/
How to Configure VPN GTI Settings for a VPN Service

How to Configure VPN GTI Settings for a VPN Service

Jan 09, 2026

Before adding VPN services to the VPN group, you must configure GTI VPN settings for each service. This information is then used by the GTI Editor when creating VPN tunnels.

  • Transport Source IP – The IPv4 or IPv6 address the VPN service is listening on.

  • Transport Listening IP – The external IPv4 or IPv6 addresses the VPN service can be reached at.

Before You Begin

Ensure you have switched to the Advanced Configuration mode in Firewall Admin. This will provide access to the necessary configuration options.

Step 1. Add the On-Premises Networks

The Barracuda CloudGen Firewall offers three ways to declare on-premises networks you want to make available through the VPN tunnel as GTI networks:

Add the GTI Networks as Shared Networks

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.

  2. In the left menu, select IP Configuration.

  3. Click Lock.

  4. In the Shared Networks and IPs section, click +. The Shared Network and IPs window opens.

    1. Select an Interface for the VPN service.

    2. In the Network Address field, enter the local IPv4 networks you want to be available over the VPN. E.g., 10.0.10.0/25

    3. Select the GTI Network check box.

    4. Click OK.

  5. Click Send Changes and Activate.

The local IPv4 network is now displayed in the GTI Networks list.

Select the GTI Networks in the Routing Configuration

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.

  2. In the left menu, select Advanced Routing.

  3. Click Lock.

  4. In the IPv4 Route Configuration section, edit a configured direct-attached route or create a new one. The  IPv4 Routing Table window opens.

  5. Select the GTI Network check box.

  6. Click OK.

  7. Click Send Changes and Activate.

The local IPv4 network is now displayed in the GTI Networks list in Box > Network > IP Configuration.

Add On-Premises Networks to the GTI Netwoks List

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.

  2. In the left menu, select IP Configuration.

  3. Click Lock.

  4. In the GTI Networks list, click + and add the local IPv4 networks you want to be available over the VPN.

  5. Click OK.

  6. Click Send Changes and Activate.

If you are using the old virtual server concept, you must enter the local IPv4 networks you want to be available over the VPN in the Server/GTI Networks table ( CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > your virtual server > Server Properties).

Step 2. Configure the VPN GTI Settings

Configure the IP addresses the VPN service is listening on and the IP addresses through which the VPN service can be reached from the outside. Enter all configured IP addresses. You can remove them later when configuring the VPN tunnel in the GTI Editor as needed.

Next Step

Add the VPN service to a VPN group and create VPN tunnels using the GTI Editor. For more information, see How to Create a VPN Tunnel with the VPN GTI Editor.

Contact Us
Barracuda Campus
Barracuda Support