Access to hosts and domains in the Barracuda Cloud is required for the proper operation of a Barracuda CloudGen Firewall or Control Center. Ensure that the proper ACLs are in place to allow access to these services:
Servers for determining the Timezone and the Location of a Firewall, Port 443
- geoip.cudasvc.com
Telemetry Information - Different Ports
Telemetry information will be sent to:
- backfeed.barracuda.com:443
- airlockstatic.nap.aws.cudaops.com:80,443
- airlock.nap.aws.cudaops.com:80,443
- 3.18.232.73:80,443
Update Servers - Different Ports
- updates.cudasvc.com:80, 8000, 443
- cnt12.upd.cudasvc.com:80, 8000
- cnt13.upd.cudasvc.com:80, 8000
- cnt14.upd.cudasvc.com:80, 8000
- cnt15.upd.cudasvc.com:80, 8000
- cnt20.upd.cudasvc.com:80, 8000
- cnt21.upd.cudasvc.com:80, 8000
These update servers deliver pattern updates for the following services and features:
- IPS Patterns – For more information, see Intrusion Prevention System (IPS).
- Avira and ClamAV Virus Scanning Patterns – For more information, see Virus Scanner.
- Application Control Definitions – For more information, see Application Control.
- SSL VPN Templates – For more information, see SSL VPN.
- File Content Patterns – For more information, see File Content Filtering in the Firewall.
- User Agent Definitions – For more information, see User Agent Filtering in the Firewall.
- Geolocation Database Updates
- Spyware and Botnet Protection DNS Block List – For more information, see Botnet and Spyware Protection in the Firewall.
- Reports Definitions – For more information, see Barracuda Firewall Insights.
- Security Definitions – For more information, see Barracuda Firewall Insights.
Download Servers - Port 443
- dlportal.barracudanetworks.com
- d.barracudanetworks.com
The download portal hosts all update packages, as well as hotfixes, and the associated tools and utilities used to run the CloudGen Firewall. The firewall queries the download portal for a list of available hotfixes and updates that match the firmware version.
For more information, see DASHBOARD General Page and Updating CloudGen Firewalls and Control Centers.
License Activation
License Activation Server - Port 443
- bcc.barracudanetworks.com
- api.bcc.barracudanetworks.com
- ng-activation.cudasvc.com
Used to send license activation service, and to continuously poll for licenses available for the serial number associated with the firewall or Control Center.
For more information, see Licensing and Licensing CloudGen Firewalls in the Control Center.
License Activation for CloudGen WAN - Port 443
- cloudgenwan-licensing.cudasvc.com
License Activation for IoT-Connect - Port 443
- iotc-licensing.cudasvc.com
Licensing-related Pool Consumption Reporting - Port 8001
- cgfw.brs.cudasvc.com
For more information, see CC Licensing Page.
Zero Touch Deployment - Port 443
- ztd.barracudanetworks.com
The Control Center queries the list of available Zero Touch-enabled firewalls from this service and pushes the minimal configurations to the cloud service, pending retrieval from firewalls ordered with Zero Touch Deployment.
For more information, see Zero Touch Deployment.
Firewall Authentication Servers - Port 80
| Description | URL |
|---|---|
| EU-CENTRAL1-AWS | |
| EU-WEST1-AWS | |
| GSLB-GLOBAL | |
| US-EAST1-AWS | |
| US-WEST1-AWS |
Alternatively, you can also use the URL string *.fusion.cudasvc.com .
ATP Servers - Port 443
Barracuda ATP cloud services. If ATP is enabled, the firewall uploads files to be scanned via ATP to these services.
| Description | URL |
|---|---|
| AP-NORTHEAST1-AWS | |
| AP-SOUTH1-AWS | |
| AP-SOUTHEAST1-AWS | |
| AP-SOUTHEAST2-AWS | |
| CA-CENTRAL1-AWS | |
| EU-CENTRAL1-AWS | |
| EU-WEST1-AWS | |
| US-EAST2-AWS | |
| US-WEST1-AWS |
Alternatively, you can also use the URL string *.batd.cudasvc.com .
For more information on ATP, see Advanced Threat Protection (ATP).
Web Categorization Service (WCS) - Port 443
| Description | URL |
|---|---|
| AP-NORTHEAST1-AWS | |
| AP-SOUTHEAST2-AWS | |
| EU-CENTRAL1-AWS | |
| EU-WEST1-AWS | |
| US-EAST1-AWS | |
| US-WEST1-AWS-AWS |
Alternatively, you can also use the URL string *.wcs.cudasvc.com .
Barracuda online URL categorization services are used by the Barracuda URL Filter in the firewall.
For more information, see URL Filtering in the Firewall.
Authentication
Sync to Trust Zone – TCP port 845.
TSClient – TCP port 5050.
DNS Block List - Port 443
- b.barracudacentral.org
If the DNS block listing is configured, the firewall checks the hostnames in the DNS queries against this online service.
For more information, see Botnet and Spyware Protection in the Firewall.
Link Protection - Port 443
| Description | URL |
|---|---|
| AP-NORTHEAST2-AWS | |
| AP-SOUTHEAST2-AWS | |
| EU-CENTRAL1-AWS | |
| EU-WEST1-AWS | |
| US-EAST1-AWS | |
| US-WEST1-AWS |
If the Mail Security in the Firewall and Link Protection is configured, the firewall checks the hostnames in the DNS queries against this online service.
For more information, see How to Configure Link Protection for Mail Security in the Firewall.
CloudGen WAN - Port 443
- cloudgenwan-configuration.cudasvc.com
- cloudgenwan-status.cudasvc.com
AWS / Azure and Google Cloud APIs
Firewalls and Control Centers deployed to the public cloud use API calls for Cloud Integration features.
For more information, see Public Cloud.
Public Cloud Data Center Network Objects
- https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653
- https://ip-ranges.amazonaws.com/ip-ranges.json
To fill network objects with up-to-date IP ranges used by Azure and AWS data centers, the firewall queries these two services.
For more information, see How to Configure Network Objects for AWS and Azure Datacenter Networks.