Yes, I thought about your idea, but I would not introduce too many hops... in addition I cannot manage Public IPs directly from Barracuda VA. Is there a kind of parameter I can configure to deploy all costumer's instance on tha same VR's host?
On Tue, Dec 3, 2019 at 6:57 PM Andrija Panic <andrija.pa...@gmail.com> wrote: > Hi, > > it's not possible to completely replace (i.e. not without complete ACS code > base change....), but you might want to see if the following helps: > - Assign one or more (as required, one at minimum) additional Public IPs on > the VR, and then configure Static Nat from that Public IP to the internal > IP of the Baracuda appliance (which you would deploy from template - ACS > 4.13 supports appliances for VMware, so you should be able to answer all > the questions that are input to the appliance, so to speak...) > - Then attach this Baracuda to all the networks whose VMs you want to > "protect" > > Effectively trafic goes as follows: internet ---> VR (Public IP, Static > NAt to...) ---> Baracuda/internal appliance - and the VMs would use > Baracuda as the default gateway. > This does imply not being able to manage IPs via DHCP, since for any > DHCPDISCOVER, the dnsmasq inside VR will also offer an IP, beside Baracuda > doing that... > (configure ACLs to forbid ANY outgoing traffic from networks where you have > your user VMs - Baracuda appliance is on the dedicated private network > (which you can consider as "public" or "north-side" to the Baracuda > appliance) so here you allow all outgoing traffic from this network to > Internet) > > Then you would be able to use Baracuda as the endpoint for the VPN tunnels. > Far from perfect, but might work for you, if you can live with the > limitations. > > Best, > Andrija > > On Tue, 3 Dec 2019 at 17:20, Alessandro Caviglione <c.alessan...@gmail.com > > > wrote: > > > Hi guys, > > I'm trying to understand if it's possible to replace a VR for a single > > customer. > > I've ACS 4.13 with vSphere 6.7 and Advanced Networking, one of my client > > wants to use Barracuda Virtual Firewall because he wants to connect Cloud > > network to offices networks using TINA VPN (proprietary protocol) instead > > IPSec. > > So, is it possible to replace VR with the Barracuda Virtual Appliance? > > > > Thank you > > > > > -- > > Andrija Panić >
