Wednesday, March 7, 2012

How To Virtualize a Barracuda Spam & Virus Firewall

We just got a brand new 200 series because we have too many users for the 100, and there is no 200Vx, only a 100Vx or a 300Vx with the 200Vx oddly left out of the lineup.  I decided to try and virtualize it just to see if i could.  The answer is yes!  It's pretty easy to virtualize the device for vmware without having to open the case.  You can also use these steps to make a backup (clone) image of the hard drive in case it fails.  Then you could use the image to restore your barracuda to a replacement hard drive

My barracuda does not have the tulip network driver so I was unable to get it working in Hyper-V, but VMware workstation worked great for me.  Some other posts talk about IDE hard drives, USB cd boot in bios, which my device does not support.  I may have a newer revision which is an atom D525 in what looks like a rebranded supermicro 1u chassis and a 250gb Seagate Barracuda hard drive (har har).

I don't recommend it but if you are looking to play around you can unlock many of the features from the higher end models fairly easily.  Look at the last few steps of the post to learn more about how to do that, just note that it requires you to have root access to the machine.

Power it up:

  1. Press p at the bootloader pictured above
  2. The grub bootloader password is bimg
  3. Press e on barracuda
  4. Press e on the second line, scroll to the end, and add init=/bin/bash
  5. Once you get a command prompt, mount –o remount,rw /
  6. Remove the root password in /etc/shadow (I copied shadow to shadow.bak so I could put the box back to factory if i ever needed)
  7. Reboot
  8. Press p at the barracuda boot splash screen (this is a grub boot loader)
  9. Press e on barracuda
  10. Press e on the second line, scroll to the end, and add the word single after the word quiet
  11. Press b for boot
  12. Log in as root (this is why we removed the root pw)
  13. Connect a usb drive that is the same size or larger than your barracuda, mine has a 250gb sata disk (I formatted my external /dev/sdb1 as ext3)
  14. mkdir /mnt/usb
  15. mount /dev/sdb1 /mnt/usb
  16. dd if=/dev/sda of=/mnt/usb/barracuda.img
  17. Now you have a backup image on your USB hard drive. I connected it to another linux server, copied it to my windows server and used starwind v2v to convert the raw image to an expanding virtual machine image. 
  18. If you convert it to a VMWare Virtual Machine it will work just fine, boot it up
  19. Edit the boot loader and add init=/bin/bash to the end of the entry
  20. Once you have a prompt mount the partition read/write: mount -t remount, rw /
  21. Edit /etc/fstab and change all of the sda[x] entries to be hda
  22. Edit /boot/grub/menu.lst and change the sda entries to hda.
  23. Optional: remove the bootloader password in /boot/grub/menu.lst
  24. Optional: allow yourself to SSH to it: iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
    1. To make this persistent add an entry in /etc/sysconfig/iptables
  25. Optional: to SSH in to it you will need a root password, so log in to the box as root and set one
  26. Optional: If you want to add some features that are in the higher end models this post tells you what files to create to unlock them:  http://blog.shiraj.com/index.php/2009/09/barracuda-spam-firewall-root-password/
  27. Optional: If you want to unlock even more than you can find in that post you will need to do a little work.  Look for the file Features_table.pm on the filesystem, and create a blank file in /etc/barracuda/features for each feature you want to enable. Beware, many of the features are meant for higher end models so some features may not work or may have unexpected behaviors.

Friday, March 2, 2012

Barracuda Spam & Virus Firewall 200 Review

Unboxing and configuration:
We've had an old custom postfix/spamassassin/amavis setup for the last several years that has been catching less and less email.  I set it up many years ago and no longer remember how, and was never all that great at tweaking it beyond the basic settings.  With the complexity of spam and the amount that has been getting through we decided it was time to find a new solution and started looking in to our options.  We have 120 users at the moment with another 50-100 distribution groups, so I'm not really interested in any option where I have to go in and enter each user and assign distribution groups to user accounts.  This makes most hosted options difficult, and with 120 users it can get expensive.  We started looking at appliances and ended up getting the Barracuda Spam & Virus Firewall 200 with 1 year of energize updates, which cost us $1,900.  We were looking for a virtual appliance but for some odd reason barracuda only makes a 100vx and a 300vx, but no 200vx.  The cost of the 200 was cheaper than the 300vx and we don't really need the extra features of the 300vx.

Plugging the unit in was quite simple, it fired up in a couple minutes.  The short page it comes with says to hold down the reset button for several seconds to set the IP address to one of the 3 options which was quite handy.  It took a minute but eventually it loaded on the requested address.  I signed in with the default admin/admin and went to change the IP address to a valid one.  This is where I ran in to my first annoyance with the device.  Every section has a save changes button next to it, but you MUST enter all of "required" options or it won't save, it will instead clear everything you entered and make you try again.  This wouldn't be so annoying if the save changes button wasn't under every section, it highlighted what was required, and then didn't reset everything if it didn't like something.  The usability here is very poor, the interface feels like it was built in 1995.
*Update* I talked to Barracuda support and they know the usability of some of the interfaces isn't very good, it's been reported to the engineers but it sounds like they have no inclination to fix it.


With the IP configured I went and set up spam to tag all email as [spam], disabled bouncing messages and disabled the quarantine so we could see how well it is working.  I went to the domains tab, added my domain and then sent a test message.  The barracuda blocked my messages because it was sent to an invalid domain even though I had just added it to the domains list.  After messing with this for a while i eventually rebooted the device, and it started working.  After a while I added another domain I needed and it did the exact same thing.  The only way to add a domain to the device appears to be to add it, and then reboot it.
*Update* I talked to Barracuda support and this is a known bug in the firmware.  Apparently you can hit reload instead of reboot and that will apply the changes.  They have no ETA for a fix.

Features
The Barracuda Spam & Virus Firewall 200 has a lot of features.  If you look at the configuration page (you can see a demo of it here: http://www.barracudanetworks.com/demos.php) there are a lot of options to play with.  One interesting feature is the Exchange Anti-Virus Add-in that installs a virus scanner in your exchange environment so any internal messages get scanned as well.  This is useful if a virus gets in to your network before the barracuda has the definitions to catch it, the exchange server can then catch it if it gets sent to anybody else.  I haven't played with it but if I decide to keep the device I will.

The device can be configured to back up important data to an FTP server or a network share, another useful feature in the event the device fails.  In the case of  FTP you need to make sure any directory you specify exists, as the barracuda will not attempt to create it if it does not exist.  

Barracuda Reputation is Barracuda's shared blacklist with information from all of our devices.  By default messages are blocked, I chose to tag instead of block because I don't want an important message to get blocked because of the BRBL.

Attachment Filtering allows you to have the barracuda handle file types you may not want to accept (.exe for example), they have a predefined list and then you can enter any others you want.

Pattern filtering allows you to have the barracuda watch email for specific things like credit card numbers or other sensitive information you may want to control from coming in our out.  I don't plan to use this feature but I can see how it could be useful.

Another very useful feature is the Reverse DNS tab where you can block entire countries.  If you don't ever correspond with anybody in Russia you can very easily block all email coming from there:


How well it works:
We've only been running it for 24 hours and it's processed 43,184 emails, tagged 6,012, and allowed 2,484.  We have been running this inline with our previous spam filter so we can see how they do relative to each other and the barracuda seems to be catching around 10% more than the old solution, and very rarely fails to tag a message the old system did.  I'd say performance wise once you have it running the device does a pretty good job.  Hopefully it continues to work well in the future!