- Most Liked Content
Most Liked Content
Posted by jfrinier on 03 August 2004 - 01:10 PM
Posted by Klaus Schweinberger on 06 March 2014 - 07:43 AM
I have to post this issue and I am kindly asking the community to Support my concern:
adding or removing VLAN's in the NG without disrupting the productive Infrastructure is only partly possible: you can add and activate a new vlan by using the CLI (you have to be very careful, not making any mistakes as there is no way back, but this would be still OK) but removing or altering requires a Network restart due to the fact that a soft activation is not possible or sufficient, no way to Bypass this situation.
Due to this you need a maintenance window and sometimes (poor) arguments which are difficult to provide in 2014's Network Technology.
In todays environments and ongoing virtualization, we are facing this restriction from time to time, the worst for us as a Barracuda Partner ist that most of the competitors do not have that lack of live activation.
Dear development Team, please respond telling me that you do have plans and maybe in the close future, it would help me a lot, thank you in advance!!
Posted by Teemu Schaabl on 29 March 2012 - 08:43 AM
.) Multiple Rule/Object action: one can only configure a single Event at a time. That is very time consuming.
.) Copy'n'Paste: nearly in all Configuration Nodes you got the Possibility to use that - why not use that here? I'm aware that merging isn't an option, but replacing would help.. we got templates which are applied on all boxes/CC's we manage. In worst case one has to go through over 200 Events and change them by hand..
.) Import/Export: would be nice.
Eventing Configuration has stayed the same for years .. please do sth
Posted by Neil Laabs on 20 September 2017 - 10:56 AM
Posted by Will Hartley on 23 December 2014 - 08:46 AM
I can see Barracuda staff are watching this thread - based on your disgusting lack of updates or even an ETA on this we are about to pull our disaster recovery for all clients on this system.
Everyone watching this thread probably collectively represents tens, if not hundreds of thousands of end users who are reliant on this system day to day. You are making us look bad to our clients by not even providing an update or an ETA on this issue.
At this point I don't even care how bad it is I just want to know a rough ETA so I can decide how to act in the best interest of my clients. An hour? Day? Week? Month? What exactly!!!?
Posted by Teemu Schaabl on 06 July 2011 - 07:19 AM
currently a lot of attacks are originating from the TOR network (which lets people tunnel traffic via an Onion Routing Network and chooses a random Exit for traffic, therefor providing anonymous communication). There are DNS Blacklists and large IP address lists (~2500 entries) available online, which could be used to block Traffic from and to these Hosts.
As example https://www.dan.me.uk/tornodes provides an hourly updated list of these Hosts.
.) provide a commandline or GUI utility, to generate a network object which is importable into "NG Admin GUI" (or better, allow that it's usable directly (via Cronjob) in the NG Firewall.
.) implement the Possibility of using DNS Blacklists as Source and Destination Network Objects in NG Firewall.
Using a external, self-owned, DNS Server (and a domain) and generating own Zonefiles helps a bit, but it's a hack (and requires TCP, since the answer of a A RR containing 2500 entries is slightly bigger den 512 bytes).
Posted by Patrick Schneeweiss on 07 March 2016 - 03:56 AM
Posted by Marcel Malt on 03 January 2012 - 10:16 AM
Posted by Manuel Huber on 11 August 2011 - 09:18 AM
The current workaround PPTP has drawbacks which prevent a company-wide usage: either you have fixed username/passwords on the VPN gateway or you have to permit ANY user of the MSAD.
So probably there´s a possibility to use the IPSEC client (preferred solution since no third-party software is necessary to install/maintain) or Barracuda provides an app of the Barracuda VPN-Client.
Posted by Manuel Huber on 25 August 2014 - 01:58 PM
Here are some feature requests regarding NGAdmin accumulated by us and customers
- firewall rules: show connection type detail as tooltip (like Addresses in source/destination or ports)
- firewall rules: when not changing anything, don´t ask to save changes
- firewall rules: in "edit/create network object" show IP address
- firewall rules: in "edit/create include entry" show IP addresses in reference list
- firewall rules: move colour setting back to context menu of rule
- firewall rules: use darker colour for inactive rules (hardly readable on most screens)
- firewall rules: network objects: jump to object via keyboard by typing letters doesn´t work any longer
- firewall rules: adding objects to rules via Ctrl-S/Ctrl-D doesn´t work any more
- firewall rules: when editing multiple rules, changing QoS setting doesn´t work
- firewall rules: sort context menu items the same (e.g. Edit on first position for each item rule, network object etc.)
- firewall rules: permit use of DNS objects in rule tester
- general: consistent use of TAB key is not possible in most dialogs or order is "strange"
- general: no sounds/clicks!
- general: permit (more) special characters in Comment fields
- log viewer: make it possible to start filtered live view without first searching and displaying max. entries number of lines
- log viewer: generally more stable and faster. most of the times some heavy used logs don´t work due to log cache or some other issue
- Control - Barracuda Activation: Show by which box a pool license is used
- Control: decide on a sorting scheme - currently Status Map, Configuration Updates etc. are different (case-sensitive or not)
- Control - Configuration Updates: stop updating page to scroll down
- Control - VPN Status - Access Cache: column "Last Status" displays mostly nonsense
- Control - Firewall filter settings too complicated or don´t work as expected. Older behaviour much more intuitive and less mouse clicks!
- Events: button to clear all events at once (and don´t clear each event separately - takes ages on boxes with high latency)
- Config - network: retrieving anything from RCS marks UMTS/3G settings are red (mandatory to edit), even if no setting has been changed there
- Config - DHCP Server: Text based configuration is limited to 30000 characters. This is not enough!
- Config - DHCP Server: retrieving configuration from repository confuses address pool settings (e.g. mandatory address pool although no advanced configuration or vice versa)
- Config - DHCP Relay: read interface names from configuration
- Config - Pool licenses: broader window to display comment, don´t jump to top after editing one comment
- Config - Web Filter: Comment column for white/black list entries
- Config - VPN Client to Site Pool licenses: allow to copy User key (so that a VPN user can be moved to a different VPN service without the need to provide new certificates to user)
For sure I forgot some that were told to me or I experienced myself, but didn´t note. Hope some are easy and worth to implement.
Posted by Helmut Honermann - 2 on 03 March 2013 - 04:45 PM
Zum Beispiel hat eine von Barracuda empfohlene Migration von Poollizenzen im CC dazu geführt, dass die angeschlossenen ca. 40 Firewallsysteme nach aktivierung der neuen Lizenzen im CC ihre Arbeit eingestellt haben. Ein kleiner Fehler bei der Zertifikatsanpassung des CC führt z.B. dazu, dass die Pool-Lizenzen nicht mehr zum CC Zertifikat passen. Folge: Alle Boxen, die Verbindung zum CC haben stellen ohne Vorwarnung den Betrieb ein. Das ist der GAU jeder Produktionsumgebung.
Warum gehen die Firewallsysteme nicht wie in anderen Situationen auch in eine Grace-Period? Ein "hartes" Abschalten eines Systems, das ein gültige Lizenz hat, aber aus welchem Grund auch immer plötzlich Verbindung zu einem nicht richtig Lizenzierten CC bekommt, ist nicht akzeptabel.
Ein anderes Beispiel ist ein Kunde mit einem einzelnen Firewallsystem inkl. NG-Webfilter, mit einem Cold-Standby-System. Wird wegen Ausfall des produktiven Systems das Cold-Standby-System in Betrieb genommen, schaltet es in eine 15-Tage-Grace-Period. Der NG-Webfilter jedoch lässt sich aus Lizenzgründen nicht starten - mit entsprechenden Folgen.
Wir wünschen eine grundsätzliche Anpassung der Lizenzüberprüfung, so dass in JEDEM Fall, wo ein bisher korrekt lizenziertes System ein Lizenzproblem feststellt, NICHT den Betrieb einstellt, sondern in eine Grace-Period schaltet, in der ALLE bisher laufenden Dienste auch weiterhin funktionieren.
Helmut Honermann, BDG
Posted by Jody Gosnell on 31 December 2012 - 12:45 PM
Posted by Gerhard Gessler on 28 June 2016 - 08:24 AM
Hi development team,
please consider the following feature requests (1 is minimum requirement, 2 would be the ideal solution mandated by our customers):
1) When showing the webpage that ATD scans a file, the webpage coming from the ATD-Cloud (at least this told me the support team today) needs to take into account the local language configured in the users browser. So german users should not see an english message, but one localized in german.
2) More ideal, this webpage should not come from the ATD-Cloud but from the local NG firewall and is configurable. Currently we have several german customer which want to give their users specific information about what is done and why and whom should be contacted if something goes wrong.
Posted by Thomas Albrecht on 24 March 2016 - 09:25 AM
In VPN GTI settings runtime resolved FQDN's would be useful to create tunnels between two FW's with dynamically assigned IP's. Yes the DYNDNS.org Topic is related to this.This would also greatly help deploying Firewalls in xDSL environments.
Posted by Philipp Kreidl on 07 February 2016 - 06:17 PM
Anybody else has some issue with the renaming of the port IDs on new appliances?
For example on the new F18 the ports are named p1, p2, etc. instead of port1 port2... Support told us this will be the case for all new appliances (F180, F280...)
This complicates everything, it even break things like if you have a FW Rule with a Nat Connection type "From Interface" which are needed in some scenarios (We do have them). Now we have to run 2 different rulesets because of the renaming or what?
In addition to that, monitoring systems will detect the new port labels as completely new interfaces, so customers lose all historical data if they don't consolidate them. (Also our setup -> awesome).
Who of you thought this would be a good idea? At least provide some backwards compatibility or whatever... but this move was unnecessary.
Please fix this
Posted by Greg Hader on 10 August 2015 - 01:30 PM
It would be helpful if the Message Log could indicate when a message was released from Quarantine or other holding status by someone pressing the "Deliver" button.
Right now, if you filter Inbound>Quarantined Messages, you see every message that was placed in quarantine even if it was manually released after review. Possibly change the "Action" to show as "Released" (indicating that it was manually delivered) other than the normal delivery types.
Posted by Gerhard Ehrenmüller on 01 June 2015 - 11:25 AM
We would like to see support for higher DH-Groups, for Groups lower than 14 are not considered save anymore.
Since we work with bussinespartners, turning to TINA-Tunnel is no option.
Diffie-Hellman group 1 - 768 bit modulus - AVOID
Diffie-Hellman group 2 - 1024 bit modulus - AVOID
Diffie-Hellman group 5 - 1536 bit modulus - AVOID
Diffie-Hellman group 14 - 2048 bit modulus – MINIMUM ACCEPTABLE
Diffie-Hellman group 19 - 256 bit elliptic curve – ACCEPTABLE
Diffie-Hellman group 20 - 384 bit elliptic curve – Next Generation Encryption
Diffie-Hellman group 21 - 521 bit elliptic curve – Next Generation Encryption
Diffie-Hellman group 24 - modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup – Next Generation Encryption
Algorithms marked as AVOID do not provide an adequate security level against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms.
Posted by Teemu Schaabl on 04 December 2014 - 04:30 AM
is there any chance Eventing is reworked? There has been a FRQ in the FRQ Forum last Year watchdog for eventd - from a MSSPs PoV, vaild requests have been made.
No response from Barracuda, besides a friendly mail exchange where I (painfully) assembled a list of stuff, send it and never got anything out of it.
Until today, we have to work around the Lack of Features using 3rd Party tools (wow, we got SNMP 2-3 yrs ago, let's integrate!) and tons of Bugs provided in this part of the System.
Events are not forwarded by mail/snmp, the CC is not taking care about the state of its own Database (not to mention the state of the event database on the boxes), License-related Events are not been taking care of (it got worse with the rise of centrally managed Licenses a.k.a. Barracuda Activation, back in the days we Engineers at least had a chance managing or warn about the license states of box - today we may be the last to notice), etc pp.
I can't help but giggle if somebody mentions he "manages" boxes. Management involves Notification and Visibility, all we got is bunch of Blinken Lights (which may or may not be important).
all the best,