Before You Begin
Operators of Firewall Models F800 and F900
Barracuda Firewall Admin
After updating a system, you must also download Firewall Admin with the same version. Firewall Admin is backward-compatible. That means you can manage 7.x and 8.x F-Series Firewalls and Control Centers with Firewall Admin 8.x.
New 2-Layer Service Architecture
With firmware release 8.0.2, Barracuda introduced a new 2-layer service architecture that makes the former server node in the configuration tree obsolete. As already announced in previous migration notes, converting the former 3-layer server-service architecture to the new 2-layer service architecture was optional within the period of firmware version 8.0.2 to 8.0.6
Supported Models for Firmware Version 8.3.3
The following models are capable of running firmware version 8.3.3:
Barracuda CloudGen F-Series and Control Center Models | ||
---|---|---|
Hardware Systems | F12 Rev A, F18 Rev A/B, F80 Rev A/B, F82 Rev A, F93 Rev A, F180 Rev A/B, F183 Rev A, F183R Rev A, F193 Rev A, F280 Rev B/C, F380 Rev A/B, F400 Rev B/C, F600 Rev C/D, F800 Rev C, F900 Rev B, F1000 Rev A/B | |
Virtual Systems | VF10, VF25, VF50, VF100, VF250, VF500, VF1000, VF2000, VF4000, VF8000, VC400, VC610, VC820 | |
Virtual and Cloud Systems | VFC1, VFC2, VFC4, VFC8, VFC16, VFC48 (model number represents number of supported cores) | |
WWAN USB Modems | M30, M40, M41, M42 | |
Secure Connectors | SC20a, SC21a, SC22a, SC23a, SC24a/b, SC25a/b, SC26a, SC27a, SC28a, SC29a, SC30a, SC31a, SC34a, SC35a FSC20A, FSC21A, FSC24B, FSC25B, FSC30A, FSC31A, FSC34A, FSC35A | |
Public Cloud | AWS, Azure, Google Cloud | |
Virtual Platforms | VM-Ware, Hyper-V, XEN, KVM (Proxmox running with KVM images) |
Standard Hardware Systems | ||
---|---|---|
Standard Hardware | A standard hardware system is a Barracuda CloudGen Firewall F-Series running on 3rd-party server hardware using an SF license. Consult the Barracuda Networks Technical Support to find out if your specific standard hardware is supported. |
Disk Space Requirements
Upgrading to version 8.3.3 requires your disk partitions to have enough free disk space. Firmware 8.3.3 requires the following partition spaces:
Disk Space Requirements FIREWALL:
Hard Drive Partition | Disk Space Required |
---|---|
swap | 2 GB |
boot | 1 GB |
/ | 8 GB |
/phion0 | 4 GB |
/art | 3 GB |
Disk Space Requirements CONTROL CENTER:
Hard Drive Partition | Disk Space Required |
---|---|
swap | 2 GB |
boot | 1 GB |
/ | 10 GB |
/phion0 | 4 GB |
/art | 10 GB |
Migration Path to 8.3.3
You can upgrade to firmware 8.3.3 via 8.0.6 from the following firmware versions:
Current Version | Via 8.0.6 | Target | Follow Migration Instructions |
---|---|---|---|
8.0.1 - 8.0.5 | Yes | 8.3.3 | Migration from 8.0.1/8.0.2/8.0.3/8.0.4/8.0.5 to 8.0.6 |
8.0.6 - 8.2.3 | --> | 8.3.3 | See the instructions following next. |
Your firewall is now prepared to upgrade to firmware version 8.3.3.
Important Note before Upgrading to Release 8.3.3
Migration Instructions for 8.3.3
1. Upgrade of Virtual Machines for Forward Error Correction (FEC), and IPS
- Firmware version 8.3.1 now contains the new VPN feature Forward Error Correction (FEC).
- The IPS system has been replaced with a new implementation from Barracuda.
In order for these features to work as expected on virtual deployments, the virtual hardware must be upgraded to the newest version to work on the ESXi hypervisor directly after the deployment of the virtual machine. For using FEC, the supported version of your hypervisor must be greater than or equal to version 6.5.
For more information, see Step 2 in How to Deploy a CloudGen Firewall Vx OVA on VMware Hypervisors.
2. VPN, Usage of VPN Next Hop IPs
Before firmware version 8.3.0, certain VPN scenarios required you to configure next-hop interface IP addresses for the shared networks. Due to the new 2-layer service architecture, which is represented through the Assigned Services node in the configuration tree, it is no longer necessary to explicitly configure these IP addresses.
However, in this special case, it is necessary to apply some additions to the host firewall rule set.
For updating the host firewall rule set, you have two options:
- Add the missing rules manually
- Update the host firewall rule set with Copy from Default.
How to Update the Host Firewall Rule Set
Step 1. (optional) In case you have made additions/changes to the host firewall rule set manually:
Create a copy of all these firewall rules.
Option 2.1 (recommended): Add the missing rules to the host firewall rule set manually.
For more information on how to create a pass rule, see How to Create a Pass Access Rule.
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Service > Host Firewall Rules.
- Ensure that Inbound is selected in the top-left corner of the rule list display area.
- Click Lock.
- Add each of the rules in the list to the Inbound Host Firewall Rule Set.
Click Outbound in the top-left corner of the rule list display area.
Add each of the rules in the list to the Outbound Host Firewall Rule Set.
- Click Send Changes.
Option 2.2: (Only if you did not complete Option 2.1) Update the host firewall rule set with Copy from Default.
After the transformation to the new 2-layer service architecture, the host firewall rule set can be rebuilt by copying it from the default.
- Log into the firewall.
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services.
- Right-click Host Firewall Rules.
- In the list, click Lock.
- Right-click Host Firewall Rules.
- In the list, click Copy from Default.
- Click Activate in the top-right corner of the window.
Step 3. (optional) In case you have made a copy of individual firewall rules, you must restore them now.
Add the firewall rules that you copied before to the host firewall rule set.
How to Migrate to Version 8.3.3
Download the appropriate download file:
If You Migrate from Versions 8.0.1 - 8.2.2 to 8.3.3
- Go to the download portal https://dlportal.barracudanetworks.com/#/packages/5804/update.GWAY-8.3.3-0238+1hotfix.tgz
- Download the update package.
If You Migrate from Versions 8.3.0/8.3.2 to 8.3.3
- Go to the download portal https://dlportal.barracudanetworks.com/#/packages/5805/patch.GWAY-8.3.3-0238+1hotfix.tgz
- Download the patch package.
Start the Update
You can now update the CloudGen Firewall or Control Center.
For more information, see Updating CloudGen Firewalls and Control Centers.