Aerohive Connect & Select

by Sandhu on May 26, 2017


Aerohive Connect

Aerohive Connect offers enterprise connectivity, cloud management, and interactive forum-based support, without increasing cost or complexity. Connect leverages Aerohive's unique distributed Wi-Fi architecture and cloud networking to increase speed, scale, and resiliency for wireless-first organizations. Connect is a great entry point for organizations that have basic connectivity needs but expect to increase network visibility, security, and other enterprise Wi-Fi features in the near future.

Aerohive Select

Seamlessly upgrade to advanced features such as application visibility, increased security, troubleshooting tools, and enhanced support services with Aerohive Select. Aerohive's advanced cloud networking solutions increase network intelligence while decreasing network complexity, available as either a public or private cloud deployment. Aerohive Select enhances the connected experience for corporate, BYOD, guest, and IoT connectivity.

Connecting Barracuda NG to Azure Gateway site to site VPN using Resource Management Portal

by Sandhu on Mar 24, 2017


Public Cloud is one of the most popular topics in IT right now. Not only is securely deploying resources in Public Clouds important but the connectivity also needs to be seamless and secure.

Below is a demonstration on how you can use the site to site VPN capability of the Barracuda NG Firewall to connect to Microsoft Azure cloud using the new resource portal.

Azure Portal Side Configuration

1) Create the Virtual Network

  • Navigate to the Azure portal and sign in.
  • Click New and Navigate to the Marketplace and look for the Virtual Network. Locate Virtual Network Blade and then assign it to the resource manager and click on create.
  • Fill in the necessary address space you want to use. The standard for DMZ has been used for Azure Cloud.
  • Click on Create.


2) Adding the Gateway Subnet

  • Before connecting your virtual network to a gateway, you need to first create a gateway subnet for the virtual network. It's best to create a gateway subnet using a CIDR block of /28 or /27 in order to provide enough IP addresses to accommodate additional future configuration requirements.
  • In the portal, navigate to the Resource Manager virtual network for which you want to create a virtual network gateway.
  • In the Settings section of your VNet blade, click Subnets to expand the Subnets blade.
  • On the Subnets blade, click +Gateway subnet at the top. This will open the Add subnet blade.


3) Create a Virtual Gateway

  • In the portal, on the left side, click + and type "Virtual Network Gateway" in the search. Locate Virtual network gateway in the search return and click the entry. On the Virtual network gateway blade, click Create at the bottom of the blade. This opens the Create virtual network gateway blade.
  • On the Create virtual network gateway blade, fill in the values for your virtual network gateway.
  • Click Create and please note that it can take upto 45 minutes for it to deploy.


4) In the portal, from All resources, click +Add. In the Everything blade search box, type Local network gateway, then click to search. This will return a list. Click Local network gateway to open the blade, then click Create to open the Create local network gateway blade.

  • Specify a valid public IP address for the VPN device or virtual network gateway with which you want to connect.
  • If this local network represents an on-premise location, this is the public IP address of the VPN device that you want to connect to. It cannot be behind NAT and has to be reachable by Azure.
  • If this local network represents another VNet, you will specify the public IP address that was assigned to the virtual network gateway for that VNet.
  • Address Space refers to the address ranges for the network that this local network represents. You can add multiple address space ranges. Make sure that the ranges you specify here do not overlap with ranges of other networks that you want to connect to.

Create The VPN Connection

5) Locate your virtual network gateway and click All settings to open the Settings blade.

6) On the Settings blade, click Connections, and then click Add at the top of the blade to open the Add connection blade. And Fill in the shared key and select the appropriate Local Network Gateway and Virtual Network Gateway.

Configuration on the Barracuda NG Side.

7) Click on VPN service in the config TAB and then choose site to site VPN. The new azure portal uses IKEv2 for IPSec.

8) Use the exact same settings in the Phase 1 and 2 for VPN connections as in the Diagram.

9) After Sending the Changes, click on Activate.

Create the rule in your NG Firewall

10) Go to Forwarding Rules and Create LAN-2-VPN rule


Now the firewall should pass traffic.

For more information visit

You can contact Amit Sandhu via the contact form with any questions.

Barracuda Vulnerability Manager for Websites

by Sandhu on Feb 03, 2017


Vulnerabilities, or security risks, are weaknesses in websites and web applications. An insecure web application can provide hackers access to confidential corporate systems and user data and other malicious activities. Barracuda Vulnerability Manager scans your web applications based on your custom configuration settings, allowing you to automate the process to uncover and resolve weaknesses in your websites and web applications.

Barracuda Vulnerability Manager is a web application vulnerability management solution to help businesses automatically identify, assess, and mitigate web application security risks including those categorized by the Open Web Application Security Project (OWASP) including SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others. Once vulnerabilities are identified, you can modify and update code, or select to integrate your systems with a Barracuda Web Application Firewall to modify applicable security policy settings or configure to mitigate the reported vulnerabilities. Together with Barracuda Web Application Firewall (WAF), Barracuda Vulnerability Manager provides a comprehensive solution to identify and secure against web application vulnerabilities.

Barracuda Vulnerability Manager scans web applications, targeting the web servers to which it is pointed; it does not scan your network or infrastructure.

Initial Service Setup

  •  To get started with Barracuda Vulnerability Manager, log in to your Barracuda Cloud Control account.
  • If you already have a Barracuda Cloud Control account, continue with Connect to the Barracuda Vulnerability Manager below.
  • If you do not have an account, use the following steps to create a new account:
  • If you do not have a Barracuda Cloud Control account, go to and click Create a user.
  • Enter your name, email address, and company name, and specify whether this is a partner account. Click Create User.
  • Follow the instructions emailed to the entered email account to log in and create your Barracuda Cloud Control account.
  • After submitting your new account information, the Account page displays your account name, associated privileges, and username.
  • To log into the Barracuda Vulnerability Manager, continue with Step 2 below.
  • Connect to the Barracuda Vulnerability Manager
  • Log into
  • Once you are logged in, click Vulnerability Manager in the left navigation pane.
  • Click Sign Up For Free.
  • Enter your Phone Number, select your Country, and then enter your Postal Code.
  • Read and accept the terms of service, and click Sign Up. The Active Scans page displays.
  • Click New Scan to start scanning your web applications.
    In the future, when you log into your Barracuda Cloud Control Account, you will automatically be able to access the Barracuda Vulnerability Manager.
  • Use the steps in the article to define a scanner configuration to discover security risks in your website or website application.
  • Once you are logged in and connected to the service, the Active Scans page displays. Complete the following steps to set up a website scan:
  • Click New Scan; the Scanner Configuration page displays.

Barracuda WAF New Scan Page

  • Enter a name to represent the scan. For example, test site scan 1.
  • Enter the URL you want to scan, for example, test.MyCompany.
  • For a sample scan and report, use the following URL:
  • If the URL cannot be verified, you are prompted to enter an email address to which you have access.
  • If the domain is verified, the scan can be started immediately.
  • For more information, refer to Understanding Verification.
  • Select each of the four tabs, described below, completing the necessary information.
  • When you are satisfied with your configuration, click Start Scan.

Barracuda WAF Scan Config

  • Once your scan gets started, it will show up in the Active Scans tab. The Barracuda Vulnerability Manager is going to scan publicly accessible web applications, regardless of where it is hosted. It can scan servers that are located on-premises, co-located, or in a public cloud. The scanner will target web servers based on your configuration.It will not scan your network or infrastructure.

When the scan is finished, you’ll see screens like this

The data returned by the scan will help you identify, assess, and mitigate web application security risks, including the following:

The data is presented on yourdashboardand throughcustomizable reports:

The Barracuda Web Application Firewall (WAF) can be used to mitigate the risks identified by the Barracuda Vulnerability Manager.  The WAF will create one or more security policy recommendations based on the scan report that it imports from the Vulnerability Manager.  The administrator then has the option to apply the recommendations in order to mitigate the reported vulnerabilities.

Thinking about site to site connectivity with MPLS? Barracuda NG Firewall - 70% savings compared to MPLS

by Sandhu on Jan 05, 2017


One of the most common questions I come across when deploying a security solution is about VPN access. From a simple two site VPN access to full mesh networks, Barracuda NG firewall is designed to scale as your network grows.

A customer recently reached out to me with a problem. They had multiple sites with video cameras and wanted to stream all their video data to a central site for compliance. Retrieving the video stream was a challenge all in itself but retrieving it securely over the WAN was another important aspect of the deployment. They were also considering MPLS as a probable solution but the sheer cost of having an MPLS network was setting back the entire project and slowing the growth of the organization.

Fortunately Barracuda has a solution. The Barracuda NG Firewall is a perfect fit due to the way it is designed. The NG firewall is designed with the idea of having a centralized management allowing a single person the ability to manage up to 500 firewalls. Barracuda control centre coupled with a special tool called GTI editor allows you to deploy multiple firewalls in a matter of minutes. Creating VPNs with various encryption parameters is just a matter of drag & dropping between sites. You can create an array of topologies ranging from hub & spoke, full mesh and on demand mesh with a few clicks. This essentially removes the requirement for an expensive MPLS network.

You can have multiple uplinks to a firewall in order to achieve link balancing and redundancy. Barracuda NG firewalls can also balance VPN traffic over these multiple WAN links using their VPN protocol called TINA. With the advent of built in WAN optimization the latency is reduced for the traffic over WAN links and thus accelerating the entire network.

Calculate your savings at

Contact Sandhu

* Required fields.