Before migrating your Barracuda NextGen Firewall F-Series to 7.0.x, review the requirements and changes listed in the following sections. Some changes applied during the migration might require you to make preparations before the update or extra configurations after the update.
Migration Path to 7.0
You can upgrade to firmware 7.0 from the following firmware versions:
| Current version | Target version | ||||
|---|---|---|---|---|---|
| 7.0.0 | 7.0.1 | 7.0.2 | 7.0.3 | 7.0.4 | |
| 6.0.0 - 6.0.5 | Yes | Yes | Yes | Yes | Yes |
| 6.0.6 | No | Yes | Yes | Yes | Yes |
| 6.0.7 | No | No | Yes | Yes | Yes |
| 6.1.0 - 6.1.3 | Yes | Yes | Yes | Yes | Yes |
| 6.2.0 - 6.2.1 | Yes | Yes | Yes | Yes | Yes |
| 6.2.2 | No | Yes | Yes | Yes | Yes |
| 6.2.3 | No | No | Yes | Yes | Yes |
| 6.2.4 | No | No | No | No | Yes |
Direct updating from firmware 5.x to 7.0.x is not possible.
For more information, see Migrating from 5.4.x to 6.0.x.
Review Upgrade Requirements
Verify that your Barracuda NextGen Firewall F-Series or Barracuda NextGen Control Center meets the upgrade requirements.
Supported Models
You can upgrade the following NextGen Firewall F-Series models to 7.x:
Barracuda NextGen F-Series and Control Center Models | ||
|---|---|---|
Hardware Systems |
F10 Rev A/B, F15 Rev.A/B, F18 Rev A, F80 Rev A, F82 Rev. A, F100 Rev A/B, F101 Rev A/B, F180 Rev A, F183 Rev A, F183R Rev A, F200 Rev A/B/C, F201 Rev A/B/C, F280 Rev A/B, F300 Rev A/B, F301 Rev A/B, F380 Rev A , F400 Rev A/B, F600 Rev A/B/C , F800 Rev A/B/C, F900 Rev A/B, F1000 Rev A, C 400, C610 |
|
| Virtual Systems | VF10, VF25, VF50, VF100, VF250, VF500, VF1000, VF2000, VF4000, VF8000, VC400, VC610, VC820, VFAC400, VFAC610, VFAC820 |
|
| Public Cloud | AWS, Azure, Google Cloud | |
Standard Hardware Systems | ||
|---|---|---|
| Standard Hardware | A standard hardware system is a Barracuda NextGen Firewall F-Series running on 3rd-party server hardware using an SF license. Consult the Barracuda Networks Technical Support to find out if your specific standard hardware is supported. |
|
Disk Space Requirements
To upgrade a system to version 7.0, you must have at least 50 MB of free space in the /boot/ partition and at least 2.1 GB in the / (root) partition. If you are upgrading an F10 Rev B, F100, F100 Rev B, F101, or F101 Rev B, verify that enough disk space is available:
To free up disk space, download the following cleanup script, and apply it via remote execution to centrally managed firewalls. For standalone firewalls, the script can be executed locally on firewall.
- Block the Virus Scanner service.
-
Download the Barracuda Cleanup Script for F10, F15, F100 models. Deploy it via remote execution to centrally managed firewalls. Alternatively run the commands manually in the command line interface.
Upgrading a High Availability (HA) Cluster Without Upgrading its HA Partner
If you are upgrading a firewall in a high availability (HA) cluster without upgrading its partner, you must re-synchronize both firewalls:
- Go to FIREWALL > Live > Show Proc.
- Select the Sync Handler process and select Kill Selected.
The process is automatically restarted after a couple of seconds, and the primary and secondary unit automatically synchronize their sessions.
Barracuda NextGen Admin
After updating a system, you must also download NextGen Admin with the same version. NextGen Admin is backward-compatible. That means you can manage 5.2.x, 5.4.x, 6.x, and 7.x F-Series Firewalls and Control Centers with NextGen Admin 7.0.4.
Migration Instructions for 7.0.2 / 7.0.3 / 7.0.4
When upgrading according to the migration path above, you must complete the migration steps listed below. If you are updating from an earlier version, you must also complete the migration steps for 7.0.0 and 7.0.1 .
First-Generation ATP to Second-Generation Barracuda ATP Cloud Migration
As of January 31, 2019, the first-generation ATP cloud services used by default with firmware versions 6.2.x, 7.0.x, 7.1.0, 7.1.1, and 7.2.0 will be discontinued. Firewalls using ATP must switch to the second-generation ATP cloud service, which is known as Barracuda Advanced Threat Protection (BATP).
The following table gives an overview of the options you have when you run a special firmware version:
Product |
Your Current Firmware Version |
Migrating Option |
|---|---|---|
| Stand-alone Box or Manged Box |
6.x ... 7.0.x |
Firmware 7.0.x is end-of-support in December 2018! Update to the latest 7.1.x or 7.2.x releases, which are using BATP, without the need for further changes. |
Enable Box Activation Daemon on Stand-Alone NextGen Firewalls
On stand-alone NextGen Firewalls, go to the CONFIGURATION > Configuration Tree > Box > Box Properties page and, in the left menu, click Operational. Set the Box Activation Daemon to yes for the firewall to continuously update the licenses with the newest version available from the Barracuda licensing servers. You no longer need to log in via NextGen Admin to renew the licenses on your firewall. This does not apply to NextGen Control Centers or managed firewalls.
Migration Instructions for 7.0.1
No manual migration steps are required to update to firmware version 7.0.1 from 7.0.0. If you are updating from an earlier version, you must also complete the migration steps for 7.0.0.
Migration Instructions for 7.0.0
When upgrading according to the migration path above, you must complete the migration steps listed below:
Legacy Application Control
Layer 7 Application Control is discontinued for firmware 7.0 and higher. Migrate from legacy Layer 7 Application Control to Application Control before updating to 7.0.0.
For more information, see Application Control.
Port Protocol Protection
When updating to 7.0.0, applications are removed from the port protocol protection list.
For more information, see How to Configure Port Protocol Protection .
Firewall Feature Level
When updating to 7.0.0, the feature level of the firewall is automatically set to 7.0.0. Downgrading to a lower Firewall feature level is no longer possible.
Connection Objects
Connection objects using the legacy Explicit IP 0.0.0.0 notation for Proxy Dyn must be reconfigured to use Dynamic NAT.
For more information, see Connection Objects.
Control Center
7.0.0 Control Centers can no longer manage firewalls using firmware 5.0.x Update clusters and their managed firewalls to cluster release 5.2 or higher before updating the Control Center to 7.0.0.
For more information, see Updating F-Series Firewalls and Control Centers.
SSL VPN
Due to Oracle's announcement to deprecate the Java browser plugin, and the removal of the Java plugin from many modern browsers, the following SSL VPN services are migrated for 7.0.0. SSL VPN features using CudaLaunch require a Remote Access Premium subscription.
- Deprecated myNetwork, the Java Applet-based transparent VPN client. Use the Barracuda Network Access Client instead.
- Java Applet-based tunnels have moved from the SSL VPN web portal to CudaLaunch generic tunnels to remove dependency on Java Applets.
- Java Applet-based Remote Desktop (RDP) applications have moved from the SSL VPN Web Portal to CudaLaunch to remove dependency on Java Applets.
- Java Applet-based SSH resources have moved from the SSL VPN Web Portal to CudaLaunch generic tunnels to remove dependency on Java Applets.
For more information, see SSL VPN Native Apps, SSL VPN Network Places, and VPN Client & Network Access Client.
Step 3. Start the Update
You can now update the NextGen Firewall F or NextGen Control Center.
For more information, see Updating F-Series Firewalls and Control Centers .