We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Advanced Networking in the Azure Cloud

  • Last updated on

By default, a VM in the Azure cloud uses the hostname and IP address assigned to the cloud service the VM resides in. Whereas the hostname does not change as long as the cloud service exists, the IP address is allocated dynamically and changes every time all VMs in the cloud service are stopped. This may also occur during Azure maintenance windows if your VMs are not assigned an availability set. Azure allows you to reserve both the internal IP addresses and external cloud service IP address. Reserved IP addresses are limited to five per subscription.

Static Internal IP Addresses for the VM

In many cases, it is easier to use a static internal IP address than to use the default DHCP interface with dynamic IP addresses. If you want to deploy an HA cluster, you must use static internal IP addresses and static network interfaces on the Barracuda NG Firewall for HA sync to operate. Static IP addresses are also required for NG Control Centers in Azure and recommended for Azure NG Firewalls managed by a Azure NG Control Center. You can assign static internal IP addresses by deploying the NG Firewall via the new Azure portal, or by changing the IP address for existing VMs via Azure PowerShell.

For more information, see Best Practice - Switch to a Static Internal IP Address in Microsoft Azure.

Reserved IP Addresses (RIP) for the Cloud Service

You can use up to five Reserved IP addresses (RIP) per subscription and assign them to your cloud services. You cannot add a RIP to an already existing cloud service or when creating a cloud service using the web portal. You must create the cloud service via an Azure PowerShell script.

Modify the example Azure deployment script below:

# # Example Deployment Script with Reserved IP address # $subscription = "Pay-As-You-Go" $vmname = "BNG" $pwd = "YOURPASSWORD" $instanceSize = "Small" $cloudService = "BNGCloudService" $location = "West Europe" $storageAccount ="BNGStorage" $reservedIPname = "BNGRIP" # Get latest Barracuda NG Firewall ImageName from Azure # IMPORTANT: The following commands must all be placed on one line! $image = Get-AzureVMImage | where { $_.ImageFamily -Match "Barracuda NG Firewall*"} | sort PublishedDate -Descending | select -ExpandProperty ImageName -First 1 # Create a new Reserved IP $reservedIP = New-AzureReservedIP -ReservedIPName $reservedIPname -Label $reservedIPname -Location $location #Set your Azure Subscription Set-AzureSubscription -SubscriptionName $subscription -CurrentStorageAccountName $storageAccount # Create VM Config and set Password. The user is ignored # IMPORTANT: The following commands must all be placed on one line! $vm1 = New-AzureVMConfig -Name $vmname -InstanceSize $instanceSize -Image $image | Add-AzureProvisioningConfig -Linux -LinuxUser "azureuser" -Password $pwd # Create VM and use the new Reserved IP New-AzureVM -ServiceName $cloudService -VM $vm1 -ReservedIPName $reservedIPName -Location $location

Public Instance Level IP Addresses (PIP)

A Public Instance Level IP address (PIP) is directly assigned to your Barracuda NG Firewall, rather than to the cloud service. This additional IP address allows you to directly access the Barracuda NG Firewall without going through the VIP and endpoints of the cloud service, thereby removing the restriction of only being able to use TCP and UDP protocols. All IP-based protocols can be used (ICMP,ESP,...). When a VM is assigned a PIP, all traffic is sent by default using the PIP as the source IP address. Only connections using the VIP to connect to the VM use the VIP address as the source IP address. You must use Azure PowerShell cmdlets to assign a PIP to a VM. You can use up to five PIPs per Azure subscription.

Assign a Public Instance Level IP address to your existing Barracuda NG Firewall VM:

# IMPORTANT: The following commands must all be placed on one line! Get-AzureVM -ServiceName YOUR-CLOUD-SERVICE-NAME -Name YOUR-BARRACUDA-NG-FIREWALL | Set-AzurePublicIP -PublicIPName CHOOSE-A-NAME | Update-AzureVM
Last updated on