It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

7.1.4 Migration Notes

  • Last updated on

Before migrating your Barracuda NextGen Firewall F-Series to 7.1.4, review the requirements and changes listed in the following sections. Some changes applied during the migration might require you to make preparations before the update or extra configurations after the update. 

Migration Path to 7.1.4

You can upgrade to firmware 7.1.4 from the following firmware versions:

Current Version Target Version
  7.1.4
6.0.0 - 6.0.7 Yes
6.1.0 - 6.1.3 Yes
6.2.0 - 6.2.4 Yes
7.0.0 - 7.0.4 Yes
7.1.0 - 7.1.2 Yes
7.1.2 - 7.1.3 Yes

Direct updating from firmware 5.x to 7.1.x is not possible.

For more information, see Migrating from 5.4.x to 6.0.x.

Read the Release Notes, especially the Known Issues section, for the firmware version that you want to update to.

For more information, see  7.1.4 Release Notes.

Review Upgrade Requirements 

Verify that your NextGen Firewall F-Series or NextGen Control Center meets the upgrade requirements, and read the release notes for the firmware version.

Supported Models

You can upgrade the following NextGen Firewall F-Series models to 7.1.4:

Barracuda NextGen F-Series and Control Center Models

Hardware Systems

F10 Rev B, F12, F15 Rev A/B, F18 Rev A, F80 Rev A, F82 Rev A, F100 Rev B, F101 Rev B, F180 Rev A, F183 Rev A, F183R Rev A, F200 Rev C, F201 Rev C, F280 Rev A/B, F300 Rev B, F301 Rev B, F380 Rev A, F400 Rev B, F600 Rev A/B/C, F800 Rev B/C, F900 Rev A/B, F1000 Rev A, C400, C610

Virtual Systems

VF10, VF25, VF50, VF100, VF250, VF500, VF1000, VF2000, VF4000, VF8000, VC400, VC610, VC820, VFAC400, VFAC610, VFAC820

Public Cloud AWS, Azure, Google Cloud

Standard Hardware Systems

Standard Hardware

A standard hardware system is a Barracuda NextGen Firewall F-Series running on 3rd-party server hardware using an SF license. Consult the Barracuda Networks Technical Support to find out if your specific standard hardware is supported.

Disk Space Requirements

To upgrade a system to version 7.1.4, you must have at least 50 MB of free space in the /boot/ partition and at least 2.1 GB in the / (root) partition. If you are upgrading an F10 Rev B, F100, F100 Rev B, F101, or F101 Rev B, verify that enough disk space is available:

flash_free_disk_space.png

To free up disk space, complete the following steps before updating:

Upgrading One Firewall in a High Availability Cluster

If you are upgrading a firewall in a high availability (HA) cluster without upgrading its partner, you must re-synchronize the firewalls: 

  1. Go to FIREWALL > Live > Show Proc.
  2. Select the Sync Handler process and select Kill Selected.
    The process is automatically restarted after a couple of seconds, and the primary and secondary firewalls automatically synchronize their sessions.
Barracuda NextGen Admin

After updating a system, you must also download NextGen Admin with the same version. NextGen Admin is backward-compatible. That means you can manage 6.x and 7.x F-Series Firewalls and Control Centers with NextGen Admin 7.1.4.

Always use the latest version of Barracuda NextGen Admin.

You can download NextGen Admin 7.1.4 at the download portal, Barracuda NextGen Admin.

Migration Instructions for 7.1.4

When upgrading according to the migration path above, you must complete the migration steps listed below:

First-Generation ATP to Second-Generation Barracuda ATP Cloud Migration

As of January 31, 2019, the first-generation ATP cloud services used by default with firmware versions 6.2.x, 7.0.x, 7.1.0, 7.1.1, and 7.2.0 will be discontinued. Firewalls using ATP must switch to the second-generation ATP cloud service, which is known as Barracuda Advanced Threat Protection (BATP).

The following table gives an overview of the options you have when you run a special firmware version:

Product
Your Current
Firmware Version
Migrating Option
Stand-alone Box
or
Manged Box
6.x ... 7.0.x

Firmware 7.0.x is end-of-support in December 2018!

Update to the latest 7.1.x or 7.2.x releases, which are using BATP, without the need for further changes.
For more information, see How to Install Updates via NextGen Admin on campus.barracuda.com.

Stand-alone Box

7.1.0, 7.1.1, 7.2.0

Update to the latest 7.1.x or 7.2.x releases, which are using BATP, without the need for further changes.
For more information, see How to Install Updates via NextGen Admin on campus.barracuda.com.

If you cannot update your standalone box(es) to the latest releases, you can also migrate manually.
For more information, see How to Migrate Boxes with 7.1.0, 7.1.1 and 7.2.0 to BATP below.

Control Center
with
Managed Box

CC: 7.1.0, 7.1.1, 7.2.0
and
Box: 7.1.0, 7.1.1, 7.2.0

Update your managed boxes via the Control Center to the latest firmware release.
For more information, see How to Update Control Center-Managed Standalone CloudGen Firewalls.

If you cannot update your managed box(es) to the latest releases, you can also migrate manually.
For more information, see How to Migrate Boxes with 7.1.0, 7.1.1 and 7.2.0 to BATP below.

Control Center
with
Managed Box

CC: 7.1.2, 7.2.1 or newer
and
Box: 7.1.0, 7.1.1, 7.2.0
If you cannot update your managed box(es) to the latest release, contact the Barracuda Networks Support Team.
Stand-alone Box
Managed Box
7.1.2 or newer
7.2.1 or newer
These firmware versions already support BATP. No changes are necessary.
How to Migrate Boxes with 7.1.0, 7.1.1, and 7.2.0 to BATP

Step 1. Enable Expert Settings in Barracuda Firewall Admin

For more information, see Barracuda Firewall Admin Settings.

Step 2. Enable the BATP Cloud service

Enabling BATP cloud service disconnects your firewall from the first-generation ATP service and connects it to the second-generation Barracuda ATP Cloud.

  1. Log into your firewall.
  2. Go to CONFIGURATION > Configuration Tree > your virtual server > Assigned Services > AV (Virus Scanner) > Virus Scanner Settings.
  3. In the left menu, click ATP.
  4. Click Lock.
  5. In the ATP Cloud Communication section, select the check box Enable BATP Cloud.
    migrate_to_batp_enable_batp_cloud.png
  6. Click Send Changes.
  7. Click Activate.

Your firewall now is connected to the second-generation Barracuda ATP Cloud service.

SSL VPN, NAC, and SSL VPN Authentication

SSL VPN Authentication and NAC are automatically migrated into the Default Access Control Policy.

For more information see How to Configure Access Control Policies for Multi-Factor and Multi-Policy Authentication.

ECDSA SSH Key

Depending on the cipher preferred by the SSH client, you may be prompted to accept the new ECSDA key.

authentication_check.png

Migration for Applications using the SCADA Application Object

Existing application rules using the SCADA application object are automatically migrated to the SCADA (legacy) application object. To use the new SCADA protocol support, the new application objects must be selected.

For more information, see How to Configure Application Rules Matching SCADA Protocols.

Start the Update

You can now update the NextGen Firewall F or NextGen Control Center.

For more information, see Updating F-Series Firewalls and Control Centers.