I installed a Barracuda Web Filter 410 hardware appliance last week for a client on a 30 day trial. It was in ‘inline’ mode in front of their firewall and was happily logging all web activity and sites that were getting blocked. The problem was when you looked in the log this is what you saw;
With other vendors you simply need to put an agent in to fix this, and as it turns out Barracuda is no different.
Solution
I went onto the web and tried to get the agent, but you can download it straight from the appliance. (Users and Groups > Authentication Tab)
To proceed you need to add your domain controllers onto the Barracuda
Note: You will need a domain account (a simple domain user is fine, it does not need any additional rights). Here I’m connecting via 389, if you wanted to connect with LDAPS see the following article.
Once you have installed the ADAgent.exe, (on each domain controller), run it and enter your domain user account, and test it connects properly.
Then add in your Barracuda device.
Note: Theres nothing else you need to do in the agent but while you are setting it up I suggest you see the logging level to debugging.
Now, before the successful logon events can be uploaded to the barracuda, the domain controllers need to have auditing enabled for;
Audit account logon events (success)
Audit logon events (success)
Set this in the ‘local security policy’ on each of the domain controllers, (administrative tools local security policy).
On the Barracuda itself you now have to register the agent for each one you have deployed, after a few minutes they should ‘go green’ this is done on the same tab you specified the domain controllers.
You now need to wait until your users have logged off and back on again before it starts logging properly so leave it a while to slowly populate.
Related Articles, References, Credits, or External Links
This is the process for setting up both physical and virtual Barracuda Email Security Gateway Appliances, (formally Barracuda Spam Firewall).
Note: This walk though sets out the basic functions to get your appliance working and inspecting email, it’s not an exhaustive list of all the features of the appliance.
Solution
Before you start, I’m making the assumption if you have a physical appliance, it’s racked and connected to the correct network. Or if you are using a virtual appliance it’s been deployed from OVA and connected to the correct network.
Barracuda Email Gateway Initial Setup
To get access to the appliance the default username password is admin and admin.
Navigate to TCP/IP Configuration > Enter the IP addressing information, then ensure you SAVE the config.
You will also need to enter the licence token, that was supplied to you from your reseller, again make sure you SAVE the configuration.
Exit, and you are prompted to type YES, the system will reboot.
Barracuda Email Gateway Mail Configuration.
Once the appliance has rebooted, you can connect to it though a web browser (via https). The username and password will still be admin/admin. First task is to update the appliance to the latest version. (Advanced > Firmware Update) You may need to do this a few times and each update will require a reboot of the appliance.
Basic > Administration > Email Notifications: Setup an email address for system alerts, and a system contact email address. Save the changes.
On the same tab > Change the tine zone > (This may require another reboot).
Basic > IP Configuration: Destination Mail Serber TCP/IP Configuration > Enter the details of your exchange server (MS Exchange Note: that already has a configured receive connector). Use the ‘Test Email Connection’ button to make sure it’s working. Also set a local hostname and domain name, WARNING don’t use the default one of Barracuda, as this is displayed to the outside world, (best not to advertise, your email filter vendor).
Domains > Domain Manager: Add in all the domains the you want to filter email for
Barracuda Manage Domains or Manage Globally
IMPORTANT: You can change settings for each individual domain, (handy if you filter email domains for a lot of different customers). Or you change settings globally. To manage an individual domain, navigate to Domain > Domain Manager > Select the domain and click Manage Domain. From this point forward you are only changing settings for this managed domain. You return to global configuration by clicking ‘Manage System“.
I’ve mentioned this now, because the next steps are carried out ‘per domain’.
For each Exchange Managed (i.e. Active Directory Domain.) Users > LDAP Configuration > Change Exchange Accelerator /LDAP Verification to “Yes” > Enter the FQDN of one of your domain controllers > LDAP Port (use 389 or 3268) > Then enter the ‘Distinguished Name’ and password for a domain user. Make sure the test passes before you proceed.
How to Find a Distinguished Name? Run the following dsquery command;
[box]dsquery user –name “User Name”[/box]
Why Have you just done this? Because now Barracuda will reject all mail sent to this domain, for users that do not exist. This is because spammers will bulk mail known good domain names with random names in the hope of getting lucky. Repeat for any other domains you are authoritative for. But Ensure you use a machine email address of the domain you are protecting like so;
Back in global configuration > I’m going to set Quarantine, on a user by user basis (rather than globally). Basic > Quarantine enable per-user, then enter an email and the FQDN of the Barracuda appliance > Save.
Basic > Spam Checking: The actual levels you want may require some tuning, this is a good place to start. You would normally use either Quarantine or Tagging, Im setting the appliance to block at level 6 and quarantine at level 3. (Note: These levels are scores that Barracuda assigns to the emails, that grade the likelihood of them being spam).
The Barracuda, (like most email platforms) wont accept email from any ip/host/subnet unless you allow it. So that your email server can send mail though the Barracuda you need to add it in. Basic > Outbound > Relay Using Trusted IP/Range >Enter either the IP addresses of your mail servers, or the subnet they are on.
Configure Exchange 2013/2016 To Send Mail via Barracuda
I know there are many Email platforms but I’m using Exchange 2016, to send email via this appliance you need to add it as a “Smart Host” on the Exchange Organisations ‘Send Connector’. Log into Exchange Admin Center > Mail Flow > Send Connector > Select the connector > Edit.
Delivery Tab > Enter the FQDN or IP of the Barracuda > Save.
Then restart the Microsoft Exchange Transport Service.
Exchange Receive Connector: You probably already have a receive connector, configured for internet email (i.e set to anonymous, for port 25). In some Exchange deployments, you may need to add a connector for the Barracuda and allow it to relay mail through Exchange.
Repoint Mail ‘Feed’ To Barracuda
How you do this depends on your network setup, and firewall vendor. If you already have mail coming into your mail server then you are probably doing one of the following;
Port Forwarding SMTP (TCP Port 25) from your public IP, to the internal IP of the mail server.
Statically NATTED a public IP address, to the internal/private IP of the Mail server, and opened SMTP (TCP Port 25) to that IP.
In either case, you need to change the private IP address that mail is pointing to from your mail server to the Barracuda IP. If you are using a Cisco Firewall or Router, Ive already written some articles that may help, take a look at the following.
Be aware if you change the public IP address that you accept mail on, you need to change your DNS MX Records to match, (if you use SPF records those may also need changing). See the following article;