AAA and PFS in Barracuda Load Balancer ADC version 5.2

Print Friendly, PDF & Email

Today’s complex networking environment often requires coordinating a high-volume, high-capacity load balancing configuration with robust authentication and authorization.  Users may connect to a VPN through mobile access points such as consumer-grade DSL or Cable connections, WiFi, or even dial-up nodes. Those connections usually use dynamic IPs, which can change during the connection. If you configure RADIUS load balancing on the Barracuda Load Balancer ADC appliance to support persistent client connections to RADIUS authentication servers, the appliance uses the user logon or the specified RADIUS attribute instead of the client IP as the session ID.  This directs all connections and records associated with that user session to the same RADIUS server. Users are therefore able to log on to your VPN from mobile access locations without experiencing disconnections when the client IP or WiFi access point changes.

What is AAA:  Authentication, authorization, and accounting (AAA) is a framework for controlling access and auditing usage.  The RADIUS Server Load Balancing feature distributes AAA authentication and accounting transactions across RADIUS servers in a server group. These servers can share the AAA transaction load and thereby respond faster to incoming requests.

Enhancements: The AAA feature is now available in the Barracuda Load Balancer ADC 340 and 440.You can now configure the WAN IP address, network mask, and gateway when restoring the Barracuda Load Balancer 4.x backup file to the Barracuda Load Balancer ADC.

SSL Enhancements: Perfect Forward Secrecy (PFS) with ECDSA and RSA certificates and associated ciphers are now supported. The key exchange mechanism supported is Elliptic Curve DHE. These SSL enhancements are increasingly relevant in a post-Snowden world. With PFS, communications intercepted today can never be decrypted, even far into the future, due to the ephemeral nature of the PFS scheme. You can also customize backed SSL, including SNI extensions in the TLS header if the server requires this to be enabled. Supports Certificate Revocation List (CRL) and OCSP validation for client certificates.

Traffic Management Enhancement: The Redirect Rule feature is now supported in the Barracuda Load Balancer ADC 340 and 440.

Load Balancer Migration Enhancement: You can now configure the WAN IP address, network mask, and gateway when restoring the Barracuda Load Balancer 4.x backup file to the Barracuda Load Balancer ADC.

If you would like to evaluate the Barracuda Load Balancer ADC in your network, visit the product website for a risk-free 30-day demo unit.

 

Scroll to top
Tweet
Share
Share