Barracuda CloudGen Firewall
Overview
Barracuda CloudGen Firewall offers a comprehensive set of next-generation firewall technologies to ensure real-time network protection against a broad range of network threats, vulnerabilities, and exploits, including SQL injections, cross-site scripting, denial of service attacks, trojans, viruses, worms, spyware, and many more.
Barracuda CloudGen Firewall is available for use in:
D3 SOAR | V15.1.34.0+ |
Category | Network Security |
Deployment Options |
Connection
To connect to Barracuda CloudGen Firewall from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The server URL of your Barracuda CloudGen Firewall instance. | https://19*.*******.145 |
API Token | The API token to authenticate the connection. | GArt************************wYYv |
API Version | The API version to use for the connection. | v1 |
Permission Requirements
Each endpoint in the Barracuda Firewall API requires a certain permission scope. The following are required scopes for the commands in this integration: All commands will require the "Root" permission or the "Manager" role to run in D3 SOAR.
As Barracuda Firewall is using role-based access control (RBAC), the API access token is generated based on a specific user account and the application. Therefore, the command permissions are inherited from the user account’s role. Users need to configure their user profile from the Barracuda Firewall console for each command in this integration.
Reader Note
Barracuda Firewall’s default user profiles (sorted from the most permissions to the least) are as follows:
Root
Manager
Operator
Mail
Security
Audit
Cleanup
For authentication against the REST API, a user with the respective permissions must be present either on the Control Center for centrally managed firewalls or on the firewall itself for stand-alone firewalls. In both cases, the user must have the Manager role assigned.
Please refer to Administrative Role Permission and restrictions and Create an Administrator Profile for details on configuring user profiles.
Configuring Barracuda CloudGen Firewall to Work with D3 SOAR
Log in to the Barracuda Firewall Admin console with your credentials.
Navigate to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service. Enable the HTTPS Interface.
Select the Access Tokens tab from the left side menu. Click + in under Access Tokens.
Enter a name for the token and click OK. The Access Tokens window will open. Click Generate new token.
Enter the admin name for the user used for authentication. In the Time to live field, enter the number of days the token should be valid for, then click OK.
Copy the access token. It will be required to build the integration connection in D3 SOAR.
Reader Note
For more information on Barracuda CloudGen Firewall's API, including how to enable it for HTTP, enable it for HTTPS, and authentication, see REST API | Barracuda Campus.
Configuring D3 SOAR to Work with Barracuda CloudGen Firewall
Log in to D3 SOAR.
Find the Barracuda CloudGen Firewall integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Barracuda CloudGen Firewall in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Barracuda CloudGen Firewall.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input your domain level Server URL.
2. Input your API Token.
3.Input your API Version. The Default value is v1.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
Barracuda CloudGen Firewall includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Barracuda CloudGen Firewall API, please refer to the Barracuda CloudGen Firewall API reference.
Reader Note
Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring Barracuda CloudGen Firewall to Work with D3 SOAR for details.
Add IPs To Blocklist
Adds IP addresses to the IP blacklist. Note: To block the entered IPs, a network object (block list) must be created, and an access control policy must be added to prevent access from the IPs in the block list. The Create IP Block Rule command can be used to create an IP block list and the corresponding access rule. Once the block list and access rule have been created, adding or removing IPs to or from the block list can be done as needed without the need to recreate the list or rule again.
Reader Note
The parameter Blocklist Name is required to run this command.
Run the List Forwarding Firewall Rules command to obtain Blocklist Names. Blocklist Names can be found from the returned raw data at the path $.name.
Input
Input Parameter | Required/Optional | Description | Example |
Blocklist Name | Required | The name of the blocklist to add IPs. Blocklist names can be obtained using the List Forwarding Firewall Rules command. | BlockList1 |
IPs | Required | The IP addresses to add to the blocklist. You can enter any valid IPv4 or IPv6 addresses, or CIDR address ranges. | [ "1.1.11", "2.2.2.2" ] |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Add IPs To Blocklist failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Network object not found. |
Error Sample Data Add IPs To Blocklist failed. Status Code: 404. Message: Network object not found. |
Block URLs
Creates an access rule to block URLs.
Reader Note
When URL domains are entered to be blocked, a new forward-firewall rule is generated with the same name as the URL.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URL domains to block (e.g. phishing.sample.com). | ["phishing.sample.com"] |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Block URLs failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 409. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Rule with this name already exists. |
Error Sample Data Block URLs failed. Status Code: 409. Message: Rule with this name already exists. |
Create Access Rule For Blocklist
Creates an access rule to block IPs in the blocklists, and positions the rule to the top.
Reader Note
The parameter Blocklist Name is required to run this command.
Run the List Forwarding Firewall Rules command to obtain Blocklist Names. Blocklist Names can be found from the returned raw data at the path $.name.
Input
Input Parameter | Required/Optional | Description | Example |
Blocklist Name | Required | The name of the IP blocklist to apply to the access rule. Blocklist names can be obtained using the List Forwarding Firewall Rules command. | BlockList2 |
Block Direction | Required | The block direction of the access rule. The available options are Inbound, Outbound and bi-direction. The default value is bi-direction (i.e., inbound and outbound). | Inbound |
IP Version | Required | The version of the IP access rule. | Inbound |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Access Rule For Blocklist failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Rule name contains invalid characters. |
Error Sample Data Create Access Rule For Blocklist failed. Status Code: 400. Message: Rule name contains invalid characters. |
Create Blocklist
Creates a blocklist object containing the IP black list. You only need to create a blocklist.
Input
Input Parameter | Required/Optional | Description | Example |
Blocklist Name | Required | The name of the IP block list. | BlockList2 |
IPs | Required | The IP addresses to add to the blocklist. You can enter any valid IPv4 or IPv6 addresses, or CIDR address ranges. You must enter at least one IP address to create the block list. | [ "1.1.1.1" ] |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Blocklist failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid IPV6 address. |
Error Sample Data Create Blocklist failed. Status Code: 400. Message: Invalid IPV6 address. |
Create IP Block Rule
Creates a blocklist object containing the IP blacklist and creates an access rule to block traffic from those IPs.
Reader Note
The parameter Blocklist Name is required to run this command.
Run the List Forwarding Firewall Rules command to obtain Blocklist Names. Blocklist Names can be found from the returned raw data at the path $.name.
This command only allows you to create a new blocklist and specify the IP addresses to be blocked. It is not possible to add IP addresses to an existing blocklist using this command. To do this, you may use the Add IPs To Blocklist command instead.
Input
Input Parameter | Required/Optional | Description | Example |
Blocklist Name | Required | The name of the IP blocklist to use for the block rule. Blocklist names can be obtained using the List Forwarding Firewall Rules command. | BlockList2 |
IPs | Required | The IP addresses to add to the blocklist. You can enter any valid IPv4 or IPv6 addresses, or CIDR address ranges. You must enter at least one IP address to create the block list. | [ "1.1.1.1" ] |
Block Direction | Required | The block direction of the access rule. The available options are Inbound, Outbound and bi-direction. The default value is bi-direction (i.e., inbound and outbound). | Inbound |
IP Version | Required | The version of the IP access rule (i.e., IPv4 or IPv6). The default value is IPv4. | Inbound |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create IP Block Rule failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Network object not found. |
Error Sample Data Create IP Block Rule failed. Status Code: 404. Message: Network object not found. |
Get Blocklist IPs
Retrieves blocked IPs from the blocklist.
Reader Note
The parameter Blocklist Name is required to run this command.
Run the List Forwarding Firewall Rules command to obtain Blocklist Names. Blocklist Names can be found from the returned raw data at the path $.name.
Input
Input Parameter | Required/Optional | Description | Example |
Blocklist Name | Required | The name of the IP blocklist to retrieve IPs. Blocklist names can be obtained using the List Forwarding Firewall Rules command. | BlockList1 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Blocklist IPs failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Network object not found. |
Error Sample Data Get Blocklist IPs failed. Status Code: 404. Message: Network object not found. |
List Forwarding Firewall Rules
Retrieves all forwarding firewall rules.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Forwarding Firewall Rules failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Connection timeout. |
Error Sample Data List Forwarding Firewall Rules failed. Status Code: 403. Message: Connection timeout. |
Remove IPs From Blocklist
Removes IP addresses from the IP blacklist. Note: To unblock the entered IPs, a network object (block list) must be created, and an access control policy must be added to prevent access from the IPs in the block list. You can use the Create Block List command to create an IP block list, and the Create Access Rule For Block List command to create the access rule. Once the block list and access rule have been created, adding or removing IPs to or from the block list can be done as needed without the need to recreate the list or rule again.
Reader Note
The parameter Blocklist Name and IPs are required to run this command.
Run the List Forwarding Firewall Rules command to obtain Blocklist Names. Blocklist Names can be found from the returned raw data at the path $.name.
Run the Get Blocklist IPs command to obtain IPs. IPs can be found from the returned raw data at the path $.included[*].entry.ip.
The input IPs must be on the specified blocklist. It is recommended to use the List Forwarding Firewall Rules to obtain the desired blocklist, and use the blocklist name to run the Get Blocklist IPs command. Finally, use the resulting pairs to run this command.
Input
Input Parameter | Required/Optional | Description | Example |
Blocklist Name | Required | The name of the IP blocklist to remove IPs. Blocklist names can be obtained using the List Forwarding Firewall Rules command. | BlockList1 |
IPs | Required | The IP addresses to remove from the blocklist. You can enter any valid IPv4 or IPv6 addresses, or CIDR address ranges. You can obtain a list of currently blocked IPs using the Get Blocklist IPs command. | [ "1.1.1.1", "2.2.2.2" ] |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove IPs From Blocklist failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Network object not found. |
Error Sample Data Remove IPs From Blocklist failed. Status Code: 404. Message: Network object not found. |
Unblock URLs
Unblocks URL(s) from access rules.
Reader Note
The input parameter URLs is required to run this command.
Run List Forwarding Firewall Rules command to obtain blocked URLs.
Ensure your input URLs are currently blocked by Barracuda CloudGen Firewall, otherwise an error message will be returned.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URL domains to unblock (e.g. phishing.sample.com). Blocked URls can be obtained using the List Forwarding Firewall Rules command. | ["phishing.sample.com"] |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Unblock URLs failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message:URLs not found. |
Error Sample Data Unblock URLs failed. Status Code: 404. Message: URLs not found. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the responses from the third-party API calls including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Barracuda CloudGen Firewall portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Token not found. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 404. Message: Token not found. |