It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Load Balancer ADC

Deployment Requirements

  • Last updated on

When you install the Barracuda Load Balancer ADC in your network, ensure that the following conditions are met:

  1. The VIP addresses are on the same subnet as the rest of the network; only the real servers are on the private, separate network.
  2. The servers need not be physically isolated and can share a switch with the rest of the network so long as the isolation condition is met.
  3. (Recommended) Each real server is "one hop" away from the port on the Barracuda Load Balancer ADC. Any relevant switches must be either directly connected to a port of the Barracuda Load Balancer ADC or connected to a series of switches that eventually reach the Barracuda Load Balancer ADC without going through any other machines.

If you must remotely administer real servers individually, you can create new services that each load balance only a single real server (so it acts as a NAT).

Multiple Network Adapters on Real Servers

Real servers that are on multiple networks simultaneously can break the route path. If possible, each real server must be logically isolated. All traffic going to each real server must go through the Barracuda Load Balancer ADC. Each real server must have only one IP address, which is their private, isolated IP address.

If a real server has more than one network adapter enabled, which gives traffic an alternate route around the Barracuda Load Balancer ADC, the deployment does not work properly even though it may appear to work initially. If your real servers have multiple network adapters, ensure that one of the following is true:

  • The networks that the real servers are on are isolated from each other and cannot access the WAN ( the network where incoming traffic arrives) without going through the Barracuda Load Balancer ADC. No network path can exist from the real servers to the client machines; if the real servers are also members of another network, this network must too be isolated and not connected in any way or through any other networks to the WAN network, including through the Internet.
  • Static routes for incoming and outgoing traffic for the IP address of each real server have been defined.

Open Network Address Ranges on Firewall

If your Barracuda Load Balancer ADC is located behind a network firewall, allow outbound traffic from the Barracuda Load Balancer ADC to the following Barracuda Networks destinations and the ports mentioned on the network firewall to ensure proper operation:

The following services require outbound connections from all Barracuda Networks appliances.

HostnamePortTCP/UDPDirectionPurpose
updates.cudasvc.com80, 8000, 443TCPOutboundUpdate Infrastructure (Definitions, Firmware, Patches, Provisioning) 
cnt12.upd.cudasvc.com80, 8000TCPOutbound
cnt13.upd.cudasvc.com80, 8000TCPOutbound
cnt14.upd.cudasvc.com80, 8000TCPOutbound
cnt15.upd.cudasvc.com80, 8000TCPOutbound
cnt20.upd.cudasvc.com80, 8000TCPOutbound
cnt21.upd.cudasvc.com80, 8000TCPOutbound
backfeed.barracuda.com443TCPOutboundBackfeed Traffic
airlockstatic.nap.aws.cudaops.com80, 443TCPOutbound
airlock.nap.aws.cudaops.com80, 443TCPOutbound
fttcp.prod.bac.barracudanetworks.com80, 8000, 23557, 48320TCPOutboundConfiguration Backups to the Cloud
term.cuda-support.com22, 443, 8788TCPOutboundSupport Tunnel Traffic