Barracuda CloudGen Firewall Responses Integration

 

Introduction

In this document, the integration processes of Logsign and Barracuda CloudGen Firewall responses will be explained. Upon the successful implementation of the procedures outlined in this document, effective communication will be established between Logsign, a security announcement and incident management system, and Barracuda CloudGen Firewall. This document will provide a step-by-step explanation of the integration of Logsign with Barracuda CloudGen Firewall responses. This will include configuring settings, establishing connections, and creating rules or triggers within Logsign, enabling block or unblock operations on Barracuda CloudGen Firewall.

 

Qualification

The Barracuda CloudGen Firewall product offers API support, allowing integration processes to be facilitated through APIs.

 

As depicted in the above diagram, in the event of a malicious occurrence, you can initiate blocking either through alarm automation or within the incident management area for IP addresses deemed harmful. The steps to enable blocking are outlined below.

 

 

Requirements

 - Barracuda CLoudGen Firewall v8.0/ v8.2 / v8.3 / v9.0
 - Logsign 6.4.7+

 

Integration

When Logsign is integrated with Barracuda, it enables operations such as blocking or unblocking an IP address. For blocking, Logsign adds the IP address to the Custom External Object lists in Barracuda. These lists are then used within rules in Barracuda to automate the process.

 

Use Cases Of The Integration

  • Blocking any IP address (Method -1)
  • Removing the blocked IP with Logsign (Method -2)

Compatibility

It does not support versions below 8.0, and it has not been tested on versions 9 and above.

Compatibility Versions
  • VERSION 9.0
  • VERSION 8.3
  • VERSION 8.2
  • VERSION 8.0

Barracuda CloudGen Firewall Configuration

In Barracuda, the process of blocking is facilitated by posting IP addresses into the Custom External Network Objects, thereby enabling the addition of IPs to this list. Automation is achieved by adding this custom external network object to a rule within the firewall, thereby enabling the blocking process.

The Barracuda Firewall Admin agent facilitates the following operations:

   Authentication tokens are required for operations to be conducted via the API. These tokens are generated on a per-user basis.

 



Configuration -> Configuration Tree -> Box (Expand) -> Administrators 

 

To ensure that changes can be made without being affected by other operations, we click on the Lock button.

 

We define the marked values and fill in the other fields according to your organization's security policy. Afterward, we apply the changes by clicking OK, Send Changes, and Active buttons.

 

 

We open the Configuration -> Configuration Tree -> Box (Expand) -> Infrastructure Services -> REST API Service section.

 

 

 

We lock it.

 

If the API service and "Bind to Management IPs" are not active, we activate them.

 

 

We proceed to the Access Tokens section to generate the token.



 

We note the token code, close the window with OK, and apply the changes using the Send Changes and Active buttons.

Token :  iE8Na3fB5FJ47oMm7K0T93rbeqEdy06v

 

The operations in Barracuda CloudGen Firewall product are limited to this extent.

If we want to control Logsign IP addresses through the firewall;

The IP addresses and networks in the custom external network objects are not displayed on the CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Firewall Rules page. Go to FIREWALL > Forwarding Rules directly on the firewall to see the content of the dynamic network objects.



Limitation

Custom External Network Objects

  • IP addresses must be written in CIDR notation.
  • Each IP address must be entered in a separate line.
  • Limited to 10,000 IP addresses per file.
  • The file used for importing IP addresses must be encoded in ASCII or at least UTF-8. Importing files encoded in UTF-8-BOM will not work.

 

Custom External Object Number

 In Block and Unblock operations, the number of the object to which we will send the IP address is default to four: CustomExternalObject1, CustomExternalObject2, CustomExternalObject3, and CustomExternalObject4. One of these objects' numbers must be determined. The reason we ask this option at input is that the limit for these external objects is 10,000. If this limit is reached, the object's address can be changed.

In addition to these, you can define different rules for these objects within the firewall. For example, you can use object 2 for blocking DDoS IPs and object 1 for malicious IPs.




Including the List in the Rule on Barracuda CloudGen Firewall

If you are implementing this step to automate the blocking process, please be cautious as we advise against using automation block operations in alarms with a high false positive trigger rate.

 

Configuration -> Configuration Tree -> Box (Expand) -> Assigned Services -> NGFW -> Forwarding Rules

 

 

Ensure that you have locked it.

 

 

Once you've defined the firewall rule according to your company policy, you can complete the automation process by selecting "Send Changes -> Active".

 

 

 

Logsign Responses Configuration

1-  A user with admin authority must log in to logsign;

Settings -> Responses -> Configure ;

 

After completing the information, click on the Test button. Once you receive a Success confirmation, finalize the process by clicking on the Create button.

 

 

Finally, click the create button to complete the process.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.