Before migrating your Barracuda NextGen Firewall F-Series to 7.1.4, review the requirements and changes listed in the following sections. Some changes applied during the migration might require you to make preparations before the update or extra configurations after the update.
Migration Path to 7.1.4
You can upgrade to firmware 7.1.4 from the following firmware versions:
Current Version | Target Version |
---|---|
7.1.4 | |
6.0.0 - 6.0.7 | Yes |
6.1.0 - 6.1.3 | Yes |
6.2.0 - 6.2.4 | Yes |
7.0.0 - 7.0.4 | Yes |
7.1.0 - 7.1.2 | Yes |
7.1.2 - 7.1.3 | Yes |
Direct updating from firmware 5.x to 7.1.x is not possible.
For more information, see Migrating from 5.4.x to 6.0.x.
Review Upgrade Requirements
Verify that your NextGen Firewall F-Series or NextGen Control Center meets the upgrade requirements, and read the release notes for the firmware version.
Supported Models
You can upgrade the following NextGen Firewall F-Series models to 7.1.4:
Barracuda NextGen F-Series and Control Center Models | ||
---|---|---|
Hardware Systems |
F10 Rev B, F12, F15 Rev A/B, F18 Rev A, F80 Rev A, F82 Rev A, F100 Rev B, F101 Rev B, F180 Rev A, F183 Rev A, F183R Rev A, F200 Rev C, F201 Rev C, F280 Rev A/B, F300 Rev B, F301 Rev B, F380 Rev A, F400 Rev B, F600 Rev A/B/C, F800 Rev B/C, F900 Rev A/B, F1000 Rev A, C400, C610 |
|
Virtual Systems | VF10, VF25, VF50, VF100, VF250, VF500, VF1000, VF2000, VF4000, VF8000, VC400, VC610, VC820, VFAC400, VFAC610, VFAC820 |
|
Public Cloud | AWS, Azure, Google Cloud |
Standard Hardware Systems | ||
---|---|---|
Standard Hardware | A standard hardware system is a Barracuda NextGen Firewall F-Series running on 3rd-party server hardware using an SF license. Consult the Barracuda Networks Technical Support to find out if your specific standard hardware is supported. |
Disk Space Requirements
To upgrade a system to version 7.1.4, you must have at least 50 MB of free space in the /boot/ partition and at least 2.1 GB in the / (root) partition. If you are upgrading an F10 Rev B, F100, F100 Rev B, F101, or F101 Rev B, verify that enough disk space is available:
To free up disk space, complete the following steps before updating:
- Block the Virus Scanner service.
-
Download the Barracuda Cleanup Script for F10, F15, F100 models. Deploy it via remote execution to centrally managed firewalls. Alternatively run the commands manually in the command line interface.
Upgrading One Firewall in a High Availability Cluster
If you are upgrading a firewall in a high availability (HA) cluster without upgrading its partner, you must re-synchronize the firewalls:
- Go to FIREWALL > Live > Show Proc.
- Select the Sync Handler process and select Kill Selected.
The process is automatically restarted after a couple of seconds, and the primary and secondary firewalls automatically synchronize their sessions.
Barracuda NextGen Admin
After updating a system, you must also download NextGen Admin with the same version. NextGen Admin is backward-compatible. That means you can manage 6.x and 7.x F-Series Firewalls and Control Centers with NextGen Admin 7.1.4.
You can download NextGen Admin 7.1.4 at the download portal, Barracuda NextGen Admin.
Migration Instructions for 7.1.4
When upgrading according to the migration path above, you must complete the migration steps listed below:
First-Generation ATP to Second-Generation Barracuda ATP Cloud Migration
As of January 31, 2019, the first-generation ATP cloud services used by default with firmware versions 6.2.x, 7.0.x, 7.1.0, 7.1.1, and 7.2.0 will be discontinued. Firewalls using ATP must switch to the second-generation ATP cloud service, which is known as Barracuda Advanced Threat Protection (BATP).
The following table gives an overview of the options you have when you run a special firmware version:
Product |
Your Current Firmware Version |
Migrating Option |
---|---|---|
Stand-alone Box or Manged Box |
6.x ... 7.0.x |
Firmware 7.0.x is end-of-support in December 2018! Update to the latest 7.1.x or 7.2.x releases, which are using BATP, without the need for further changes. |
Stand-alone Box | 7.1.0, 7.1.1, 7.2.0 |
Update to the latest 7.1.x or 7.2.x releases, which are using BATP, without the need for further changes. If you cannot update your standalone box(es) to the latest releases, you can also migrate manually. |
Control Center |
CC: 7.1.0, 7.1.1, 7.2.0 and Box: 7.1.0, 7.1.1, 7.2.0 |
Update your managed boxes via the Control Center to the latest firmware release. |
Control Center |
CC: 7.1.2, 7.2.1 or newer and Box: 7.1.0, 7.1.1, 7.2.0 |
If you cannot update your managed box(es) to the latest release, contact the Barracuda Networks Support Team. |
Stand-alone Box Managed Box |
7.1.2 or newer 7.2.1 or newer |
These firmware versions already support BATP. No changes are necessary. |
How to Migrate Boxes with 7.1.0, 7.1.1, and 7.2.0 to BATP
Step 1. Enable Expert Settings in Barracuda Firewall Admin
For more information, see Barracuda Firewall Admin Settings.
Step 2. Enable the BATP Cloud service
Enabling BATP cloud service disconnects your firewall from the first-generation ATP service and connects it to the second-generation Barracuda ATP Cloud.
- Log into your firewall.
- Go to CONFIGURATION > Configuration Tree > your virtual server > Assigned Services > AV (Virus Scanner) > Virus Scanner Settings.
- In the left menu, click ATP.
- Click Lock.
- In the ATP Cloud Communication section, select the check box Enable BATP Cloud.
- Click Send Changes.
- Click Activate.
Your firewall now is connected to the second-generation Barracuda ATP Cloud service.
SSL VPN, NAC, and SSL VPN Authentication
SSL VPN Authentication and NAC are automatically migrated into the Default Access Control Policy.
For more information see How to Configure Access Control Policies for Multi-Factor and Multi-Policy Authentication.
ECDSA SSH Key
Depending on the cipher preferred by the SSH client, you may be prompted to accept the new ECSDA key.
Migration for Applications using the SCADA Application Object
Existing application rules using the SCADA application object are automatically migrated to the SCADA (legacy) application object. To use the new SCADA protocol support, the new application objects must be selected.
For more information, see How to Configure Application Rules Matching SCADA Protocols.
Start the Update
You can now update the NextGen Firewall F or NextGen Control Center.
For more information, see Updating F-Series Firewalls and Control Centers.