We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Best Practice - Switch to a Static Internal IP Address in Microsoft Azure

  • Last updated on

By default, the internal IP addresses in the Azure cloud are dynamically assigned via DHCP. Azure offers reserved internal IP addresses, which allows you to use a static (eth0) interface instead of the dynamic (dhcp) interface on the Barracuda NG Firewall. This allows you to use the static address as a gateway for the other internal Azure VMs. Reserve the IP address in the Azure cloud and then switch to a static interface on the Barracuda NG Firewall.

You also have the option of setting the static internal address by using a web interface when deploying your Barracuda NG Firewall via the new Azure portal: https://portal.azure.com

It is not possible to add a static internal IP address to an already existing VM via the Azure web interface.

The Azure virtual machine will automatically reboot when assigning the static IP address.

Before you Begin

Step 1. Reserve a Static Internal IP Address

By default, the internal IP addresses are assigned via DHCP in the internal Azure network. Choose a free IP address in the Virtual Network for the Barracuda NG Firewall. It must be different from the IP addresses already assigned to the virtual machine.

  1. Open a Windows Azure PowerShell.
  2. Check if the chosen IP address is available by entering: 
    Test-AzureStaticVNetIP -VNetName -IPAddress  
    AzureHA01.png
  3. Save the virtual machine to a local variable. 
    $staticVM = Get-AzureVM -ServiceName -Name  
    AzureHA02.png
  4. Change the internal IP address of the virtual machine from dynamic to static. 
    Set-AzureStaticVNetIP -VM $staticVM -IPAddress | Update-AzureVM 
    AzureHA03.png

    The Barracuda NG Firewall automatically reboots.

The Barracuda NG Firewall VM is now using a static internal IP address:

AzureHA04.png

Step 2. Change the Network Configuration on the NG Firewall to Use the Static Internal IP Address

Change the network configuration to use a static network interface.

Step 2.1 Reconfigure the Network Interface

Change the network interface type from dynamic to static.

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. In the left menu, click on xDSL/DHCP/ISDN.
  3. Click Lock.
  4. Delete the DHCP01 entry in the DHCP Links list.
  5. Select No from the DHCP Enabled dropdown list.
  6. Click Send Changes.
  7. In the left menu, click on IP Configuration.
  8. In the Management IP and Network section in the Interface Name line, untick the Other checkbox. 
  9. Select eth0 from the Interface Name list.
  10. Enter the static internal IP address from Step 1 as the Management IP (MIP). E.g., 10.0.20.6

AzureHA08.png

Step 2.2 Create the Default Route

Add the default route. The default gateway in Azure subnets is always the first IP in the subnet. E.g., 10.0.20.1 if the subnet is 10.0.20.0/24

  1. In the left menu, click on Routing.
  2. Click in the Routes table and configure the following settings:
      • Target Network Address – Enter 0.0.0.0/0
      • Route Type – Select gateway
      • Gateway – Enter the first IP address of the subnet the Barracuda NG Firewalls reside in. E.g., 10.0.20.1 if the IP addresses of the Barracuda NG Firewalls are 10.0.20.6 and 10.0.20.7
      • Trust Level – Select Unclassified.
    Azure_default_route.png
  3. Click OK.
  4. Click Send Changes and Activate.
Step 2.3 Activate the Network Changes

Activate the changes to the network configuration.

  1. Go to CONTROL > Box.
  2. In the Network section of the left menu, click on Activate new network configuration.
  3. Click Failsafe.

Open the CONTROL > Network page. Your interface and IP address are now static.

AzureHA11.png

Last updated on