It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda XDR
Overview Documentation Materials

Integrating Barracuda Web Application Firewall

  • Last updated on

To integrate Barracuda Web Application Firewall, do the following:

  1. Enable the Barracuda WAF integration.
  2. Install the XDR Collector.
  3. Configure the Firewall.
  4. Open port on the XDR Collector Host.
  • The install command is unique to the current selected account and should only be run on systems within that environment.

Enable Barracuda Web Application Firewall

  1. In Barracuda XDR Dashboard, navigate to Administration Integrations.
  2. On the Barracuda Web Application Firewall card, click Setup.
  3. Select the Enabled check box.
  4. Click Save.

Install the XDR Collector

  1. In Barracuda XDR Dashboard, click Infrastructure > Collectors.
  2. In the Policies table, locate the On-Prem policy, then click Action > Install.

Configure the firewall

To add a syslog server, do the following:

  1. Go to the ADVANCED > Export Logs page.
  2. In the Export Logs section, click Add Export Log Server. The Add Export Log Server window opens. Specify values for the following:
    • Name – Type Barracuda XDR Collector as the name for the syslog server.
    • Log Server Type – Select Syslog NG.
    • IP Address or Hostname – Type the IP address or the hostname of the system hosting the XDR Collector.
    • Port – Type port 9256.
    • Connection Type – Select UDP.
    • Validate Server Certificate – Do one of the following:
      • Set to Yes to validate the syslog server certificate using the internal bundle of Certificate Authority's (CAs) certificates packaged with the system. If you choose this option, send the certificate to XDR support so they can do the necessary additional configuration.
      • Set to No to accept any certificate from the syslog server.
    • Client Certificate – Set to Yes so the Barracuda Web Application Firewall presents the certificate while connecting to the syslog server. Send the certificate to XDR support so they can do the necessary additional configuration.

    • Certificate – Select a certificate for the Barracuda Web Application Firewall to present when connecting to the syslog server.

      You can upload certificates on the BASIC > Certificates page. For more information on how to upload a certificate, see How to Add an SSL Certificate.
    • Log Timestamp and Hostname – Set to Yes.
  3. Click Add.

The Barracuda Web Application Firewall documentation is available here.

Open the port on the XDR Collector Host

  • Identify the firewall software running on your system and run the necessary command:
    • Linux
      Iptables: sudo iptables -A INPUT -p udp --dport 9256 -j ACCEPT
      firewalld: sudo firewall-cmd --add-port=9256/udp 
    • Windows
      netsh advfirewall firewall add rule name=“Barracuda WAF Events” dir=in action=allow protocol=UDP localport=9256