We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Best Practice - Service Dependencies and Multiple Services of the Same Type on one Virtual Server

  • Last updated on
Each service that runs on a virtual server (service layer of the Barracuda NG Firewall) provides a piece of network functionality. Some of the services act independently and can be introduced on every virtual server without disrupting the network flow. For example: DNS, DHCP, FTP Gateway, OSPF/RIP/BGP and Wi-Fi. Depending on which service you introduce, it might require additional services to work, or be limited to one service per virtual server or Barracuda NG Firewall. Some services can also be introduced on secondary units for a distributed setup in HA environments.

Single Services per NG Firewall

You can only use one Forwarding or Distributed Firewall service per NG Firewall. Running a Distributed Firewall and Forwarding Firewall service on the same NG Firewall, automatically disables the Forwarding Firewall service.

Dependent Services

The functionality of certain services depends on additional services on the Barracuda NG Firewall.

  • The VPN service interacts with the Forwarding Firewall and only works in combination with the Firewall service.
  • When using Application Control, the Firewall service interacts with the Virus Scanner and URL Filter service and must be on the same server.
  • The DHCP Relay service can interact with the DHCP service if introduced. You can create a DHCP server on the same system as a DHCP relay agent. However, the services cannot use the same interface.

Interacting Services

In order to function or interact properly, some services require the same virtual server.

  • The URL Filter service must be always be on the same virtual server as the HTTP Proxy service.
  • When using the Mail Gateway service together with the Spam Filter service, make sure that you introduce them on the same virtual server. Virus Scanner service, when configured, should also be on that server because these services all interact with each other. This setup is required when using Application Control.
  • When using VPN, make sure that you introduce the VPN service on the same virtual server as the Forwarding Firewall service.

Multiple Service Setup

Some services can be run multiple times on the Barracuda NG Firewall.

  • Configuring multiple HTTP Proxy services is possible, e.g., to proxy HTTP/S traffic using different modes. You can introduce the HTTP Proxy services in forward, reverse, and transparent mode, depending on your network requirements.

Service Setup in HA Environments

When setting up HA clusters, you can create virtual servers with services to run only on the secondary unit that, in case of a failover, are transferred to the primary unit and vice versa. This is possible for independent services such as DHCP, DNS, and HTTP Proxy. When introducing the latter in combination with the URL Filter service, both services must be configured on the same virtual server on the secondary unit.

Last updated on