Use Tunnels for Authentication (rarely used) – Registers the tunnel network and credentials so that all traffic going through the management tunnel is treated as traffic from an authenticated user.This features makes sure that the Control Center is not overloaded due to too many management tunnel requests. Connection attempts exceeding the limit are blocked. Pending Session Limitation – Only five CloudGen Firewalls are allowed to initiate management tunnels at the same time.
If necessary, you can change these settings: (optional) The VPN Settings are set to sensible default values. (optional) In the left menu, click VPN Settings.Network Address – Enter the VIP network address.Configure the following settings for the entry: In the VIP Networks table, add an entry for the network range.Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > VIP Networks.Configure a VIP Network on the Control Center Firewalls in a HA cluster must have the public IP address configured on box level.(IPv6 only) The Control Center must be reachable through an IPv6 global unicast address.(IPv4 only) You need the external IPv4 address of the border firewall.Use an available network or subnet to be used for the VIP addresses.Only IPv4 traffic can be sent through the management tunnel.If the remote firewall is using a IPv6 IP address to connect, the Control Center must have a global unicast IPv6 address. Depending on whether the VIP is a subnet of the local network or a separate network, you will need access rule and route entries on the border firewall and an access rule on the CC firewall. The VIP is used to connect to the remote firewall from the local network. Since it is not recommended to use an external IP address as a management IP, the remote firewall is assigned a Virtual IP (VIP) in the local network. The remote firewall uses the certificate keys exchanged at deployment to authenticate to the Control Center. If the managed CloudGen Firewall cannot directly reach the Barracuda Firewall Control Center, it must connect via a remote management tunnel.
0 kommentar(er)
