Barracuda Networks utilizes the public cloud for core functions of service such as support tunnel access and definitions and firmware updates. To use these Barracuda services effectively, customers must allow access from Barracuda appliances to Barracuda’s public cloud service. Such access is outbound only from the Barracuda appliance onsite to the public cloud. Resources from the public cloud cannot access the customer environment. Barracuda has implemented measures to ensure data transmission is secured.
The following services require outbound connections from all Barracuda appliances. Your specific Barracuda appliance might require additional connections.
Update Infrastructure (Definitions, Firmware, Patches, Provisioning)
- updates.cudasvc.com:80, 8000, 443
- cnt12.upd.cudasvc.com:80, 8000
- cnt13.upd.cudasvc.com:80, 8000
- cnt14.upd.cudasvc.com:80, 8000
- cnt15.upd.cudasvc.com:80, 8000
cnt20.upd.cudasvc.com:80, 8000
cnt21.upd.cudasvc.com:80, 8000
Support Tunnel Traffic
- term.cuda-support.com:22, 443, 8788
Backfeed Traffic
- backfeed.barracuda.com:443
airlockstatic.nap.aws.cudaops.com:80,443
airlock.nap.aws.cudaops.com:80, 443
Configuration Backups to the Cloud
- fttcp.prod.bac.barracudanetworks.com: 80, 8000, 23557, 48320
If you want to limit outbound connections from your appliances can use their company firewall to create a DNS allow list. Here is an example of how the Barracuda CloudGen Firewall does this using DNS Resolvable Network Objects.