Required Outbound Connections for Barracuda Networks Appliances

Barracuda Networks utilizes the public cloud for core functions of service such as support tunnel access and definitions and firmware updates. To use these Barracuda Networks services effectively, customers must allow access from Barracuda Networks appliances to Barracuda’s public cloud service. Such access is outbound only from the Barracuda Networks appliance onsite to the public cloud. Resources from the public cloud cannot access the customer environment. Barracuda Networks has implemented measures to ensure data transmission is secured.

The following services require outbound connections from all Barracuda Networks appliances. Your specific Barracuda Networks appliance might require additional connections. For example, for the Barracuda Email Security Gateway, see Step 3 - Initial Configuration for additional specific ports to open.

Update Infrastructure (Definitions, Firmware, Patches, Provisioning)

• updates.cudasvc.com:80, 8000, 443

• cnt12.upd.cudasvc.com:80, 8000

• cnt13.upd.cudasvc.com:80, 8000

• cnt14.upd.cudasvc.com:80, 8000

• cnt15.upd.cudasvc.com:80, 8000

• cnt20.upd.cudasvc.com:80, 8000

• cnt21.upd.cudasvc.com:80, 8000

Support Tunnel Traffic

• term.cuda-support.com:22, 443, 8788

Backfeed Traffic

• backfeed.barracuda.com:443

• airlockstatic.nap.aws.cudaops.com:80,443

• airlock.nap.aws.cudaops.com:80, 443

Configuration Backups to the Cloud

• fttcp.prod.bac.barracudanetworks.com: 80, 8000, 23557, 48320

If you want to limit outbound connections from your appliances can use their company firewall to create a DNS allow list. Here is an example of how the Barracuda CloudGen Firewall does this using Hostname (DNS Resolvable) Network Objects.