How to Create Edge Service Source NAT Rules

The Barracuda SecureEdge Manager allows you to create source NAT rules (SNAT) for your connected Edge Services. 

Before You Begin

• To use the users or groups from the user directories (such as Microsoft Entra ID, LDAP, Google Workspace, Okta, SCIM, or Barracuda Cloud Control) in your network policies, you must first connect your SecureEdge Identity Management in order to synchronize the users and groups. For more information, see Identity Management. 

• To select users or groups from the user directories (such as BCC-linked Microsoft Entra ID or the BCC-linked LDAP directory) in your network policies, you must first connect your directory with Barracuda Cloud Control in order to synchronize users and groups. For more information, see LDAP Active Directory and Microsoft Entra ID and How to Connect Microsoft Entra ID with Barracuda Cloud Control.

Create an Edge Service Source NAT Rule

1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

2. The chosen Tenant/Workspace is displayed in the top menu bar.

3. From the drop-down menu, select the workspace containing your Edge Service.

4. Go to Security.

5. Expand the Network ACL menu on the left and select Edge Service Source NAT.

6. The Edge Service Source NAT window opens. To create a new rule, click Add rule.

7. The Add New Source NAT Rule window opens. Specify values for the following:

   • Scope – Select the scope of this rule from the drop-down menu. You can select either All Edge Services or a specific Edge Service.

   • Name – Enter a unique name for your rule. Note: You can use a maximum of 64 alphanumeric characters and the hyphen.

   • Description – Enter a brief description.

   • In the Action section, specify values for the following:

     • Priority – Select the priority level for the rule from the drop-down menu. You can choose between Real Time, High, Medium, and Low.

     • Fallback – Select the fallback from the drop-down menu. You can choose between Allow and Block. Note: The Fallback action occurs when the rule cannot be applied.

     • Translate Source IP – Select the translate source IP from the drop-down menu. You can choose between Original Source IP or Explicit IP.

       • If you select Explicit IP, you must enter an IPv4 address to use for source translation.

   • In the SOURCE CRITERIA section, specify the following:

     • Type – Select a source type. You can choose between Custom Network Application, IP/Network, Connectors, Private Edge Service, Site, and User/Group.

       • If you select Custom Network Application, you must add one or more custom network applications from the drop-down menu, or type to search.

       • If you select Connectors, you must add one or more connectors from the drop-down menu, or type to search.

       • If you select IP/Network, specify values for the following:

         • IP/Network – Enter the IP address or network, and click +.

       • If you select Private Edge Service, you can enable either All Private Edge Services or add a specific Private Edge Service after disabling All Private Edge Services. Note: All Private Edge Services is disabled by default.

       • If you select Site, you can either enable All Sites or add a specific Site after disabling All Sites. Note: All Sites is disabled by default.

       • If you select User/Group, you must add one or more users/groups from the drop-down menu, or type to search. Note: All users is disabled by default.

   • In the DESTINATION CRITERIA section, specify the following:

     • Type – Select a destination type. You can choose between Application, IP/Network, Site, Private Edge Service, and Connectors.

       • If you select Application, you must add one or more applications from the drop-down menu, or type to search.

       • If you select IP/Network, specify values for the following:

         • IP/Network – Enter the IP address or network, and click +.

       • If you select Connectors, you must add one or more connectors from the drop-down menu, or type to search.

       • If you select Private Edge Service, you must select a Private Edge Service from the drop-down menu, or type to search.

       • If you select Site, you can either enable All Sites or add a specific Site after disabling All Sites. Note: All Sites is disabled by default.
         
         

         Open

         

8. Click Save.

After the configuration is complete, you can see that the new rule has been added to the Edge Service Source NAT table.

Open

Edit an Existing Source NAT Rule 

1. Select the workspace containing your Edge Service.

2. Go to the Security > Network ACL menu on the left and select Edge Service Source NAT.

3. The Edge Service Source NAT window opens. Click on the pencil icon next to the rule you want to edit.

4. The Edit Source NAT Rule window opens. Edit the value you are interested in. 

5. Click Save.

Remove an Existing Source NAT Rule  

1. Select the workspace containing your Edge Service.

2. Go to the Security > Network ACL menu on the left and select Edge Service Source NAT.

3. The Edge Service Source NAT window opens. Click on the trash can icon next to the rule you want to remove.

4. The Delete Source NAT Rule window opens.

5. Click OK to confirm.

Filtering Functions

You can add filters to view specific content on the page. Click Add Filter in the top-right corner of a page and select the criteria you wish to search for.

Open

To reset the filter, click Clear Filters.