It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Best Practice - Hostname List for Barracuda Networks Online Services

  • Last updated on

Access to hosts and domains in the Barracuda Cloud is required for the proper operation of a Barracuda CloudGen Firewall or Control Center. Ensure that the proper ACLs are in place to allow access to these services:

Servers for determining the Timezone and the Location of a Firewall, Port 443

  • geoip.cudasvc.com

Telemetry Information - Different Ports

Telemetry information will be sent to:

  • backfeed.barracuda.com:443
  • airlockstatic.nap.aws.cudaops.com:80,443
  • airlock.nap.aws.cudaops.com:80,443
  • 3.18.232.73:80,443

Update Servers - Different Ports

  • updates.cudasvc.com:80, 8000, 443
  • cnt12.upd.cudasvc.com:80, 8000
  • cnt13.upd.cudasvc.com:80, 8000
  • cnt14.upd.cudasvc.com:80, 8000
  • cnt15.upd.cudasvc.com:80, 8000
  • cnt20.upd.cudasvc.com:80, 8000
  • cnt21.upd.cudasvc.com:80, 8000

These update servers deliver pattern updates for the following services and features: 

Download Servers - Port 443

  • dlportal.barracudanetworks.com
  • d.barracudanetworks.com

The download portal hosts all update packages, as well as hotfixes, and the associated tools and utilities used to run the CloudGen Firewall. The firewall queries the download portal for a list of available hotfixes and updates that match the firmware version.

For more information, see DASHBOARD General Page and Updating CloudGen Firewalls and Control Centers.

License Activation

License Activation Server - Port 443
  • bcc.barracudanetworks.com
  • api.bcc.barracudanetworks.com
  • ng-activation.cudasvc.com

Used to send license activation service, and to continuously poll for licenses available for the serial number associated with the firewall or Control Center.

For more information, see Licensing and Licensing CloudGen Firewalls in the Control Center.

License Activation for CloudGen WAN - Port 443
  • cloudgenwan-licensing.cudasvc.com
License Activation for IoT-Connect - Port 443
  • iotc-licensing.cudasvc.com
Licensing-related Pool Consumption Reporting - Port 8001
  • cgfw.brs.cudasvc.com

For more information, see CC Licensing Page.

Zero Touch Deployment - Port 443

  • ztd.barracudanetworks.com

The Control Center queries the list of available Zero Touch-enabled firewalls from this service and pushes the minimal configurations to the cloud service, pending retrieval from firewalls ordered with Zero Touch Deployment.

For more information, see Zero Touch Deployment.

Firewall Authentication Servers - Port 80

DescriptionURL
EU-CENTRAL1-AWS

auth.eucentral1.aws.svc.fusion.cudasvc.com

EU-WEST1-AWS

auth.euwest1.aws.svc.fusion.cudasvc.com

GSLB-GLOBAL

auth.svc.fusion.cudasvc.com

US-EAST1-AWS

auth.useast1.aws.svc.fusion.cudasvc.com

US-WEST1-AWS

auth.uswest1.aws.svc.fusion.cudasvc.com

Alternatively, you can also use the URL string *.fusion.cudasvc.com .

ATP Servers - Port 443

Barracuda ATP cloud services. If ATP is enabled, the firewall uploads files to be scanned via ATP to these services.

DescriptionURL
AP-NORTHEAST1-AWS

api-apnortheast1-aws.batd.cudasvc.com

AP-SOUTH1-AWS

api-apsouth1-aws.batd.cudasvc.com

AP-SOUTHEAST1-AWS

api-apsoutheast1-aws.batd.cudasvc.com

AP-SOUTHEAST2-AWS

api-apsoutheast2-aws.batd.cudasvc.com

CA-CENTRAL1-AWS

api-cacentral1-aws.batd.cudasvc.com

EU-CENTRAL1-AWS

api-eucentral1-aws.batd.cudasvc.com

EU-WEST1-AWS

api-euwest1-aws.batd.cudasvc.com

US-EAST2-AWS

api-useast2-aws.batd.cudasvc.com

US-WEST1-AWS

api-uswest1-aws.batd.cudasvc.com

Alternatively, you can also use the URL string *.batd.cudasvc.com .

For more information on ATP, see Advanced Threat Protection (ATP).

Web Categorization Service (WCS) - Port 443

DescriptionURL
AP-NORTHEAST1-AWS

api.apnortheast1.aws.wcs.cudasvc.com

AP-SOUTHEAST2-AWS

api.apsoutheast2.aws.wcs.cudasvc.com

EU-CENTRAL1-AWS

api.eucentral1.aws.wcs.cudasvc.com

EU-WEST1-AWS

api.euwest1.aws.wcs.cudasvc.com

US-EAST1-AWS

api.useast1.aws.wcs.cudasvc.com

US-WEST1-AWS-AWS

api.uswest1.aws.wcs.cudasvc.com

Alternatively, you can also use the URL string *.wcs.cudasvc.com .

Barracuda online URL categorization services are used by the Barracuda URL Filter in the firewall.

For more information, see URL Filtering in the Firewall.

Authentication

Sync to Trust Zone – TCP port 845.

TSClient – TCP port 5050.

DNS Block List - Port 443

  • b.barracudacentral.org

If the DNS block listing is configured, the firewall checks the hostnames in the DNS queries against this online service.

For more information, see Botnet and Spyware Protection in the Firewall.

Link Protection - Port 443

DescriptionURL
AP-NORTHEAST2-AWS

linkprotect.apnortheast1.aws.cudaops.com

AP-SOUTHEAST2-AWS

linkprotect.apsoutheast2.aws.cudaops.com

EU-CENTRAL1-AWS

linkprotect.eucentral1.aws.cudaops.com

EU-WEST1-AWS

linkprotect.euwest1.aws.cudaops.com

US-EAST1-AWS

linkprotect.useast1.aws.cudaops.com

US-WEST1-AWS

linkprotect.uswest1.aws.cudaops.com

If the Mail Security in the Firewall and Link Protection is configured, the firewall checks the hostnames in the DNS queries against this online service.

For more information, see How to Configure Link Protection for Mail Security in the Firewall.

CloudGen WAN - Port 443

  • cloudgenwan-configuration.cudasvc.com
  • cloudgenwan-status.cudasvc.com

AWS / Azure and Google Cloud APIs

Firewalls and Control Centers deployed to the public cloud use API calls for Cloud Integration features.

For more information, see Public Cloud.

Public Cloud Data Center Network Objects

To fill network objects with up-to-date IP ranges used by Azure and AWS data centers, the firewall queries these two services.

For more information, see How to Configure Network Objects for AWS and Azure Datacenter Networks.