Managed F-Series Firewalls are only connected through the association to the same virtual server in the Barracuda NextGen Control Center. This allows you to configure active-active clusters with multiple virtual servers. Both firewalls must be managed by a Control Center and be located in the same cluster. You can only combine two firewalls of the same model and platform (hardware, virtual, or public cloud). Using different revisions of the same hardware appliance is supported.
Before You Begin
- In a cluster, select two firewalls of the same model and platform E.g., two Barracuda NextGen Firewall F-Series F280RevB
- Verify that the cabling is done exactly the same on both units. The management IP addresses must also be configured on the same ports. For HA clusters using hardware appliances with different revisions, only use ports present on both systems.
- License and activate both firewalls
Step 1. Complete Box Level Configuration for Both NextGen F-Series Firewalls
The box level configuration for both firewalls must be identical, except for the Network, Box Properties and Licensing pages. If the connection to the Control Center is over a public IP address each firewall must also have a public IP address configured on the box layer. Use repository links for easy maintenance of the other configuration pages. For more information, see Repositories.
Step 2. Assign Primary and Secondary Unit for the Virtual Server
Choose which NextGen Firewall F-Series is by default the active unit in the HA cluster. For active-active clusters, repeat this step for the second virtual server.
- Go to your cluster in the Control Center > Virtual Servers > your virtual server > Server Properties.
- Click Lock.
- In the Virtual Server Definition section, define the primary unit and secondary unit.
- Primary Box – The active system.
- Secondary Box – The HA partner.
The primary and secondary servers are created and configured as HA partners on both units.