The growth of cloud computing capabilities and services has driven more data into places where traditional IT security cannot reach - into the datacenters of public cloud providers. Cloud-based deployments can be in the form of a private cloud, where the Barracuda NG Firewall can act as a gateway device, or in a public or hybrid cloud. You can secure instances in a public or hybrid cloud by deploying a Barracuda NG Firewall as a virtual security device within your cloud environment. The Barracuda NG Firewall uses application and user awareness combined with advanced bandwidth management to optimize WAN performance and reliability, thereby securely handling all incoming traffic for the backend server instances.
Microsoft Azure Cloud
Microsoft Azure is a public cloud service. The Barracuda NG Firewall integrates into your Microsoft Azure virtual network by creating a network security gateway between Internet-facing endpoints and your virtual machines. Microsoft Azure Small and Medium instances use one virtual network interface with a dynamic IP address per virtual machine and can be deployed via web interface or a Microsoft PowerShell script. Large and Extra Large instances support two and four network interfaces, respectively, and must be deployed via PowerShell. There are two types of images available in the Marketplace: Bring-Your-Own-License (BYOL) and an hourly rate (PAYG). The Barracuda NG Firewall Azure can be deployed on any Azure pricing tier. The NG Firewall license is bound to the number of CPU cores. Barracuda Networks recommends the following Azure pricing tiers:
|License||Azure Pricing Tier||Number of CPU Cores||Number of NICs|
|NG Firewall Level 2||A1||1||1|
|NG Firewall Level 4||A2||2||1|
|NG Firewall Level 6||A3||4||up to 2|
|NG Firewall Level 8||A4||8||up to 4|
|NG Control Center||A1 - A4||n/a||1|
Use the deployment method matching your required feature set:
- Azure Preview Portal – BYOL and PAYG images. Limited to one network interface. For more information, see How to Deploy the Barracuda NG Firewall in Azure via the Preview Portal.
- Azure Portal – BYOL image only. For more information, see How to Deploy the Barracuda NG Firewall in Microsoft Azure.
- PowerShell – BYOL and PAYG images. High Availability deployments, multiple network interfaces, advanced Azure networking features. For more information, see How to Deploy the Barracuda NG Firewall on Microsoft Azure via PowerShell or How to Configure a High Availability Cluster in Azure via PowerShell.
Amazon Web Services (AWS)
Amazon AWS offers both virtual private and public cloud services. If you are deploying a virtual private cloud, the Barracuda NG Firewall AWS will act as a gateway device, just like in a traditional network. Internal IP addresses in the VPC can be static or dynamic; public IPs (Amazon Elastic IPs) are then mapped to the internal Network Interfaces. The AMI uses one dynamic Network Interface as a default configuration. Up to 9 additional Amazon Network Interfaces can be added, depending on the instance type with a total of up to 100 network interfaces per VPC. These network interfaces can be connected to subnets in the virtual private cloud, with each subnet containing server instances hosted in a different Availability Zone of your choice. There are two types of images available in the Marketplace: Bring-Your-Own-License (BYOL) and an hourly rate (PAYG). Starting with 6.1.1 both image types are only available in HVM virtualization type. The Barracuda NG Firewall AWS is available in four different sizes:
|NG Firewall License||Amazon Instance Type||Number of vCPUs||Number of NICs||IP addresses per Interface|
|Level 2||m3.medium||1||up to 2||4|
To deploy a Barracuda NG Firewall in an Amazon Virtual Private Cloud, see How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud.