SecureEdge Access Deployment Using Private PoPs
This article explains how to set up SecureEdge Access using Private PoPs. SecureEdge Access is a scalable, fully managed Barracuda SaaS solution. Both the SecureEdge SaaS service and SecureEdge Access are subscription-based, hosted, and managed by Barracuda Networks.
Check your SecureEdge Access plan to configure your PPoP. A PPoP is configurable in the SecureEdge Private Access and SecureEdge Premium Access plans, but not in the Internet Access or DNS Access plans. For more information, see SecureEdge Access Plans.
Before You Begin
Create a Barracuda Cloud Control account. For more information, see Create a Barracuda Cloud Control Account.
To deploy SecureEdge Access using Private Points of Presence, configure SecureEdge Access with the following steps:
Step 1. Activate SecureEdge Access Using Activation Key
After you place your order with Barracuda Networks, you’ll receive an email with a product activation key. Log in to Barracuda Cloud Control and complete the four-step activation process. Once activated, you’ll be directed to the SecureEdge dashboard, where you can verify your subscription status in SecureEdge Manager under Profile > Subscription before proceeding to Step 2. For more information on how to activate the Barracuda SaaS Service, see How to Activate the Barracuda SaaS Service Using an Activation Key.
Step 2. Private Points of Presence (PPoP)
Barracuda SecureEdge supports three different types of points of entry: firewalls, Edge Services, and Sites. The SecureEdge Manager allows you to configure the points of entry by selecting either an existing Edge Service, Site, or firewall that the Barracuda SecureEdge Access Agent can connect to. Registration of CloudGen Firewalls is token based. The CloudGen Firewall fetches a requisite certificate and a Zero Trust access policy from the cloud services; however, it does not get security features or SD-WAN policies from the service. On the Points of Presence page, you can find information on enrolled Private PoPs in the Barracuda SecureEdge environment.
To select the CloudGen Firewall as a Private PoP, you must first configure a CloudGen Firewall in Barracuda SecureEdge. For more information, see How to Configure a Barracuda CloudGen Firewall in Barracuda SecureEdge.
For more information, see How to Configure Private Points of Presence (PPoP).
Step 3. Connect to Identity Management
The Barracuda SecureEdge Manager lets you configure an identity provider and user directory via the Identity > Settings tab and sync with Zero Trust access. For more information, see Identity Management.
The Barracuda SecureEdge Manager supports the following identity providers and user directories:
Identity Providers | User Directories |
|---|---|
Barracuda Cloud Control | Barracuda Cloud Control |
Microsoft Entra ID | Microsoft Entra ID |
Google Workspace | Google Workspace |
OpenID Connect | Okta |
SAML 2.0 | LDAP |
Okta Workforce | SCIM |
|
Step 4. Enroll Users, Groups, or Devices
Barracuda SecureEdge allows administrators to enroll users, groups, or devices through the SecureEdge Enrollment page. Start by creating an enrollment invitation on the Enrollments page, and then enroll based on your available license capacity. To connect with an Access Agent, download the Barracuda SecureEdge Access Agent, install it, and then run the agent.
For more information, see Enrollments.
Step 5. Verify Enrolled Devices and Users
Once enrollment is complete, device protection is automatically enabled. Use the Enrolled Users and Enrolled Devices pages to view details about enrolled users and devices.
For more information, see:
To configure a custom Access Agent network configuration, you must specify the network DNS suffix and enable the Use Manual Configuration option. For more information, see How to Configure a SecureEdge Access Agent Network.
(Optional) Settings for an Enrolled User
The user Settings page provides access and device setup options, including the ability to change the user’s license and device profile. For more information, see Configuring Device Settings for an Enrolled User. You can also override SecureEdge access settings by enabling User Override and then adjusting options such as Tamperproof, Windows Pre-Logon, Web Filtering, and TPM Enforcement. For more information, see Access Settings.
(Optional) Global Enrollment Settings
You can configure SecureEdge Access device settings and unattended enrollment settings at the global level. For more information, see Device Settings and Unattended Enrollment: Adding Certificates and Domain Configuration.
Step 6 Configure Policies, Logs, and Reports
Create a ZTNA Policy
The ZTNA policy specifies available resources for Barracuda SecureEdge Access Agent users and their access restrictions. For more information, see How to Create ZTNA Policies.
Create a Web Filter Policy
You can create Web Filter policies . In addition, you can also configure Web Filter policies with AI-based Content Inspection for social media platforms. For more information, see How to Set Up AI Content Inspection for Web Filter.
Configure Logs and Reports
SecureEdge Logs collect log data from your connected Sites / Edge Services / PoPs when Web Filtering is enabled. The data streams to your selected region.
For more information on logs and reporting, see: