Page
Copyright Notice
Barracuda NG Network Access Client
Uninstall
Update or Migration
VPN Configuration
VPN Component Configuration
Example Configuration
Pre-Connector and Remote VPN
Warranty and Software License Agreement
802.1X Technical Guideline
Endpoint Security and Network Access Control
Introduction to Barracuda NG Network Access Client
Introduction
Barracuda NG Personal Firewall
Client software consists of the following subsystems
1Barracuda NG Network Access Client environment
What can Barracuda NG Network Access Client be used for?
Barracuda NG Network Access Client Administrator’s Guide
Policy Matching Procedure
What is a Policy Rule Set?
Healthy Limited Access VPN Offline
Licensing Aspects
Barracuda NG Network Access Client Administrator’s Guide
Probation actions
Healthy
Local Machine context
Current User context
VPN context
Matching Criteria Local Machine Current User
Health Matching
Health State Probation
Health State Untrusted
Health State Healthy
Health State Unhealthy
Health State Requirements
Analyse Enforce Monitor
Border Patrol
3Trust Relationships
Access Control Service Settings
Server Config Access Control Service
General
System Health Validator
ParameterDescription
Trustzone-Border
Remediation Service
Advanced
Log Level
Number of used Threads
General
Access Control Objects
Pictures
Welcome Messages
Personal Firewall Rules
3Access Control Objects Access Control Service Bitmaps
Click clipboard, import the adequate registry file
Registry Check Objects
Import of a registry file
7Access Control Service Trustzone Configuration tree
Access Control Service Trustzone
Servername Assigned Services servicename ACS
Rules
9Access Control Service Trustzone Rules
Deactivate Policy
Policy Name
Client Connection External Ignore Internal
Time Restriction
User Login
Net Bios
Policy Matching All-of-following One-of-following
Group Patterns
Microsoft
X509 Issuer
X509 Subject
X509
Required Health State Basic
Antispyware Required Scanner On
Last AV Scan Action Manual Auto Remediation
AS Engine Required Ignore Latest default Previous Last-2
Tries to execute a full system scan automatically
Last AS Scan Action Manual Auto Remediation
AV Engine/Pattern Manual Action Auto Remediation
Update automatically
Parameter Description
Software Yes Update No default Required Yes-Even-Major
Personal Ruleset Name Firewall Settings
Server
Message
802.1X Use
Settings
Use Dhcp renew
Healthy Vlan Id
Limited Access
Ruleset Name Limited Access Message
Bitmap
Verification Key
Health Passport
Passport Verification Key
802.1X
Support Chart
Server Config Personal Firewall Rules
Rule Set Name Tab
Double-click the appropriate VPN Firewall Rule Set
1Rules Incoming
Rules Incoming / Outgoing
Delete
New…
Copy
Paste
Item / Parameter Description
Select New… from the context menu to create a new rule
Comment
Inactive
Section Description
Tester
Tester view allows testing rule sets for consistency
Test Report
Following entities are available for rule testing
Options
Icmp Parameters
Port Protocol Service Name Description
Connect to the Internet
With Adsl Pptp
Adapters
Preconfigured
Listing is divided into the following columns
Following objects assigned with status multi are available
Name Specify a name for the adapter object
Following further adapter objects are available
Status
Trust Type
IPs
Adapter/Ref
10User Object dialog
User Objects
11Network Objects window
Net Objects
This object includes the Multicast network 239.255.0.0/16
12Net Object dialog
Click New… to open the Net Object dialog
13Service Object dialog
Service Objects
Service Name Port Protocol Connection Description
Application Objects
Kerberos
14Application Object dialog
Application Connection Description
HKEYLOCALMACHINE\Services registry key
Operating & Monitoring Barracuda NG NAC
Box Monitoring and Real-time Information
Available Columns
Filtering
Possible values are Access, Not Restricted, or Probation
Name of the matching policy rule
Clients MAC address as reported by the NG client
Context Menus
Visualize this Computer…
3Box Monitoring and Real-time Information Show time in UTC
Status Tab
Access Tab
Status VPN Tab
Quarantine Tab
Client Installation
Double-click setup.exe to start the installation routine
Installation routine offers three basic ways of setup
Complete Installation
See 5.3 Unattended Setup,
See 5.4 Customer Setup,
Unattended Setup
Custom Installation
Parameter Default
802.1x Enable Dhcp Renew
See description for parameter Windows File Sharing,
See description for parameter Trusted Network,
This option prevents deactivating the NG Personal Firewall
This parameter defines the Access Control Server to be used
Proceed as follows to prepare a completely customized setup
Customer Setup
Customer.inf
See 5.4.1 customer.inf,
Directive Comment
Optionally, the following file-directives may be detailed
0x00000008
0x00000800
0x00000010
0x00001000
Subkey
Reg-root
Value-entry-name
Flags
Edit profile name
Filename
Silent.cmd
Diskid
Subdir
For an overview of specific properties see -1,
Refer to the OS help for details
System Restore
Update or Migration
Procedure
Uninstall
VPN Configuration
Overview
Facts and Figures
Function Comment
Function Supported
Usage Scenario
Architecture
Barracuda NG Personal Firewall
All Programs Barracuda NG Network Access Client NG Firewall
1Windows 7 Windows Firewall and Action Center screens
Integration within Windows
2Rule set selection
Rule Set Selection
3Graphical Interface of the Barracuda NG Personal Firewall
User Interface
Firewall Menu
General Firewall Settings and Tasks Menu Bar
Disable Windows Firewall
This tab allows you to configure blocking of Icmp packets
Automatic Adapter Assignment
Block all IP Fragments
Connect Close Block
View Menu
Load Display
Security Mode Menu
Summary
NG Control Center Monitoring Firewall Activities
Events
11NG Control Center History window
History
Resolve Source/Destination IP
Show Details
Send to Rule Tester
Add Pass Rule
Filters the source IP address of the connection
Filters the connection’s Traffic Policy
Filters the application which has attempted to connect
Filters incoming or outgoing connections
Live Activity view details all currently active connections
Live Activity
Disconnect
Filter Conditions
Configuration
Current State Setting the Security Mode
Show Destination Addresses…
Show Source Addresses…
Show Adapters
Show Users
Paste Pastes the selected rules from the clipboard
ItemDescription
Inactive checkbox Select
Action Name Comment
Source / Destination
Application optional
18Time restriction dialog
Monitor Connections Yes
19Adapter objects window
Adapters
Control Network Connections
Network Connection name for example, Local Area Connection
Networks
Following options are available
Untrusted
Secured Routes are assigned to the Net-NGVPNObject
22Net Object dialog
Services
Example
Applications
24Application Object dialog
10Applications required in Microsoft Windows domains
25User Object dialog
Users
Rule Tester
Rule Tester view allows testing rule sets for consistency
27Test Report window
Test Reports
Following options are available for customisation
Administration Firewall Settings Wizard
However, it will not pop up if
Automatic Adapter Configuration
28Security Alert windows
Automatic Rule Configuration
Restrictive rule set only
29Security Alert Advanced Policy
Create a New Profile Using the Profile Wizard
VPN Component Configuration
2VPN Profile Wizard Profile Wizard
4VPN Profile Wizard Enter personal License
6VPN Profile Wizard Modify Existing Profile Using the Wizard
Configure a New Profile Manually
8NG VPN client Connect dialog
Field where characters need to be inserted
11Editing options of the VPN client dialog
Shows the version information
13Close NG VPN Client informational window
Barracuda NG VPN Client’s Menu Bar
Connection Dialog
Closes the NG VPN Client window
NG VPN Client can be started in the following ways
Click Connect to establish a connection to the VPN server
Assigned domain
Status Dialog
Assigned DNS IP address for the VPN connection
Assigned Wins address
Uptime for the current connection
Enable or disable compression
VPN server to which the client currently is connected
Local time on the VPN server
16Message dialog window
Message Dialog
Configured VPN server to connect to
VPN Profiles Configuration Window
Barracuda Networks Control / Preferences Dialog
Name of the profile
Store into which the certificate was saved
Certification Authorities Configuration Window
Modify, copy or delete an existing profile
Use this menu item to terminate a connection
Configure specific Barracuda NG VPN adapter settings here
Opens a window with detailed certificate information
Deletes the selected certificate from the certificate store
General VPN Settings section Direct Access
19Connection Entries tab
Connection Entries Tab
Following parameters are available for X509 authentication
Barracuda Authentication
Advanced Settings Tab
DescriptionDescription
External File Path to the external X.509 certificate
Default Direct assignment
Virtual Adapter Configuration
Use Access Control Service
Default Yes
Enable MS Logon
Disconnecting. Recommended value No
Fallback Profile
Be established
User name possibly needed for proxy authentication
IP address of the VPN server
URL or IP address of the proxy server
Log entry’s time stamp
Log Window
Module the respective log entry refers to
Barracuda NG Access Monitor
Access Monitor
Port Security
Health Agent
Monitoring
Property Description
Advanced Status information
State Description
5Connection error using Icmp connectivity checking see
Barracuda NG Network Access Client Administrator’s Guide
Task Description
11.2.6 802.1X Authentication Port Security
Column Description
EAP Tracer
Access Control Server IPs from Dhcp
Access Control Server IPs from Registry
Use Basic Authentication
Use Ntml Authentication
Item Description
Health Agent Connectivity
Value
Key
Health Agent Authentication
Ieee 802.1X Authentication
11.3.9 802.1X Settings
Capture 802.1X Traffic EAP
Log Settings
Log Files
16 Log Files Description
Connect.xml
Client.xml
Download.xml
DownloadLocal.xml
Pre-Connector and Remote VPN
VPN Connector
Create a connector to achieve following
Thereafter rename the default profile
Creating a Connector
Remote Domain Logon Pre-Logon
Remote VPN rvpn
Same example with 10 retries for connecting -c
Connection Procedure
Dhcp
1Example configuration environment
Example Configuration
Personal Firewall Rule Set
Introduce Access Control Objects
Next create and edit the unrestricted rule set
Introduce an Access Control Service Trustzone
Page
Policy Rule dialog is split up into these views
Configure an Access Control Service Trustzone
Barracuda NG Network Access Client Administrator’s Guide
Parameter Value
Page
Example Configuration
Configure Forwarding Firewall Rule Set
Example Configuration
Authentication Server
Switch
802.1X Technical Guideline
Client computer
Disabled Enabled
Access Control Server
Status Monitoring
EAP Packet Tracer
Command Description
Using the Barracuda NG Access Monitor for Analysis
Log Files on the Client Computer
Supplicant console interface
These values are described in more details on
Switch Web Interface
Key Logging
Path
See 14.3.11 Authentication Message Exchange,
See 14.3.9 Periodic client re-authentication by the switch,
Switch Console Interface
Authentication
Example enabling debug output
Ethernet
Start up
Operational Sequence
Token Ring
Point-to-Point
Service Friendly Name Service Name
WZO prior to Windows Vista
Dot3svc Windows Vista
Wpa-supplicant configuration
Runtime
To resolve this problem proceed following steps
You will require elevated privileges to perform this step
Successful start of the wpa-supplicant can be verified by
Enter global configuration mode
Return to privileged Exec mode
Verify your entries
Example
Re-authentication started by the switch is illustrated
Enter the global configuration mode
Command
See for the Eapol packet frames
Condition Description
Dhcp Renew
Return to the privileged Exec mode
Resetting the 802.1X Authentication process
Shutdown
14 phions.log Output
15 phions.log Output
Packets
Addendum
WPA Supplicant Log File Identifiers
Table shows an Eapol packet frame
200 802.1X Technical Guideline
Sending / receiving commands over pipe
202 802.1X Technical Guideline
Wireshark
Known Issues using Cisco Catalyst 3750-E Switch
Engineering Environment
Additionally following tools have been used for analysis
No aaa accounting dot1x default group radius
Appendix
Customer Install Files
Appendix
Barracuda NG Network Access Client Administrator’s Guide
Appendix
VPN Profile Registry Keys
VPN Profile Registry Keys
3DES AES
Profile Registry Keys
FAQs
Appendix
Configuration Parameters
214
Reconnect immidiately 10
X509 Altnames 2 X509 Issuer 2 X509 Subject 2
15.6 Parameter Lists
Introduction Server Config Access Control Service
Barracuda NG Access Monitor
Figures
220
802.1X Technical Guideline
Barracuda Networks Software License Agreement
Barracuda Networks Limited Hardware Warranty
Barracuda Networks Warranty and Software License Agreement
Page
Barracuda Networks Software License Agreement Appendix
Page
Page
No Warranty
Terms and Conditions
Page
Page
Page
Page
Limitation of Liability
Page
Page
Page
238
Page
Page
Page
Page
Disclaimer of Warranty
Miscellaneous
Page
Limits
Terms and Conditions for USE, REPRODUCTION, and Distribution
Page
Page
Page
Page
252
Page
Page
Barracuda Networks Warranty and Software License Agreement
Page
Barracuda Networks Warranty and Software License Agreement
Page
Barracuda Networks Warranty and Software License Agreement
Page
Page
Issue Date Aug 6 262
Page
264
