Posted by: Markus Lang, product manager
Barracuda Networks has recently introduced its completely reworked and redesigned free of charge Barracuda Domain Controller Agent (short DC Agent) application. In a nutshell, the Barracuda DC Agent is the connector between Barracuda NG Firewalls and Microsoft Domain Controllers which allows for transparent monitoring of user authentications against Microsoft Domain Controllers. The Barracuda DC Agent periodically checks the Microsoft Domain Controller for login events and keeps a record of all users that have been authenticated by the Domain Controller. This user context information is constantly provided to the Session Manager of the Barracuda NG Firewall in order to obtain a list of all authenticated users, which can be used to create user and group based policies, for example “block HTTP connections for users which are not being members of the group marketing for a certain period of time”.
The new Barracuda DC Agent provides single sign-on capability to Barracuda NG Firewalls by avoiding the need for users to authenticate themselves by means of the captive portal or to install an authentication helper client on their desktops. The latest version provides also multi Active Directory support, which means that the Barracuda DC Agent can be fed from more than one Active Directory, thus minimizing administration overhead for the admins. Furthermore, the new Barracuda DC Agent also features an intelligent IP exemption list, which is automatically filled with IPs (e.g. proxies) which should be excluded in order to avoid that users are associated with multiple IP addresses.
In case the admin does not choose to use the provided user identification for creating user and group specific firewall rules, there is a pretty good reason to collect the login data from the Active Directory: The user context is displayed in firewall logs and various display screens, one of them being the Live View, which displays real time firewall traffic, thus allowing the security specialist to know exactly what the users are currently up to and to react appropriately. In the below example the admin would now have the option to assign a different traffic shaping connector for each session or to terminate shady sessions completely.
BTW, the Barracuda DC Agent is also fully compatible with the Barracuda Webfilter and the Barracuda Spam&Virus Firewall.
For more information please visit the Barracuda NG Firewall product overview page or download the Barracuda DC Agent User Guide here.
- By Markus Lang - Product Manager
- Sep 27, 2011
- Posted in Barracuda NG Firewall