Transcription

1. Barracuda SSL VPN - Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.1 Barracuda SSL VPN Release Notes 2.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.1.1 Barracuda SSL VPN Release Notes 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.1.2 Barracuda SSL VPN Release Notes 2.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.2 30 Day Evaluation Guide - Barracuda SSL VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.1 Hardware Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.2 Virtual Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.2.1 Sizing CPU, RAM, and Disk for Your Barracuda SSL VPN Vx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.2.2 How to Deploy Barracuda SSL VPN Vx Virtual Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.2.3 How to Enable Promiscuous Mode on VMware for the Barracuda Network Connector . . . . . . . . . . . . . . . . . . . . . . . .1.3.2.4 Barracuda SSL VPN Vx Quick Start Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.3 High Availability Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.3.1 How to Configure a High Availability Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3.4 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.4 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5 Administrative Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.1 How to Configure User Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.1.1 Example - Create a User Database with Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2 Authentication Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.1 Hardware Token Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.2 How to Configure One-Time Password (OTP) Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.3 How to Configure Public Key Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.4 How to Configure Google Authenticator (TOTP) Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.5 Google Authenticator User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.6 How to Configure SSL Client Certificate Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.7 Example - How to Install and Configure YubiRADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.2.8 Example - Authentication with SMS Passcode RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.3 How to Configure Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6.4 Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.1 Web Forwards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.1.1 Custom Web Forwards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.1.1.1 How to Create Custom Web Forwards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.1.2 How to Configure a Microsoft SharePoint Web Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.1.3 How to Configure a Microsoft Exchange OWA Web Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.1.4 How to Configure Risk Based Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.2 Network Places . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.2.1 How to Create a Network Place Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.2.2 How to Configure AV Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.3.1 How to Create an Application Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.3.2 How to Configure Outlook Anywhere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.3.3 How to Configure ActiveSync for Microsoft Exchange Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.3.4 How to Configure Microsoft RDP RemoteApp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.4 SSL Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.4.1 How to Create an SSL Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.5 Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.5.1 Requesting Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.5.2 Providing Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.6 Network Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.6.1 How to Configure the Network Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.6.2 How to Create a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.6.3 Advanced Network Connector Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.6.4 Using the Network Connector with Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.6.5 Using the Network Connector with Mac OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.6.6 Using the Network Connector with Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.7 How to Configure IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.7.1 How to Configure Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.7.2 How to Configure Remote Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828384848586878991

1.7.8 How to Configure PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.9 How to Configure Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7.10 Provisioning Client Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.8 Mobile Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.8.1 Mobile Portal User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.8.2 Custom Device Setup for iOS Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.8.3 How to Access the Desktop Portal from Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.8.4 Supported Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9 Advanced Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9.1 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9.2 Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9.3 Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9.3.1 How to Configure the SSL VPN Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9.3.2 How to Configure a Server Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9.4 How to Run Java in Unsafe Mode for Mac OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.10 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.10.1 Basic Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.10.2 Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.10.3 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.11 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.11.1 How to Configure Automated Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.11.2 Restore from Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.11.3 Update Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.11.4 How to Update the Firmware in a High Availability Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.11.5 How to Upload a Renewed SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.12 Limited Warranty and License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123124124125126127128129

Barracuda SSL VPN - OverviewenThe Barracuda SSL VPN is an ideal appliance for giving remote users secure access to network resources. The Barracuda SSL VPN onlyrequires a browser to give remote users access from any computer. Built-in and third-party multi-factor authentication and network access control(NAC) only connects clients that meet chosen security standards. For secure remote access through smartphones and other mobile devices, theBarracuda SSL VPN supports both L2TP/IPsec and PPTP. The Barracuda SSL VPN is available as a hardware and a virtual appliance.Where to StartIf you have the Barracuda SSL VPN Vx virtual appliance, start here:Barracuda SSL VPN Vx Quick Start Guide(Optional) 30 Day Evaluation Guide - Barracuda SSL VPNGetting StartedIf you have the Barracuda SSL VPN appliance, start here:Quick Start Guide (PDF)(Optional) 30 Day Evaluation Guide - Barracuda SSL VPNGetting StartedKey FeaturesAccess Control – A multi-factor authentication process, with support for external authentication and third-party hardware tokens,combined with NAC and multiple user databases.Web Forwards – Make intranet resources available for your remote users and secure unencrypted connections before they leave thenetwork.Network Places – Provide remote users with a secure web interface to access corporate network file shares.Applications – Provide applications to remote client systems through the Barracuda SSL VPN Agent for remote access.SSL Tunnels – Create SSL Tunnels to allow secure connections from remote devices to the Barracuda SSL VPN by encrypting data forclient/server applications.Network Connector – An application that provides full, transparent network access for users requiring widespread network access.L2TP/IPsec / PPTP – Configure secure remote access through smartphones and other mobile devices.Barracuda SSL VPN Release Notes 2.6enPlease Read Before UpdatingBefore installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versionsmore recent than the one currently running on your system.Do not manually reboot your system at any time during an upgrade, unless otherwise instructed by Barracuda Networks TechnicalSupport. The update process typically takes only a few minutes after the update is applied. The appliance web interface for theadministrator will usually be available a minute or two before the SSL VPN user interface. If the process takes longer, please contactTechnical Support for further assistance.Upgrading to Version 2.6.xWhen upgrading from version 2.5.0 (or earlier) firmware:Check any NAC exceptions relating to NAC Hotfix after the upgrade.Backups taken from firmware 2.3.X or earlier will NOT restore properly to firmware 2.4.X and beyond, Make new backups afterthe firmware update.Mapped Drives:WebDAV is now the default method for providing Mapped Drives and configuration settings have been changed accordingly.Windows 7 and Vista 64-bit clients will be prompted to uninstall the current Dokan driver and also given the option to increasethe maximum file download size to 2GB when launching Mapped Drives.Client Certificates need to be disabled when launching WebDAV Mapped Drives.3

New FeaturesGoogle Authenticator Support – It is now possible to use the Google Authenticator as an authentication module for multi-factor andrisked based authentication.Risk Based Authentication – Risk Based Authentication protects selected Web Forwards, Applications or SSL Tunnels with anadditional authentication prompt. You can use PIN, Password or Google Authenticator authentication modules.What's new with the Barracuda SSL VPN Version 2.6.0.1Improvements to available NAC OS detection.Option added to allow Desktop or Mobile UI on mobile devices.Version 2.6.0.1 Fixes:Mobile PortalClearer indication of required input fields on Mobile Portal for PIN logon [BNVS-5250]Mobile Portal login page is displayed correctly when Site Name contains an apostrophe [BNVS-5250]Usernames are not case-sensitive with OTP authentication on Mobile Portal [BNVS-5200]Network Places to hidden shares can now be accessed from Mobile Portal [BNVS-5247]Login screen Message Text is not displayed when Message Type is set to None [BNVS-5213]WebDAVFailed WebDAV client login attempts cause account to be locked [BNVS-5262]Improved WebDAV privacy issues [BNVS-5268]WebDAV shares can be launched in Windows 7 Explorer [BNVS-4384]NACThe Reset Password button now disables NAC checking for the Administrator instead of generating NAC exceptions[BNVS-5133, BNVS-4988]MAC Address, IP Address and Microsoft Knowledge Base NAC Exceptions can be created with a wildcard type [BNVS-5258,BNVS-5259]Cancel button closes the NAC Exception Lookup window [BNVS-5199]NAC checking now works with Java 1.6 and 1.7 [BNVS-5304]When launching a Network Place, the number of sessions are now correctly shown in ACCESS CONTROL Sessions.[BNVS-5068]IPsecIPsec connection is created for usernames containing whitespace [BNVS-5211]IPsec and PPTP launches in non-English Windows [BNVS-5260]OtherWeb Forwards using NTLM authentication launch correctly [BNVS-5251]Server Agent improvements on Mac OS X. [BNVS-51]Barracuda SSL VPN Release Notes 2.5enPlease Read Before UpdatingBefore installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versionsmore recent than the one currently running on your system.Do not manually reboot your system at any time during an upgrade, unless otherwise instructed by Barracuda Networks TechnicalSupport. The update process typically takes only a few minutes after the update is applied. The appliance web interface for theadministrator will usually be available a minute or two before the sslvpn user interface. If the process takes longer, please contactTechnical Support for further assistance.Upgrading to Version 2.5.XWhen upgrading from version 2.5.0 (or earlier) firmware:Check NAC exceptions relating to NAC Hotfix checking after the upgrade.When upgrading from version 2.3 (or earlier) firmware:Backups taken from earlier firmware versions will NOT restore properly with the new backup/restore functionality found starting inversion 2.4. Make new backups after the firmware update.If you are using a firmware older than 2.3.2.212 you cannot directly update to 2.5. After a successful upgrade to 2.3.212 you can4

upgrade to 2.5.Mapped Drives:WebDAV is now the default method for providing Mapped Drives and configuration settings have been changed accordingly.Windows 7 and Vista 64-bit clients will be prompted to uninstall the current Dokan driver and also given the option to increasethe maximum file download size to 2GB when launching Mapped Drives.Client Certificates will need to be disabled when launching WebDAV Mapped Drives.Version 2.3.1.013 is not compatible with systems that are clustered.Firmware Version 2.5New portal for End-Users on Mobile DevicesDesigned for ease of use and low support costs.Provides access to internal Apps (Web Forwards).Provides access to internal Folders and Files (Network Places).Provides ability for end users to add and manage Favorites for Apps and Folders.Full support for multi-factor authentication (via Authentication Schemes).Provides easy Device Configuration for Shortcuts, ActiveSync and VPN (iOS only).Customization with image, portal name, and splash screen on mobile login for MOTD/legal info etc.Supports End-User Notifications.End-User can choose User Database and Authentication Scheme on the login page.Optional auto generated contrasting icons for Applications and Folders for optimal user experience.NAC checking during login process to mobile portal.Works on iOS, Android, Windows Phone and Blackberry operating systems. For more information, see Supported Mobile Devices.Version 2.5.1.2 Fixes:Fix: Medium severity vulnerability: Updated OpenSSL to address the issues reported in the OpenSSL security advisory dated 2014-06-05[BNSEC-4499 / BNVS-5315]Version 2.5.1.1 Fixes:Mobile Portal UIFix: Icons for provisioned Web Forward shortcuts on iOS are not replaced by the site visited (BNVS-4881)Fix: Replacement Web Forwards display bar. (BNVS-5080)Fix: When logging back in after a session timeout, you are now redirected to the page you wanted to navigate to when the sessiontimeout occurred. (BNVS-5021)OtherFix: Mapped Drives provisioned to desktop launch successfully. (BNVS-4896)Fix: Launch sessions cleaned up on Web Forward redirection. (BNVS-5087)Fix: Network Connector web launch works with TAP adapter that has numerical suffix. (BNVS-4767)Fix: Session password is saved for use with PPTP. (BNVS-4942)Fix: Speed improved for Web Forward replacements on 180 model. (BNVS-5078)Fix: PPTP provisioned in Windows 8.1 appears in side bar. (BNVS-5088)Fix: Network Connector/Tunnelblick scripts updated for Apple OS X Mavericks [BNVS-5027]Version 2.5.0.4 Fixes:Fix: Remote Code Execution, RFI (BNVS-5083)Fix: Support for Flash 12 and latest FireFox 28 (BNVS-4829)Fix: Update help for SMB backup2 (BNVS-4879)Fix: Long SMB passwords cause FCGI to crash during connection test (BNVS-4885)Fix: removing ntp from the list (BNVS-4783)Fix: iptables for L2TP, NTP and RADIUS (BNVS-4783)Fix: fix updating openssl for 32-bit machines (BNVS-4748)Fix: Missed adding footer image when updating to new logos (BNVS-4745)Fix: Adding extra ciphers (BNVS-4785)Fix: Update Barracuda Logos (BNVS-4745)Fix: Alter Java ciphers based on 'Allow all Ciphers' option (BNVS-4785)Fix: turning on full bcrypt support (BNVS-4140 BNVS-4017)5

Fix: Update openssl for 32-bit machines (BNVS-4748)Barracuda SSL VPN Release Notes 2.4enPlease Read Before UpdatingBefore installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versionsmore recent than the one currently running on your system.Do not manually reboot your system at any time during an upgrade, unless otherwise instructed by Barracuda Networks TechnicalSupport. The update process typically takes only a few minutes after the update is applied. The appliance web interface for theadministrator will usually be available a minute or two before the SSL VPN user interface. If the process takes longer, please contactTechnical Support for further assistance.Upgrading to Version 2.xWhen upgrading from version 2.3 (or earlier) firmware:Backups taken from earlier firmware versions will NOT restore properly with the new backup/restore functionality found starting inversion 2.4. Make new backups after the firmware update.Mapped Drives:WebDAV is now the default method for providing Mapped Drives and configuration settings have been changed accordingly.Windows 7 and Vista 64-bit clients will be prompted to uninstall the current Dokan driver and also given the option to increasethe maximum file download size to 2GB when launching Mapped Drives.Client Certificates will need to be disabled when launching WebDAV Mapped Drives.Version 2.3.1.013 is not compatible with systems that are clustered.When upgrading from version 2.1 firmware:Replacement Proxy Web Forwards for OWA that were created prior to version 2.2 are no longer supported. If you have one, youwill need to replace it using the new OWA Template. Go to the RESOURCES Web Forwards page and delete the old WebForward. Then create a new one using the Mail Web Forward category.When configuring Barracuda Network Connector on Macintosh systems, note that DNS insertion and Up/Down commands aremutually exclusive.What's new with the Barracuda SSL VPN Version 2.4.0.13Fix: High severity vulnerability: non-persistent XSS, unauthenticated [BNSEC-1546 / BNVS-4210]Fix: Medium severity vulnerability: non-persistent XSS, [BNSEC-2660 / BNVS-47759]Fixed Java jar signing to conform to security in Java 1.7u51 [BNVS-4787]What's new with the Barracuda SSL VPN Version 2.4.0.12Fix: Clustering on new systems [BNVS-4678]Fix: High severity vulnerability: non-persistent XSS [BNSEC-2802 / BNVS-4542]Fix: High severity vulnerability: persistent XSS [BNSEC-2697 / BNVS-4543]Fix: Unknown severity vulnerability: [BNSEC-380]Fix: Unknown severity vulnerability: [BNSEC-335]What's new with the Barracuda SSL VPN Version 2.4.0.10Fix: External access blocked for non SSH ports [BNVS-4152]Fix: The most recent Scheduled Backup files are retained [BNVS-4614]Fix: High severity vulnerability: Unauthenticated, non-persistent XSS [BNSEC-1546 / BNVS-4210]Fix: High severity vulnerability: Unauthenticated, non-persistent XSS [BNSEC-1542 / BNVS-4211]Fix: High severity vulnerability: Clickjacking [BNSEC-509 / BNVS-4024]Fix: Med severity vulnerability: Cross Site Request Forgery (CSRF) [BNSEC-1247 / BNVS-4079]Fix: Med severity vulnerability: URL Redirection [BNSEC-727 / BNVS-3665]Fix: Low severity vulnerability: Requires a man in the middle, url redirection [BNSEC-1399 / BNVS-4147]Fix: Low severity vulnerability: Requires authentication, non-persistent XSS [BNSEC-1239 / BNVS-4078]Fix: Low severity vulnerability: Cross Site Request Forgery (CSRF), HTTP header injection, non-persistent X SS [BNSEC-1144 /BNVS-4026]6

What's new with the Barracuda SSL VPN Version 2.4.0.9New FeaturesThe Device Configuration feature allows resources and other settings configured on the Barracuda SSL VPN to be provisioned directly toa user's device.Improved Sharepoint functionality, including supporting Sharepoint 2013.Policy time restrictions are more comprehensive.Improved browser NAC checking.Download functionality for all aspects of the system works faster and more reliably.Increased backup and restore capabilities (from the appliance interface).Version 2.4.0.9 Fixes:BackupsShow All Backups option on the ADVANCED Backups page displays all backup files on the share [BNVS-4348]Only the requested number of SMB backups is stored [BNVS-4378]Status of SMB backup is reported accurately [BNVS-4376]Clustering information is excluded from backups [BNVS-4382]OtherAll Network Connector client configurations can be launched from the user interface [BNVS-4381]Fixed Java applet signing to conform to new security in Java 1.7u45 [BNVS-4516]Note: This error may still appear if the SSLVPN doesn't have a valid SSL certificate installed. A valid SSL certificate will berequired for all SSL VPN devices as of the release of Java 1.7u51Version 2.4.0.7:Fix: Mapped drives time out according to the inactivity timeout setting under Profiles [BNVS-4337]Fix: Attempts to access hosts not in the Web Forward Allowed Hosts list displays error message [BNVS-4319]Fix: Can log off users with Network Connector sessions using the Sessions page [BNVS-4322]Fix: Set limi

Barracuda SSL VPN supports both L2TP/IPsec and PPTP. The Barracuda SSL VPN is available as a hardware and a virtual appliance. Where to Start If you have the Barracuda SSL VPN Vx virtual appliance, start here: Barracuda SSL VPN Vx Quick Start Guide (Optional) 30 Day Evaluation Guide - Barracuda SSL VPN Getti