Barracuda Icon
Chat
Live Chat

Hi, I'm Rosa.
How may I help you?

How may I help you?

Click below to send us a Message

Support

A global support network of experts.
At your service.

Back to Knowledgebase

How can I assess the vulnerability of my Barracuda Spam & Virus Firewall? What ports and protocols are used?

Solution #00004002

Scope:
All Barracuda Spam & Virus Firewalls, all firmware versions.

Answer:
The Barracuda Spam & Virus Firewall utilizes a hardened Linux operating system for maximum security and stability. The end customer interfaces to the Barracuda Spam & Virus Firewall include a console-based, menu driven interface for basic system configuration and troubleshooting and a Web based interface for administration and end user access. Barracuda Networks appliances are not designed for end customers to have any operating system or shell access to the device. As such, the most appropriate method of performing vulnerability assessments of Barracuda Networks appliances are from the network side.

The following is a list of network connections and communications by the Barracuda Spam & Virus Firewall:

1. Inbound communications

Across Barracuda Networks appliances, there are several ports that are generally open inbound for Barracuda Networks appliances to operate. These include:

  • HTTP for Web user interface (usually port 8000, this can be configured by the administrator)
  • HTTPS for secure Web user interface (usually port 443, this can be configured by the administrator)
  • SNMP over port 161
  • Clustering protocols over ports 8002 note: older firmwares used 8002 also
The Barracuda Spam & Virus Firewall also requires the following inbound ports open:
  • Port 25 for SMTP traffic
2. Outbound communications to Barracuda Central

Barracuda Networks products communicate with Barracuda Central both to receive ongoing updates. In addition, Barracuda Networks products report aggregated statistics to help Barracuda Networks fight spam, virus, and other threats as well as optimize and monitor the product. Information is collected electronically and automatically. Statistics include, but are not limited to, the number of messages processed, the number of messages that are categorized as spam, the number of virus and types, IP addresses of the largest spam senders, the number of emails classified for Bayesian analysis, and other statistics.

Customer data will be kept private and will only be reported in aggregate by Barracuda Networks.

The following outbound ports are utilized across Barracuda Networks appliances:
  • HTTP over port 80 or 8000 outbound to Barracuda Central servers for updates.
  • NTP over port 123 to Barracuda Central servers (this can be reconfigured to use internal NTP servers).
  • SSH over port 22. System administrators can manually initiate a reverse tunnel to Barracuda Central support servers for remote support. This feature can also be disabled.
In addition, the Barracuda Spam & Virus Firewall may communicate to Barracuda Central servers:
  • SMTP over port 25 for submitting messages marked as spam to Barracuda Central servers (this can be disabled).
  • SMTP over port 25 for submitting suspected virus samples to Barracuda Central servers (this can be disabled).
  • DNS queries over port 53 for Barracuda Real-Time Virus Protection (this can be disabled).
  • Aggregated statistics collection over port 5022, port 443, and port 80 to Barracuda Central servers.
Barracuda Central servers currently utilize the following IP address ranges:
  • 216.129.105.0/24
  • 216.129.125.192/26
  • 205.158.110.0/25
  • 64.235.144.0/20
  • 74.217.37.0/24
3. Outbound communication to internal infrastructure

Depending on the features utilized, Barracuda Networks products may use the network to communicate with external infrastructure. These ports include:
  • DNS over port 53 udp
  • SMTP over port 25
  • SNMP over port 161 tcp/udp
  • syslog over port 514 udp
In addition, the Barracuda Spam & Virus Firewall may, depending upon your local configuration, communicate to other infrastructure components:
  • LDAP over port 389/636 for recipient verification, single-sign on, and outbound relay authentication.
  • RADIUS over port 1812 tcp/udp for single sign-on features.
  • POP3 over port 110 (or port 995 for POP3 over SSL), used for remote mail collection and single-sign on features.
  • IMAP over port 143 (or port 993 for IMAP over SSL), used for remote mail collection.
4. Outbound communication to the Internet in general

The Barracuda Spam & Virus Firewall should be open for outbound communication using the following protocols:
  • SMTP to deliver outgoing mail for outbound relay functions
  • DNS for use by any customer external blacklists (DNSBL's)
Link to This Page:
http://www.barracuda.com/kb?id=50160000000Hb4J