Requirements

• A Barracuda CloudGen Firewall operating on v9.0 or above
• An active Lumu Defender Subscription
• A Docker-enabled host with Internet visibility over Lumu and the Barracuda CloudGen Firewall

Preliminary Setup - Barracuda CloudGen

• Encryption Keys
  
  • Public Encryption Key
  • Private Encryption Key.
  • Both are generated in the same step of this guide.
• OpenSSL
• REST API Access Token

Encryption Keys

You can use an existing public key to configure the integration. Make sure you have access to the matching private key. Both are required to successfully complete the configuration process.

Install OpenSSL

Most Unix-based systems already have OpenSSL installed. If this is your case, you can jump forward to the Generate the encryption keys section.

Windows systems

If you already have OpenSSL installed in your Windows system, you can skip forward to the Generate the encryption keys section.

1. Open a Command Prompt with Administrator privileges. To do so, open your Start menu, and search for “cmd”. The “Command Prompt” app will appear. Choose “Run as administrator.” from the panel on the right.

2. Once in the Command Prompt, run the following command and follow the on-screen instructions:

winget install -e --id ShiningLight.OpenSSL.Light

3. Open your system settings by opening your Start menu and search for System Settings. The View Advanced System Settings app will appear. Click on it.

4. A window with five tabs will appear. The Advanced tab should be currently active. If not, click on it. Then, once you’re on the Advanced tab, click on the Environment Variables button found on the lower right corner.

5. A window will appear with two fields. What you need for the following step is found in the field located on the lower half, System Variables. This field has two columns, Variable and Value. Using the Variable column, locate the Path variable and double click on it, or click the Edit button. The Edit environment variable window will appear

6. In the Edit Environment Variable window that just opened, click on the New button to add a new variable record. In the text field that requests your input, copy and paste the following value

%PROGRAMFILES%\OpenSSL-Win64\bin.

Finish by clicking the OK buttons until you reach the Settings window again.

7. To test the installation, open a new Command Prompt window and run the openssl command. You must get the following:

Unix-based systems

Generate the encryption keys

1. First, generate the private key, it will be needed to generate the public key. Run the following command:

openssl genrsa -out PRIVATE_KEY.pem [KEY_LENGTH]

Replace the parameters in red as follows:

PRIVATE_KEY is the name of the .pem file where the private key will be stored.

KEY_LENGTH is the length of the generated key. The recommended value is minimum 2048

2. Now, generate the public key using the private key. To do so, run the following command:

openssl rsa -in PRIVATE_KEY.pem -pubout -out PUBLIC_KEY.pem

Replace the parameters in red as follows:

PRIVATE_KEY is the name of the .pem file where the private key was stored. It is the same name as in the previous step.
PUBLIC_KEY is the name of the .pem file where the public key will be stored.

Store the keys in a safe place. Both keys are required to configure the integration and for its proper operation.

The .pem files can be opened in a text editor to access the key stored within.

Configure Barracuda CloudGen

• Manager role
• No OS Login Level Access
• Rest API Service with the Enable HTTPS interface setting active
• Access Token.

1. Login into Barracuda Firewall Admin. Make sure you select the Firewall category in the login screen.

2. You will need to create a new user to properly configure the Lumu integration. To do so head to the Configuration tab and select the Administrators category in the menu tree.

3. Make sure you click the Lock button in the upper right to unlock editing of Administrator Accounts. Then, click on the Green Plus icon to create a new user.

4. Type in a meaningful name for the user that will use the Lumu integration and click the Ok button.

5. In the following window, you will need to fill in the Full Name under Account Description, Assigned Roles and System Level Access under Administrator Authorization, and a Password under Administrator Authentication.

a. For Name, provide a descriptive name.

b. For Assigned Roles choose Manager. Assign a new one by clicking on the Green Plus.

c. For System Level Access choose No OS Login.

d. For Password, provide a strong, memorable password.

When you’re done filling these fields, click on the Ok button.

6. In the upper right, click on the Send Changes button, and then on the clipboard icon labeled Activate. This will open a popup dialog box where you will need to click the Activate button. Once activated, the Unlock button will be automatically changed to Lock.

7. Close the Administrators tab to return to the Configuration panel and the menu tree.

Enable access to the REST API

You can skip these steps if you previously configured the access to the Barracuda REST API.

Make sure you have the REST API HTTPS Port info at hand. If you are not sure about it, follow these steps to extract it. It will be required in the integration configuration process.

1. On the Configuration menu tree, expand the Infrastructure Services folder and select the REST API Service category.

2. Once in the REST API Service panel, make sure to click the Lock button in the upper right corner to enable editing of the parameters in this panel.

3. Under the HTTPS Interface category, the Enable HTTPS Interface box will be ticked or unticked depending on Barracuda’s global configuration parameters for these settings. Make sure that the Enable HTTPS Interface and Bind To Management IPs boxes are ticked.

4. Under HTTPS Port, fill in the port you want the Lumu integration to use. You can use the default one if available.

5. Once done, click on the Send Changes button in the upper right, and then on the clipboard icon labeled Activate. This will open a popup dialog box where you will need to click the Activate button. Once activated, the Unlock button will be automatically changed to Lock.

1. Still in the REST API Service tab, go to the Configuration panel on the left, and select the Access Tokens category.

2. Make sure you click the Lock button in the upper right to unlock editing of Administrator Accounts. Then, click on the Green Plus icon to create a new Access Token.

3. Type in a descriptive name for the token and click the Ok button.

4. A window will open. Click on the Generate New Token button.

5. Several of the fields in this window will be automatically filled in. Next, you will need to manually associate an Admin Name to this token. Click on the Admin Name dropdown box and select the user we created during the Integration Setup - Creating a user for the Lumu integration section of this document.

6. You will also need to manually fill in the Time to live [d] field. Here, type a number that will become the number of days for the token to remain active. Once done, click on the Ok button.

Follow your organization's guidelines to define the expiration date of your key. Remember that after the key expires, you must regenerate it and reconfigure your integration.

Write this token down. You will need it for the next section of this document.

7. Once again, click on the Send Changes button in the upper right, and then on the clipboard icon labeled Activate. This will open a popup dialog box where you will need to click the Activate button. Once activated, the Unlock button will be automatically changed to Lock.

Integration Setup - Lumu Portal

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the Barracuda CloudGen integration. The list is organized in alphabetical order from A to Z.

Click on the Add button.

3. Familiarize yourself with the integration details in the app description and click the Activate button to activate the integration.

4. Provide a meaningful Name. Under Threat Types, choose the specific threat mappings you want to push to Barracuda CloudGen. Select the option Include IP Indicators to include IP addresses in the information sent to your feed list. When done, click on the orange Next button.

If you leave the Include IP Indicators option unselected, you won’t be able to change it later. You will need to remove the integration and repeat all the steps again.

Please note that you cannot modify the information on this screen. Exercise caution when selecting Threat Types, as changes cannot be made later.

5. In the next window you will need to enter the Public Key generated in Step 2 of the Generate the encryption keys section. You can do so in two different ways:

a. You can copy and paste the contents of the .pem file you generated by opening the file in a text editor and placing them in the text field that awaits your input.

b. You can upload it directly. To do so, click on the Upload from your device button under the text field. Head to the location where you stored the .pem file to do so.

This will be used by Lumu to safely store the secrets related to the integration. Click the orange Next button to continue.

This public key must match the private key you will use in later steps of the configuration process.

6. The next window will ask you to fill in the following information in order to connect to Barracuda CloudGen:

a. Token: This is the access token generated for the associated user. This is obtained during the Configure Barracuda CloudGen section.
b. Passphrase: This is the password for the associated user from the step above.
c. Hostname: This is the IP Address of the Fully Qualified Domain Name (FQDN) for the Firewall.
d. Custom External Object: Choose one of the four slots for the integration to communicate with.

7. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration:

Deploy and configure the integration component

Now, it is time to deploy and configure the Barracuda Integration component. You can find detailed instructions on how to deploy it in our Dockerhub repository.

Final Steps - Validate the Integration on the Barracuda Firewall

You can validate that the integration is functioning properly in the Barracuda Firewall by following these instructions.

Head to the Forwarding Rules (1) -> Networks (2) > DYNAMICS (3) -> Custom External Object (4) list in your Barracuda CloudGen Firewall. The Custom External Object you selected in Step 6 of the Integration Setup - Lumu Portal section will be updated with confirmed compromises detected since the integration is activated and will confirm that the integration component is deployed and operative.