It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

10.0.0 Migration Notes

  • Last updated on

Before You Begin

  • The information contained in this article applies insofar as it was not already taken into account in the 9.0.4 migration notes.

  • The following instructions apply both to firewalls and Control Centers.

Syslog Streaming from Managed Boxes to the Control Center using TLS

As of firmware release 10.0, if you are using syslog streaming, you no longer can use SSLv3. You must use TLS 1.2 instead.

To continue syslog streaming from managed 8.x/9.x boxes to the Control Center, you must perform the following steps for each managed box:

  1. Log into your Control Center at CC level.

  2. Create a 2048-bit box certificate for every managed box that is using syslog streaming with TLS.

  3. Copy the new box certificate to the clipboard.

  4. Log into the Control Center at box level.

  5. Go to CONFIGURATION > Config Tree > your range > your cluster > your box > Assigned Service > CC-Syslog-Service > CC Syslog Service > Trusted Data Reception.

  6. Click Lock.

  7. For TLS Protocol, select TLS 1.2 from the menu list.

  8. For Trusted Clients, replace the old box certificate with the new one in your clipboard.

  9. Click Send Changes/Activate.

Barracuda Firewall Admin

After updating a system, you must also download Firewall Admin with the same version. Firewall Admin is backward-compatible. That means you can manage 8.x and 9.x F-Series Firewalls and Control Centers with Firewall Admin 10.x.

Always use the latest version of Barracuda Firewall Admin!

For downloading Barracuda Firewall Admin for release 10.0.0, use this link: https://dlportal.barracudanetworks.com/#/packages/6190/FirewallAdmin_10.0.0-138.exe.

Supported Models for Firmware Version 10.0.0

The following models are capable of running firmware version 10.0.0:

Barracuda CloudGen F-Series and Control Center Models

Hardware Systems

F12 Rev A, F18 Rev A/B, F80 Rev A/B, F82 Rev A, F93 Rev A, F180 Rev A/B, F183 Rev A, F183R Rev A, F193 Rev A, F280 Rev B/C, F380 Rev A/B, F400 Rev B/C, F600 Rev C/D, F800 Rev C/D, F900 Rev B/C, F1000 Rev A/B

Virtual Systems

VF10, VF25, VF50, VF100, VF250, VF500, VF1000, VF2000, VF4000, VF8000, VC400, VC610, VC820

Virtual and Cloud Systems

VFC1, VFC2, VFC4, VFC6, VFC8, VFC16, VFC48 (model number represents number of supported cores)

WWAN USB Modems

M40, M41, M42

Secure Connectors

SC20a, SC21a, SC22a, SC23a, SC24a/b, SC25a/b, SC26a, SC27a, SC28a, SC29a, SC30a, SC31a, SC34a, SC35a

FSC20A, FSC21A, FSC24B, FSC25B, FSC30A, FSC31A, FSC34A, FSC35A

Public Cloud

AWS, Azure, Google Cloud

Virtual Platforms

VM-Ware, Hyper-V, XEN, KVM (Proxmox running with KVM images)

Standard Hardware Systems

Standard Hardware

A standard hardware system is a Barracuda CloudGen Firewall F-Series running on 3rd-party server hardware using an SF license. Consult Barracuda Networks Technical Support to find out if your specific standard hardware is supported.

Disk Space Requirements

Upgrading to version 10.0.0 requires your disk partitions to have enough free disk space. Firmware 10.0.0 requires the following partition spaces:

Disk Space Requirements FIREWALL

Hard Drive Partition

Disk Space Required

swap

2 GB

boot

1 GB

/

15 GB

/phion0

4 GB

/art

3 GB

Disk Space Requirements CONTROL CENTER

Hard Drive Partition

Disk Space Required

swap

2 GB

boot

1 GB

/

15 GB

/phion0

4 GB

/art

10 GB

Migration Path to 10.0.0

Depending on your current firmware version, there are 2 options for migrating to firmware version 10.0.0:

Current Operating Firmware

Update via

Target Firmware

8.x

9.0.4

10.0.0

9.0.x

-> DIRECTLY ->

10.0.0

If you are running firmware version 8.x on your appliance, you must first migrate to version 9.0.4.

For more information on how to migrate to firmware 9.0.4, see 9.0.4 Migration Notes.

Important Note before Upgrading to Release 10.0.0

The migration process to firmware version 10.0.0 will perform a large number of checks before the upgrade starts.

Migrating to firmware 10.0.0 will not be possible if one of the following conditions apply:

  • If the CPU does not support microarchitecture levels (i.e., x86-64-2), the upgrade is inhibited. For example, old ESXi versions lower than 6.7 will not be supported!

  • If the appliance is being managed by the Web UI, the upgrade is inhibited.

  • Unsupported hardware.

  • If the appliance is on legacy 3-layer architecture, the upgrade is inhibited.

  • If the appliance is on Azure and has a custom storage layout, the upgrade is inhibited.

  • If the appliance is on AWS EC2 and repartitioning is required, the upgrade is inhibited.

  • If the appliance is a CC, the upgrade is inhibited in the presence of:

    • Unsupported cluster releases <= 7.2

    • FW Audit Log service

    • PKI service

If any subsequent changes have been made to routes that were automatically generated from shared or static networks, those routes must be created manually after the update, and the automatically generated routes must be disabled!

Migration Instructions for 10.0.0

If Migrating from Version 8.x

First migrate your firmware to 9.0.4 according to 9.0.4 Migration Notes.

Afterwards, continue as follows:

Migrate to Version 10.0.0

Download the appropriate download file.

If Migrating from Version 9.0.4 to 10.0.0

  1. Go to the download portal https://dlportal.barracudanetworks.com/#/packages/6189/update.GWAY-10.0.0-0993.tgz.

  2. Download the update package.

Note that due to the significant content updates in firmware version 10.0.0, the migration process will take at least 45 minutes for an F12!

Start the Update

You can now update the CloudGen Firewall or Control Center.

For more information, see Updating CloudGen Firewalls and Control Centers.