Hi, it's not possible to completely replace (i.e. not without complete ACS code base change....), but you might want to see if the following helps: - Assign one or more (as required, one at minimum) additional Public IPs on the VR, and then configure Static Nat from that Public IP to the internal IP of the Baracuda appliance (which you would deploy from template - ACS 4.13 supports appliances for VMware, so you should be able to answer all the questions that are input to the appliance, so to speak...) - Then attach this Baracuda to all the networks whose VMs you want to "protect"
Effectively trafic goes as follows: internet ---> VR (Public IP, Static NAt to...) ---> Baracuda/internal appliance - and the VMs would use Baracuda as the default gateway. This does imply not being able to manage IPs via DHCP, since for any DHCPDISCOVER, the dnsmasq inside VR will also offer an IP, beside Baracuda doing that... (configure ACLs to forbid ANY outgoing traffic from networks where you have your user VMs - Baracuda appliance is on the dedicated private network (which you can consider as "public" or "north-side" to the Baracuda appliance) so here you allow all outgoing traffic from this network to Internet) Then you would be able to use Baracuda as the endpoint for the VPN tunnels. Far from perfect, but might work for you, if you can live with the limitations. Best, Andrija On Tue, 3 Dec 2019 at 17:20, Alessandro Caviglione <[email protected]> wrote: > Hi guys, > I'm trying to understand if it's possible to replace a VR for a single > customer. > I've ACS 4.13 with vSphere 6.7 and Advanced Networking, one of my client > wants to use Barracuda Virtual Firewall because he wants to connect Cloud > network to offices networks using TINA VPN (proprietary protocol) instead > IPSec. > So, is it possible to replace VR with the Barracuda Virtual Appliance? > > Thank you > -- Andrija Panić
