Destination Port: The port number of the host that forms the other end of the tunnel. The port on which the Barracuda SSL VPN creates a server

Strany 11 - Opening Firewall Ports

108 Step 6 Finally click on the Exit Wizard button to close and exit the wizard. The newly created SSL tunnel will now be displayed on the main pa

Strany 12

109 Step 3 Selecting No will cancel the action and return to the SSL tunnels screen. Selecting Yes will remove the SSL Tunnel and return to the mai

Strany 13

11 Password: admin 2. Configure the IP Address, Subnet Mask, Default Gateway, Primary DNS Server and Secondary DNS Server as appropriate for your

Strany 14

110 Profiles Profiles configure the general working environment for a user. The system provides two areas of control and they are the session and

Strany 15 - Within the DMZ

111 If a user has been given the permission to maintain profiles only those profiles associated with a user’s policy are visible from the user conso

Strany 16 - Barracuda SSL VPN

112 Step 4 In the final step the wizard presents a summary of the profile. Pressing the Finish button will end the wizard and create the prof

Strany 17

113 Editing Session Details Replacement!Variables!The!${}!indicates!that!re placement!variables!can!be!inclu ded!in!the!resource!definition.!Cli ck

Strany 18

114 SSL VPN Agent Proxy Configuration • Type: Type of proxy server, this can also be configured to use whatever proxy the browser is using. • Hostn

Strany 19 - Description

115 Selecting Yes will result in the removal of the resource from the system. If this profile is associated with any policies this link will also be

Strany 20 - Viewing System Tasks

116 System Functions This chapter encapsulates features that affect the Barracuda SSL VPN as a whole from functions such as shutting down the se

Strany 21 - Replacing a Failed System

117 Creating a New Report Step 1 In!the!main!page!select!the !Create!Audit!R eport!action!fro m!action!menu! Step 2 This!presents!the!report!c reat

Strany 22

118 Step 3 Once!saved!this!report!sh ould!be!visible!fr om!the!main!page! These reports can be executed over and over again by pressing the execut

Strany 23 - Switching Views

119 Running One-Off Reports Not all reports need to be created beforehand before they can be executed. The auditing feature allows reports to create

Strany 24 - Checking Status

12 Set the Administrative Options To set the Administrative Options: 1. Select Basic  Administration. 2. Assign a new administration password to t

Strany 25 - Configuring User Databases

120 This will generate the report and allow it to be downloaded. When the file download dialog appears simply save or open the file. The report

Strany 27

122 Appendix A Regular Expressions The Barracuda SSL VPN allows you to use regular expressions in many of its features. Regular Expressions allow

Strany 28 - Troubleshooting

123 Using Special Characters in Expressions The following characters have a special meaning in regular expressions and should be escaped (prepended b

Strany 29

124 Appendix B Limited Warranty and License Limited Warranty Barracuda Networks, Inc., or the Barracuda Networks, Inc. subsidiary or authorized Dis

Strany 30 - Configuring LDAP


Strany 31


Strany 32

127 extent of a conflict between the provisions of the foregoing documents, the order of precedence shall be (1) the written agreement, (2) the click

Strany 33 - Session Options

128 capabilities, functions, licensing terms, release dates, general availability or other characteristics of any future releases of the Energize Upd

Strany 34 - Confidential Attributes

129 Renewal. At the end of the Energize Update Service Period, Customer may have the option to renew the Energize Update Service at the current list

Strany 35 - Appearance

13 To take advantage of the features of the Barracuda SSL VPN, you must route HTTPS incoming connections on port 443 to the Barracuda. This is typica

Strany 36 - SSL Certificates

130 Appendix C Compliance Notice for the USA Compliance Information Statement (Declaration of Conformity Procedure) DoC FCC Part 15: This device

Strany 37 - Creating a CA

14 ALWAYS read the release notes prior to downloading a new firmware version. Release notes provide you with information on the latest features and f

Strany 38 - Importing a Certificate

15 Deployment Scenarios The following diagrams have been provided to show some basic deployments. A brief description of some of the more major chara

Strany 39

16 Configuring your Firewall to Route Incoming SSL Connections to the Barracuda SSL VPN There are many implementations of firewalls using software or

Strany 40

17 Seeing the above dialog means that the appliance has successfully been contacted and has sent a reply to the client’s browser.

Strany 41 - Attributes

18 Appliance Administrator Web Interface The Appliance Administrator Web interface is accessed using a different port to the standard interface and

Strany 42 - Web Forwards

19 Monitoring the Barracuda SSL VPN Checking Status Check the Basic > Status page for an overview of the health and performance of your Barracuda

Strany 43 - Actions Icons

2 Copyright Notice Copyright 2008, Barracuda Networks v1x-081201-01-1201 All rights reserved. Use of this product and this

Strany 44 - Creating Attributes

20 Configuring an SSL Certificate In order to only allow secured connections when accessing the Web administration interface, you need to supply a di

Strany 45 - Deleting an Attribute

21 Updating the Firmware of Your Barracuda SSL VPN The Advanced > Firmware Update page allows you to manually update the firmware version of the s

Strany 46 - Session Variable

22 Using the Reset Button to Reset the LAN IP address The Barracuda SSL VPN is assigned a default IP address of You can change this

Strany 47

23 SSL VPN Administrator Web Interface The SSL VPN Administrator interface is the main point of interaction between the administrators of the system

Strany 48 - Introduction

24 Accessibility Initially only the administrator of the system will be able to access the management console. The administrator has access to every

Strany 49 - Access Control Architecture

25 Configuring User Databases All user data used and managed by the appliance must be stored somewhere. The Barracuda SSL VPN allows the configur

Strany 50 - What is Permission?

26 Controller. Hostnames can also be specified with a port number if different from the Domain Controller Port parameter. Service!Account!Authenti

Strany 51

27 • Page Size: The number of objects returned in each paged request, the default should be acceptable in most cases. • User/ Group Cache TTL: This

Strany 52 - Creating Accounts

28 Organizational Units (OUs) In Active Directory, ‘Organizational Units’ (OUs) are the key structure for organizing users, computers, and other obje

Strany 53 - Create New Account

29 • The time settings between the Active Directory server and the Barracuda SSL VPN appliance are synchronized. Kerberos authentication, used by Wi

Strany 54 - Deleting an Account


Strany 55 - Creating Groups

30 Configuring LDAP LDAP configuration is divided into five distinct areas. The first of these is the Configuration tab. • Hostname: Hostname of th

Strany 56 - Delete Group

31 The next tab, ‘Role Schema’ requires role information so the appliance can successfully link to the correct role classes at run time. • Role cla

Strany 57 - Creating Policies

32 Advanced System Configuration The Advanced System Configuration (Management Console  Advanced  Configuration) page allows the configuration

Strany 58 - Create Policy

33 • Active DNS Host Format: The format of the unique Active DNS hostname used to access reverse proxy web forwards. Password Options This page co

Strany 59

34 • Maximum Logon Cookie Age: Maximum age of the cookie that is used persist the logon if the browser is closed. A value of -1 will mean that the u

Strany 60 - Delete Policy

35 Appearance Logon Page This page defines the logon preferences. All users are affected by the changes made to this page. • Site Name: Define a

Strany 61 - Creating Access Rights

36 SSL Certificates An SSL certificate can be configured for the purpose of encrypted communication between server and client. This page enables th

Strany 62 - Creating an Access Right

37 Creating a CA A Certificate Authority is required to be able to issue certificates to the clients. This process defines the appliance as the autho

Strany 63 - Delete Access Rights

38 Step 1 Select the ‘Download CSR’ option available in the Action pane. Step 2 The ‘Download CSR’ action takes the content from the unsigned cer

Strany 64 - Authentication Schemes

39 Step 4 The system provides a summary of the action about to be performed. Selecting Back will allow the details to be modified. Once complet

Strany 65


Strany 66

40 Exporting Keys and Certificates If you need to retrieve the certificate or key for one that has been previously created then these can be exported

Strany 67 - Creating a Password

41 Attributes As with any large user management system, functionality that allows for simpler administration is always welcome. User attributes are

Strany 68 - Management Console

42 Applications Attributes can be used with application shortcuts, an attribute can be created as below which defines a hostname and a port number.

Strany 69 - Configuring Passwords

43 When the Web forward is configured the attributes are added to the authentication parameters. When the Web forward is finally executed the su

Strany 70 - Configuring Answers

44 Delete User Attribute Edit User Attribute Creating Attributes Step 1 Select Create User Attribute from the action box at the top right of the

Strany 71

45 o Checkbox: you can specify a replacement name for the default true, false values. o Text area: this parameter allows the dimensions of the text

Strany 72 - Resource Management

46 Fixed!System!Attributes!User!attributes ! created!by!the!system!such!as!th ose!categorized! under!Security!Questions!are!required!by!the ! syste

Strany 73 - Executing a Resource

47 The session variable refers to the values available during the course of the session. So as above the system would replace this with the username

Strany 74 - The Barracuda SSL VPN Agent

48 Access Control This section details how the system can be accessed, from creating user account to giving users access rights to the system. De

Strany 75

49 With trust playing such a significant part of remote access, the Barracuda SSL VPN solution has been designed to allow for either ‘coarsely grain

Strany 76 - Web Forwarding!


Strany 77 - Tunnelled Web Forwards

50 Utilizing this methodology, the Barracuda SSL VPN is able to maintain robust, secure, and flexible access control architecture. What is a Resou

Strany 78 - Web Forward Interface

51 A ‘permission’ is a special part of a policy. It adds the final level of control to the access control framework. As we have seen, not only can we

Strany 79 - Creating a new Web Forward

52 Creating Accounts Principals in their basic form refer to the users of the system upon which the services are delivered. Accounts are the means

Strany 80 - Authentication

53 The action icons against each account performs functions on the associated account, their respective objective is detailed below: Delete accoun

Strany 81

54 Step 5 Once the account has been saved the system will ask for a password for the new account. A new password must be entered. In addition the

Strany 82

55 Creating Groups Groups represent the alternative type of principal. Groups offer a more convenient type for larger enterprises with a greater u

Strany 83

56 Groups Interface Action Icon The action icons perform a particular function on the associated group. Available actions for a group are: Edit gro

Strany 84

57 Creating Policies Polices are the main building blocks in the access control architecture of the Barracuda SSL VPN. They form the bond between

Strany 85 - Deleting a Web Forward

58 Policy Interface The policy screen displays a summary of available policies in the system. It is from this screen that we can create, edit and de

Strany 86

59 To add an account simply use the selection buttons; ‘Add’ to add an Account to the ‘Selected Accounts’ list box or ‘Remove’ to remove an Accoun

Strany 87

6 Chapter 1 Introduction This chapter provides an overview of the Barracuda SSL VPN and includes the following topics: • Overview • Barracuda SSL V

Strany 88 - Network Places

60 Editing a Policy By selecting the ‘Edit’ action icon besides the policy of concern (from the policy page) the ‘Edit Policy’ page will be shown. Fr

Strany 89 - Network Places Interface

61 Creating Access Rights The final piece in the policy chain is the resource. Once a policy has been created and principals attached then these

Strany 90 - Creating a new Network Place

62 Edit resource permission Creating an Access Right Step 1 Select the type of access right from the action box. The wizard guides the user throug

Strany 91

63 Editing Access Rights By selecting the ‘Edit’ action icon against a resource permission, the ‘Edit Resource Permission’ page will be shown. From t

Strany 92

64 Authentication Schemes Authentication is the means of verifying a user’s identity; this can be in the form of a password or a code\key. To allo

Strany 93 - File Management

65 Action Icons Delete policy Edit policy details Enable scheme Disable scheme Decrease priority of scheme Increase priority of scheme Creatin

Strany 94 - Web Folders Windows Access

66 Topmost!Modu l e!Must!be!a!Primary!Module!At!the!top!of!the ! Selected!Modules!window!there!must!be!a!module!which!can!be!a ! primary!module.!Th

Strany 95

67 Authentication Modules As mentioned previously, there are differences in the level of control available for the configuration of a module. This se

Strany 96

68 Modifying a Password Once a password has been assigned to the account it can be altered at any time by both the administrator from the Management

Strany 97

69 User Console This method is used by the user allowing them to securely modify their own password without any intervention by the administrator. S

Strany 98

7 Overview The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resour

Strany 99

70 The security function password structure is built around ‘regular expression’ syntax. Any valid expression will be accepted to parse passwords an

Strany 100

71 Step 1 Open the ‘Edit Personal Details’ page from User Console > My Account > Personal Details Step 2 Select the Security Questions tab

Strany 101 - Applications

72 Resource Management Resources are the key entities that a user of the system will interact with. Without such things, a user has no means of u

Strany 102 - General Tab

73 • Network Place: Provide network file system access • Application: Deployment and execution of applications • SSL Tunnel: Configure SSL tunnels

Strany 103 - Advanced Tab

74 The Barracuda SSL VPN Agent Many commonly used applications typically operate using unsecured protocols to facilitate the exchange of data. T

Strany 104 - Removing an Application

75 Executing Resources from the Barracuda SSL VPN Agent Once the Barracuda SSL VPN Agent is started you can execute any resource assigned to you from

Strany 105 - SSL Tunnels

76 Web Forwarding! Web forwards provide a secure way of remotely accessing a company’s intranet resources and as such are an essential tool in helpi

Strany 106

77 Technical Overview The Barracuda SSL VPN provides four ways in which a Web forward can be created, and these are as follows: • Tunneled: Suitabl

Strany 107

78 Reverse Proxy Reverse proxy like replacements does not rely on the Barracuda SSL VPN Agent and again despite this the communication link remains e

Strany 108 - Removing an SSL Tunnel

79 Creating a new Web Forward Step 1 Select the Create Web Forward action. Step 2 Select the type of Web forward you wish to create. Step 3 Onc

Strany 109

8 Barracuda SSL VPN Models The Barracuda SSL VPN comes in a variety of models. Refer to the following table for the capacity and features available

Strany 110 - Profiles

80 Configuring a Replacement Proxy Web Forward Replacement details require two sets of information; the first is the basic information of the Web sit

Strany 111 - Creating a new Profile

81 • Form Type: The type of form authentication to use, in most circumstances POST will be used to post the parameters listed in the Form Parame

Strany 112 - Editing Profile Parameters

82 Configuring a Reverse Proxy Web Forward As with replacement proxy this also requires two types of information, the basic URL information and the a

Strany 113 - Editing Session Details

83 and suffixed by is generated (e.g. and used by the client browser to access the reverse proxy. The Barr

Strany 114

84 ixPerson, sPassword are all form parameters for this application. During authentication these will be passed into the form with the provided value

Strany 115

85 Editing a Web Forward From the Web forwards page select the Edit action against the required Web forward and the Edit Web Forward page will be sho

Strany 116 - Auditing

86 Outlook Web Access and Mail Check This mail check feature presents to the user an instant view of his or her email account status directly throug

Strany 117 - Creating a New Report

87 mail server these are usually identical. If these are different, then each user needs to provide their mail authentication details on this screen

Strany 118

88 Network Places Network places are another vital tool against defending unwarranted access to the corporate network. By configuring a network p

Strany 119 - Running One-Off Reports

89 Network Places Interface The main network place page lists the available shares. This page is located under Management Console > Resources >

Strany 120

9 Chapter 2 Getting Started This chapter provides an overview of The Barracuda SSL VPN detailing the initial installation and the basics of interacti

Strany 121

90 Creating a new Network Place Step 1 From the main network places page the action menu in the top right presents the only available action which i

Strany 122 - Regular Expressions

91 • Host: Hostname of source filesystem • Port: Port of source filesystem • Path: Specific path that needs to be accessed on the host Replac

Strany 123 - Examples

92 The final step is defining a drive letter for the network place. This feature allows a share to be mapped to a drive letter. Once mapped the user

Strany 124 - Limited Warranty and License

93 File Management When a network place is executed the file system is opened in a new window. The window displays the content of the file. All the c

Strany 125 - Software License

94 Editing a Network Place From the network place page select the Edit action against the required resource and the Edit Web Forward page will be sho

Strany 126

95 Step 3 Under the Network Tasks pane select Add a network place.

Strany 127

96 Step 4 This starts the Add network place wizard. Step 5 The wizard will briefly search for information about service providers and will then

Strany 128

97 In the screenshot above the Barracuda SSL VPN is and my network place as named in network places on the system is Pub

Strany 129

98 In ‘My Network Places’ a new shortcut is created. This shortcut can be moved to the desktop so that all a user needs to do to access the shar

Strany 130 - Compliance

99 Windows Explorer Drive Mapping This feature adds the ability for a user to create a network place and assign it a drive letter when using Microsof

Komentáře k této Příručce

Žádné komentáře