It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda WAF Control Center
Overview Documentation Training Materials

WCC Deployment Quick Start Guide

  • Last updated on

Complete the steps in this guide to configure, launch, and license your Barracuda WAF Control Center instance.

Before You Begin

  • The Barracuda WAF Control Center Vx is deployed with one Network Interface Card (NIC) by default
  • The management interface cannot be added without adding the LAN interface
  • For deployments in AWS or Azure, the license type is “Bring your own license” (BYOL)

In this article:

  • Private Cloud indicates systems like VMWare ESXi, Hyper-V, Oracle Virtual Box, etc.
  • Public Cloud indicates Amazon Web Services and Microsoft Azure.

Deployment Steps

Perform the following steps:

Step 1. Open Network Address Ranges 

Ensure that you have network connectivity to "updates.cudasvc.com".

For private cloud deployments, ensure that the network ranges/ports are allowed on the upstream network firewall. For public cloud deployments, create the security group/network security groups.

For more information on the usage of ports for the WCC, check the following table:

HostnamePortDirectionTCP/UDPPurpose
term.cuda-support.com22OutboundTCPTechnical Support connections
 25Inbound/OutboundTCPEmail alerts
 53OutboundBothDomain Name Service (DNS)
cnt12.upd.cudasvc.com80/8000Inbound/OutboundTCP
  • Virus/attack/security definition and firmware updates
  • VM provisioning
cnt13.upd.cudasvc.com
cnt14.upd.cudasvc.com
cnt15.upd.cudasvc.com
ntp.barracudacentral.com123OutboundUDPNetwork Time Protocol (NTP)
updates.cudasvc.com443OutboundTCPInitial VM provisioning *
* The initial provisioning port can be disabled after the initial provisioning process is complete.
Connectivity between WAF Instances and the WCC:

Bi-directional traffic for the following ports should be allowed between the WAF WAN IP address and the WCC WAN IP address.

PortDirectionTCP/UDPPurpose
48320/48321Inbound/OutboundTCPSecure tunnel between the WCC and WAFs
2200Inbound/OutboundTCPFile transfer

Step 2. Start the Virtual Appliance, Configure Networking, and Enter the License

You should receive your license token/serial # of Barracuda Vx via email or from the website after you download the Barracuda WAF Control Center Vx package. If not, you can request an evaluation on the Barracuda website at https://www.barracuda.com/purchase/evaluation or purchase one from https://www.barracuda.com/purchase/index. The license token looks similar to the following: 01234-56789-ACEFG.

Virtual Machine Deployment for Private Clouds

Ensure that you make a note of the Barracuda Vx serial number displayed here. The same serial number should be provided as password when you log into the Barracuda Web Application Firewall Vx web interface.

  1. In your hypervisor client, start the virtual appliance and allow it to boot up.
    1. For instructions on deploying the images on specific private cloud platforms, see How to Deploy the Barracuda WAF Control Center Vx image.
    2. For instructions on allocating system resources like CPU, RAM, and storage, see Allocating Cores, RAM, and Hard Disk Space for Your Barracuda WAF Control Center Vx.
  2. After the deployment is complete, access the serial console of the VM, and from the console, log in with the following: username is "admin", and the password is the serial number.
  3. In the System Configuration window, use the down arrow key and select TCP/IP Configuration. Configure the following:
    1. WAN IP Address
    2. WAN Netmask
    3. Gateway Address
    4. Primary DNS Server
    5. Secondary DNS Server
  4. If the Internet can be accessed only through an explicit proxy, configure the proxy server using Proxy Server Configuration (Optional), so that it reaches the Internet for provisioning.
  5. Under Licensing enter your Barracuda License Token and Default Domain to complete provisioning. The appliance will reboot as a part of the provisioning process.
Virtual Machine Deployment for Amazon Web Services or Microsoft Azure
  1. Select the Barracuda Application Security Control Center - BYOL from the respective marketplaces and proceed to deploy the virtual machine.
  2. Ensure that the instance type has support for a minimum of 4 vCPU, for example, M4.XLarge.
  3. Bind the security group/network security group created for the deployment.
  4. Ensure that the virtual machine is provisioned with 1 NIC card only.
  5. Proceed to deploy the virtual machine with the steps normally followed to deploy an AMI / Azure VM.

Step 3. Accept the End User License Agreement and Verify Configuration

  1. Go to https://<ip address> to access the web interface.
  2. Read through the End User License Agreement. Scroll down to the end of the agreement.
  3. Enter the required information: Name, email address, and company (if applicable). Click Accept. You are redirected to the Login page.
Virtual Machine Deployment for Private Clouds
  1. Log into the Barracuda WAF Control Center Vx web interface with username admin and the password, which is either:
    1. The numeric part of the serial number if your Vx preboot version is 4.6.1 or higher. To find the preboot version, check the name of downloaded Vx image (zip file), which is something like BarracudaEmailSecurityGateway-p2-vm4.6.1-fw8.1.0.003-20200113-esx-vbox.zip. The text between "vm" and "-fw" in the file name is the preboot version. In this example, it is 4.6.1. The serial number of your Vx is in your invoice and in your VM setup email.
    2. The word "admin" if your Vx preboot version is below 4.6.1. For help finding the serial number of your virtual appliance, see Serial Number for Hardware and Virtual Appliances.
  2. Go to the BASIC > IP Configuration page and configure the following:
    1. Configure TCP/IP configuration.
    2. Verify that the primary and secondary DNS servers are correct in the DNS Configuration section.
    3. Enter Default Hostname and Default Domain (for example, <yourcompanydomain.com>) in the Domain Configuration. The Hostname will be used in reporting and the Default Domain is the domain for the system.

If you are planning to put the Barracuda WAF Control Center Vx in Offline mode, ensure you check the following:

  • All definitions are updated on the ADVANCED > Energize Updates page.
  • The Barracuda WAF Control Center Vx is on the latest Firmware Version on the ADVANCED > Firmware Update page.

The Barracuda WAF Control Center periodically connects to Barracuda Central to check for the availability of new Energize Updates. To receive new Energize Updates, ensure your Barracuda WAF Control Center is able to connect to the Internet to reach Barracuda Central.

Virtual Machine Deployment for Amazon Web Services or Microsoft Azure

  1. Open the browser and enter the elastic IP address with port 8000 for HTTP. No port is required for HTTPS. For example:
               For HTTP: http://<Public DNS>:8000 (Unsecured)
               For HTTPS: https://<Public DNS> (Secured)

    The Barracuda WAF Control Center is not accessible via HTTPS port while it is booting. Therefore, use only HTTP port to access the unit when booting. This displays the status of the unit, i.e., System Booting.

  2. After the boot process is complete, the Licensing page displays with the following options:
              Barracuda_Licensing.png
    1. I Already Have a License Token – Use this option to provision your Barracuda WAF Control Center with the license token you have already obtained from Barracuda Networks. Enter your Barracuda Networks Token and Default Domain to complete licensing, and then click Provision. The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. After the instance is provisioned, you are redirected to the login page.
    2. I Would Like to Purchase a License – Use this option to purchase the license token for the Barracuda WAF Control Center. Provide the required information in the form, accept the terms and conditions, and click Purchase. The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. After the instance is provisioned, you are redirected to the login page.
    3. I Would Like to Request a Free Evaluation – Use this option to get a 30-day free evaluation of the Barracuda WAF Control Center. Provide the required information in the form, accept the terms and conditions, and click Evaluate. The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. After the instance is provisioned, you are redirected to the login page.

  3. To log into the virtual machine:

    1. For AWS deployments, the Username is admin and the Password is the EC2 Instance ID.

    2. For Microsoft Azure deployments, the Username is admin and the Password is the string entered during the initial configuration.

Step 4. Update the Firmware

Click on the ADVANCED > Firmware Update page. If there is a new Latest General Release available, perform the following steps to update the system firmware:

  1. Click on the Download Now button located next to the firmware version that you wish to install. To view download progress, click on the Refresh button. When the download is complete, the Refresh button will be replaced by an Apply Now button.
  2. Click on the Apply Now button to install the firmware. This will take a few minutes to complete.
  3. After the firmware has been applied, the Barracuda WAF Control Center Vx will automatically reboot, displaying the login page when the system has come back up. 
  4. Log back into the web interface again and read the Release Notes to learn about enhancements and new features. It is also good practice to verify settings you may have already entered because new features may have been included with the firmware update.

Step 5. Verify Configuration and Change the Password

  1. Log into the Barracuda WAF Control Center web interface as the administrator:
    1. Username admin     
    2. PasswordInstance ID of your Barracuda WAF Control Center in Amazon Web Services.
  2. Go to the BASIC > Administration page and enter your old password, new password, and re-enter the new password. Click Save Password.

Step 6. Creating the Barracuda WAF Control Center Account Admin

The Barracuda WAF Control Center Account Admin creates user accounts and associates the Barracuda Web Application Firewall instances to the corresponding accounts. Refer the link: Accounts and Roles for more details on accounts and roles.

To create the Barracuda WAF Control Center Account Admin, first log into the web interface using the Barracuda WAF Control Center Administrator Account (admin/aws-instance-id), and the complete the listed steps:

  1. Go to the BASIC > Account Management page, and in the Account Creation section, enter the Account Name, Administrator Email Address, and select the Preferred Time Zone for the new account.
  2. Click Create Account. The account displays in the Account View table at the top of the page.
  3. A confirmation email containing the login credentials is sent to the administrator email address entered in Step 1 above. Use these credentials to log into the web interface to create users and assign permissions, connect devices, and view device status.