- Most Liked Content
Most Liked Content
Posted by jfrinier on 03 August 2004 - 01:10 PM
Posted by Klaus Schweinberger on 06 March 2014 - 07:43 AM
I have to post this issue and I am kindly asking the community to Support my concern:
adding or removing VLAN's in the NG without disrupting the productive Infrastructure is only partly possible: you can add and activate a new vlan by using the CLI (you have to be very careful, not making any mistakes as there is no way back, but this would be still OK) but removing or altering requires a Network restart due to the fact that a soft activation is not possible or sufficient, no way to Bypass this situation.
Due to this you need a maintenance window and sometimes (poor) arguments which are difficult to provide in 2014's Network Technology.
In todays environments and ongoing virtualization, we are facing this restriction from time to time, the worst for us as a Barracuda Partner ist that most of the competitors do not have that lack of live activation.
Dear development Team, please respond telling me that you do have plans and maybe in the close future, it would help me a lot, thank you in advance!!
Posted by Neil Laabs on 20 September 2017 - 10:56 AM
Posted by Will Hartley on 23 December 2014 - 08:46 AM
I can see Barracuda staff are watching this thread - based on your disgusting lack of updates or even an ETA on this we are about to pull our disaster recovery for all clients on this system.
Everyone watching this thread probably collectively represents tens, if not hundreds of thousands of end users who are reliant on this system day to day. You are making us look bad to our clients by not even providing an update or an ETA on this issue.
At this point I don't even care how bad it is I just want to know a rough ETA so I can decide how to act in the best interest of my clients. An hour? Day? Week? Month? What exactly!!!?
Posted by Teemu Schaabl on 06 July 2011 - 07:19 AM
currently a lot of attacks are originating from the TOR network (which lets people tunnel traffic via an Onion Routing Network and chooses a random Exit for traffic, therefor providing anonymous communication). There are DNS Blacklists and large IP address lists (~2500 entries) available online, which could be used to block Traffic from and to these Hosts.
As example https://www.dan.me.uk/tornodes provides an hourly updated list of these Hosts.
.) provide a commandline or GUI utility, to generate a network object which is importable into "NG Admin GUI" (or better, allow that it's usable directly (via Cronjob) in the NG Firewall.
.) implement the Possibility of using DNS Blacklists as Source and Destination Network Objects in NG Firewall.
Using a external, self-owned, DNS Server (and a domain) and generating own Zonefiles helps a bit, but it's a hack (and requires TCP, since the answer of a A RR containing 2500 entries is slightly bigger den 512 bytes).
Posted by Patrick Schneeweiss on 07 March 2016 - 03:56 AM
Posted by Marcel Malt on 03 January 2012 - 10:16 AM
Posted by Manuel Huber on 11 August 2011 - 09:18 AM
The current workaround PPTP has drawbacks which prevent a company-wide usage: either you have fixed username/passwords on the VPN gateway or you have to permit ANY user of the MSAD.
So probably there´s a possibility to use the IPSEC client (preferred solution since no third-party software is necessary to install/maintain) or Barracuda provides an app of the Barracuda VPN-Client.
Posted by Philipp Kreidl on 07 February 2016 - 06:17 PM
Anybody else has some issue with the renaming of the port IDs on new appliances?
For example on the new F18 the ports are named p1, p2, etc. instead of port1 port2... Support told us this will be the case for all new appliances (F180, F280...)
This complicates everything, it even break things like if you have a FW Rule with a Nat Connection type "From Interface" which are needed in some scenarios (We do have them). Now we have to run 2 different rulesets because of the renaming or what?
In addition to that, monitoring systems will detect the new port labels as completely new interfaces, so customers lose all historical data if they don't consolidate them. (Also our setup -> awesome).
Who of you thought this would be a good idea? At least provide some backwards compatibility or whatever... but this move was unnecessary.
Please fix this
Posted by Gerhard Ehrenmüller on 01 June 2015 - 11:25 AM
We would like to see support for higher DH-Groups, for Groups lower than 14 are not considered save anymore.
Since we work with bussinespartners, turning to TINA-Tunnel is no option.
Diffie-Hellman group 1 - 768 bit modulus - AVOID
Diffie-Hellman group 2 - 1024 bit modulus - AVOID
Diffie-Hellman group 5 - 1536 bit modulus - AVOID
Diffie-Hellman group 14 - 2048 bit modulus – MINIMUM ACCEPTABLE
Diffie-Hellman group 19 - 256 bit elliptic curve – ACCEPTABLE
Diffie-Hellman group 20 - 384 bit elliptic curve – Next Generation Encryption
Diffie-Hellman group 21 - 521 bit elliptic curve – Next Generation Encryption
Diffie-Hellman group 24 - modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup – Next Generation Encryption
Algorithms marked as AVOID do not provide an adequate security level against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms.
Posted by Teemu Schaabl on 04 December 2014 - 04:30 AM
is there any chance Eventing is reworked? There has been a FRQ in the FRQ Forum last Year watchdog for eventd - from a MSSPs PoV, vaild requests have been made.
No response from Barracuda, besides a friendly mail exchange where I (painfully) assembled a list of stuff, send it and never got anything out of it.
Until today, we have to work around the Lack of Features using 3rd Party tools (wow, we got SNMP 2-3 yrs ago, let's integrate!) and tons of Bugs provided in this part of the System.
Events are not forwarded by mail/snmp, the CC is not taking care about the state of its own Database (not to mention the state of the event database on the boxes), License-related Events are not been taking care of (it got worse with the rise of centrally managed Licenses a.k.a. Barracuda Activation, back in the days we Engineers at least had a chance managing or warn about the license states of box - today we may be the last to notice), etc pp.
I can't help but giggle if somebody mentions he "manages" boxes. Management involves Notification and Visibility, all we got is bunch of Blinken Lights (which may or may not be important).
all the best,
Posted by Gerhard Gessler on 28 June 2016 - 08:24 AM
Hi development team,
please consider the following feature requests (1 is minimum requirement, 2 would be the ideal solution mandated by our customers):
1) When showing the webpage that ATD scans a file, the webpage coming from the ATD-Cloud (at least this told me the support team today) needs to take into account the local language configured in the users browser. So german users should not see an english message, but one localized in german.
2) More ideal, this webpage should not come from the ATD-Cloud but from the local NG firewall and is configurable. Currently we have several german customer which want to give their users specific information about what is done and why and whom should be contacted if something goes wrong.