Barracuda Networks VERSION SP4 manual What is a Policy Rule Set?, Licensing Aspects

seemingly complex procedure is rather straightforward and easy to understand. As autonomous machine authentication is rather uncommon in the VPN context, the "limited access" and the "local machine" firewall rule sets and policies need to be provided together with the actual VPN rule set.

The "local machine" rule set thus acts as a VPN-offline rule set that can be used to centrally control the network access rights of the mobile user even when they are not connected to the corporate LAN.

Table 1–1

Policy

1.2.2Licensing Aspects

In order to operate an Access Control Service either as a SHV or a remediation server or both, a valid license needs to be present. On Barracuda NG Firewall systems, the Access Control Service is automatically licensed.

It is possible to equip all Barracuda NG Firewall branch office devices with a remediation server in order to reduce WAN traffic and optimize response times.

1.2.3Policy Matching Procedure

Each Access Control Service belongs to a so called trustzone. All Access Control Services within the same trust zone share the same set of security policies. In addition, they share a signing key, so that a mutual trust relationship can be established.

Within each trustzone there are three policy rule sets. There is a "local machine" policy rule set that is used to determine a policy for a connecting machine. A connecting machine is an endpoint system that does not request user authentication.

As soon as user authentication is requested by the connecting client, the "current user" policy rule set is used for policy matching.

If the connection attempt is mediated by an intermittent VPN Service the VPN policy rule set is adopted.

1.3What is a Policy Rule Set?

A policy rule set is an ordered list of policy rules that is processed from the top to the bottom in sequential order. If no identity match can be found a "no rule exception policy" is assigned. From now

8 Introduction