# Barracuda CloudGen Firewall Integration

General Overview

This guide explains the configuration of multi-factor authentication (MFA) for Barracuda CloudGen Firewall utilizing Mirket as the identity provider. Prior configuration and deployment of Barracuda CloudGen Firewall are required before setting up MFA with Mirket.

Barracuda CloudGen firewall offers various MFA configuration modes. In this integration, we've configured RADIUS authentication with Mirket.

This integration was tested with version v7.1.3-061 of Barracuda CloudGen firewall Vx VF10.

## Preparation Steps

Before proceeding with these procedures, ensure the following:

* You've completed the installation and configuration of the Mirket (go to <mark style="color:blue;">Mirket Installation Steps</mark>).
* End-users can access the Barracuda CloudGen Firewall Vx VF10.

## Configuring Barracuda CloudGen Firewall

### RADIUS Server Configuration

For RADIUS authentication in Barracuda CloudGen Firewall, you need to configure a RADIUS server (the Mirket server IP address).&#x20;

Follow these steps to configure a RADIUS server:

* Access the Barracuda CloudGen firewall using Barracuda NextGen Admin credentials to proceed.

<figure><img src="/files/oaEUjkEczkoKFd1sP8jz" alt=""><figcaption></figcaption></figure>

* Go to **Configuration > Configuration Tree > Box > Infrastructure Services > Authentication Service.**

<figure><img src="/files/x96prm1DB3MP0czaj7xu" alt=""><figcaption></figcaption></figure>

* Select the **RADIUS Authentication** option from the left-hand menu. Then click on **Lock**.
* Select the **Advanced View** option from under the **Configuration Mode** in the left-hand menu.
* Within the **Radius Authentication** area, choose the "**Yes**" option from the **Activate Scheme** dropdown list.
* Choose the "**RADIUS**" option from the **Method** dropdown list.
* Click on the "**+**" icon to add a RADIUS server in the **Basic** field.

<figure><img src="/files/4BPvYUdN0BXkZU0iOhzc" alt=""><figcaption></figcaption></figure>

* Input the IP address of the Mirket (RADIUS server) into the **Radius Server Address** field.
* Input the port number for communication with the Mirket (Radius Server) in the **Radius Server Port** field. The default Gateway ports are **1812** and **1645**.
* Assign a shared secret key to identify your RADIUS client in the **Radius Server Key** field. Make sure to use the same shared secret key while configuring your RADIUS client resource in Mirket.

<figure><img src="/files/Hht6QK5MwQ09V7YP2vGt" alt=""><figcaption></figcaption></figure>

* Click on **OK**. Keep the remaining settings as default values.
* Click on **Send Changes** and then click on **Activation Pending**.

<figure><img src="/files/awrqptAy7Y0ZVKV6mVvP" alt=""><figcaption></figcaption></figure>

### Establishing an SSL VPN Server

* Go to **Configuration > Configuration Tree > Box > Virtual Servers > S1 > Assigned Services**.
* Right-click on **Assigned Services** and select **Create Service**.
* Choose the "**Yes**" option from the **Enable Service** dropdown list.
* Enter a unique service name that contains more than six characters in the **Service Name** field. **Note:** The service name can't be modified later.
* Choose the "**VPN Service**" option from the **Software Module** dropdown list.
* Choose the "**First + Second-IP**" option from the **Service Availability** dropdown list.&#x20;

<figure><img src="/files/YnrOpYwbm4WHmC41lxzC" alt=""><figcaption></figcaption></figure>

* Click on **Next**. Keep the settings at their default values on the Statistics and Access Notification configuration pages.
* Click on **Finish** and then click on **Activate**.

<figure><img src="/files/DfWPAHgvvOVd7goXGaDN" alt=""><figcaption></figcaption></figure>

### Disabling Port 443 for Site-to-Site and Client-to-Site VPN Connections

* Go to **Configuration > Configuration Tree > Box > Virtual Servers > S1 > Assigned Services > VPN-Service > VPN Settings**.
* Click on **Lock** then click on the "**Click here for Server Settings**" option.
* Choose the "**No**" option in the **Port 443 VPN Listener** field.&#x20;

<figure><img src="/files/PVCVB6slj1G80w5WJUrQ" alt=""><figcaption></figcaption></figure>

* Click on **OK** to confirm settings.
* Click on **Send Changes** and then click on **Activate**.

<figure><img src="/files/GkVya2o9xoamkBKvLIob" alt=""><figcaption></figcaption></figure>

### SSL VPN Server Settings Configuration

* Go to **Configuration > Configuration Tree > Box > Virtual Servers > S1 > Assigned Services > VPN-Service > SSL-VPN**.
* Click on **Lock**.
* Choose the "**Yes**" option from the **Enable SSL VPN** dropdown list.
* Click on the "**+**" icon next to the **Listen IPs** field. This represents the external IP address that the SSL VPN listens on, typically used for internet connectivity.
* Check the **Restrict to Strong Ciphers Only** checkbox.
* Choose the "**Generated-Certificate**" option from the **Identification Type** dropdown list.

<figure><img src="/files/wijAao3oaYBmmXxwpaBO" alt=""><figcaption></figcaption></figure>

* Select the **Login** option from the left-hand menu.
* Choose the "**RADIUS**" option from the **Identity Scheme** dropdown list.

<figure><img src="/files/07YCDmN4A3yKasniSX7U" alt=""><figcaption></figcaption></figure>

* Click on **Send Changes** and then click on **Activate**.
* Select the **Access Control Policies** option from the left-hand menu. Then modify the **Default** policy.
* Click on the "**+**" icon next to the **Authentication Schemes** field to add the "**RADIUS**" option.&#x20;

<figure><img src="/files/ZZIfpcBoMvfbMtcuRd8b" alt=""><figcaption></figcaption></figure>

* Then click on **OK** to confirm settings.
* Click on **Send Changes** and then click on **Activate**.

## Configure Mirket

To enable Mirket to receive authentication requests from Barracuda, follow these steps:

* Define Barracuda as a RADIUS client resource within Mirket.
* Create an authentication policy for the Barracuda RADIUS client resource or include it in an existing authentication policy.
* Attach the Barracuda resource to the Mirket Radius.

### Add a Barracuda CloudGen as Resource in Mirket with Mirket Radius Gateway

Before starting, ensure that you have installed Mirket Radius Gateway. To add a Radius Client to the Mirket Radius Gateway, follow these steps:

* First, navigate to the directory `C:\MirketRadius` and open the `config.json` file.&#x20;

<figure><img src="/files/khJnvyWEAXx5jWcEuaAR" alt=""><figcaption></figcaption></figure>

* Fill in the <kbd>gateway</kbd> and <kbd>radiusClientList</kbd> fields according to the provided specifications to ensure accurate and secure network configuration.
  * **samName**: Enter the SAM name of the gateway. In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. This username is used for authentication and access controls. Please provide your domain name, such as 'mirket'.
  * **authenticationPort**: Enter the authentication port value you set for the gateway. The default value is 1812.
  * **accountingPort**: Enter the accounting port value you specified for the gateway. The default value is 1813.
  * **gatewayIp**: Enter the IP address of the server where the Mirket is installed.
  * **ipAddress**: Enter the IP address of your firewall.
  * **secretKey**: Enter your secret key. This secret key is used to link your radius client and radius server, so ensure they are identical.

<figure><img src="/files/XXashWhbXtFHLbzzPqP3" alt=""><figcaption></figcaption></figure>

* Once you've made the necessary changes to the config.json file, save and close it. **Note**: You can add multiple RADIUS clients.
* After completing the configuration, restart the 'Mirket Radius Gateway Service'.

<figure><img src="/files/JrQvFsUxyh98qTV1Iq1G" alt=""><figcaption></figcaption></figure>

### User and Group configuration on Mirket&#x20;

To set up multifactor authentication, make sure you have at least one user group in Mirket.

If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.

* [Create a Local Group to add users manually.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-group-configuration.md)
* [Add local Mirket users manually.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-users-configuration.md)

If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.

* [Create a LDAP group to include LDAP users.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-group-configuration.md)
* [Sync users from an external user database.](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-users.md)

### Add a Radius Rules to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).

First, you should follow these steps:

* Select **Rules > Radius Rules**.
* Click on **Add New**.
* Enter a rule name in the **Name** field.
* Enter the rule description in the **Description** field.
* Select the group to which the rule applies from the **Group** dropdown list.
* Select the provider to which the rule applies from the **Provider** dropdown list.
* Select the authorization profile to which the rule applies from the **Authorization** dropdown list.
* Click on **Save** to confirm settings.

<figure><img src="/files/7Uv7QU23e3tky2Pa5LAu" alt=""><figcaption></figcaption></figure>

### Test the Integration

To validate the integration between Mirket MFA and your Barracuda CloudGen firewall, perform authentication using a mobile token on your mobile device. For RADIUS resources, available authentication methods include Approve/Deny authentication.

In this example, we illustrate the use of the Approve/Deny authentication method.

* Access the Barracuda CloudGen firewall using Barracuda NextGen Admin credentials to proceed.
* Go to **Configuration > Configuration Tree > Box > Virtual Servers > S1 > Assigned Services > VPN-Service > SSL-VPN > Native Apps**.
* Click on the "**+**" icon in the **Native Apps** section and then add an **RDP App**.

<figure><img src="/files/8Nr4eoFsZOSbwB899sWn" alt=""><figcaption></figcaption></figure>

* Launch the **CudaLaunch** client application, which can be downloaded from the  [Barracuda NG Download Portal](https://dlportal.barracudanetworks.com/).
* Input your external IP address of the Barracuda CloudGen firewall and then click on **Connect**.

<figure><img src="/files/DHxbgYZL1FNZo4jXTaay" alt=""><figcaption></figcaption></figure>

* Click on the "**Yes**" option in the "**Server certificate error dialog box**".

<figure><img src="/files/iXHHfH8cTmlGaT2yPLEy" alt=""><figcaption></figcaption></figure>

* Enter your Mirket username in the **Username** field.
* Input your password in the **RADIUS Password** field.
* Click on **Log in**. Then, select the '**Approve**' option(found in the Mirket mobile app) immediately and make sure it doesn't time out.

<figure><img src="/files/lrHREOw2NoUL38ia4EQ5" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/EbCtJaFnfGHJC3Z2VFo1" alt=""><figcaption></figcaption></figure>

* Click on **RDP** to launch this app.

<figure><img src="/files/eCZaSYsJ97T6pJE9fdL5" alt=""><figcaption></figcaption></figure>

* Then, input your RDP host credentials to log on.

#### Related Topics

[Radius Clients](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/rules/radius-rules/radius-clients.md)

[Radius Rules](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/rules/radius-rules.md)

[Local Group Configuration](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-group-configuration.md)

[Local Users Configuration](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/local-users-configuration.md)

[LDAP Group Configuration](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-group-configuration.md)

[LDAP Users](/mirket-help-center/mirket-help-center/mirket-on-premise/mirket-admin-panel/user-management/ldap-users.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mirketsecurity.com/mirket-help-center/mirket-help-center/mirket-on-premise/integrations/barracuda-cloudgen-firewall-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.