When deploying a Barracuda NextGen Firewall F-Series, basic settings need to be made before the system can be used in production. There are some differences, depending on the deployment option you choose (hardware, virtual, or public cloud).
Before you Begin
Make sure you completed the steps listed in the deployment articles, depending on which platform you are deploying the F-Series Firewall on:
- Hardware – Complete Hardware deployment and the included Quick Start Guide. The Quick Start Guide is included in the box for every firewall. Your PC must be connected to the management port of the NextGen Firewall F-Series and use an IP address in the 192.168.200.0/24 range. Do not use 192.168.200.200 because this IP address is the default management IP address of the Barracuda NextGen Firewall F-Series.
- Virtual (Vx) – Complete the deployment steps in Virtual Systems (Vx) for your hypervisor.
- Public Cloud – Complete the steps in Public Cloud for your public cloud provider.
Step 1. Prepare the Client
To connect to the F-Series firewall, you must use the Barracuda NextGen Admin application. The application is a stand-alone, portable executable. Always use the latest version of NextGen Admin. You can download it from the Barracuda Customer Portal.
For more information on the system requirements and NextGen Admin, see Barracuda NextGen Admin.
Step 2. Log into the Barracuda NextGen Firewall F-Series
Connect to your firewall using NextGen Admin:
- Launch NextGen Admin.
- In the Log In window, select Box.
Enter the Management IP, Username, and Password:
Management IP Address Username Default Password Hardware 192.168.200.200 root ngf1r3wall Virtual (Vx) Set during deployment root ngf1r3wall Public Cloud - Amazon AWS Elastic IP pointing to the Barracuda NextGen Firewall F-Series Instance root Instance ID of your Barracuda NextGen Firewall F-Series Instance E.g., i-0aaaa123 Public Cloud - Microsoft Azure .cloudapp.net or Virtual IP (VIP) for the cloud service root
- Set during deployment
- If not set during deployment: ngf1r3wall
- Click Log In. The Authentication Check window opens.
- Click Trust.
Step 3. Configure Basic Settings
The box wizard can only be used on hardware units. If you are deploying a virtual F-Series Firewall, you must configure the time zone and change the password manually.
Step 3.1 Complete the Wizard for the Barracuda NextGen Firewall F-Series
If you are using a hardware appliance, the wizard helps you configure basic settings during deployment. Follow the instructions for the Standard Deployment Mode. Skip this step if you are connected to an F-Series in the public cloud because these settings were already configured during deployment.
Step 3.2 Configure the Time Zone and Change the Root Password for the Virtual Barracuda NextGen Firewall F-Series
When using a virtual F-Series Firewall, complete the following tasks:
|Change the password||How to Change the Root Password and Management ACL|
|Set the time zone||Step 1 in How to Configure Time Server (NTP) Settings|
|(optional) Change the management IP address||How to Change the Management IP Address|
Step 4. Configure an Internet Connection
If you are deploying an F-Series Firewall that must connect to the Internet via ISP, configure the Internet connection. If your firewall can already access the Internet via Management interface, you can skip this step. The F-Series F10 to F30x already have a preconfigured DHCP interface on port 4.
Complete the configuration for your type of Internet connection:
|Internet Connection Type||Link|
|Static IP address||How to Configure an ISP with Static IP Addresses|
|DHCP||How to Configure an ISP with Dynamic IP Addresses (DHCP)|
|xDSL (PPP, PPPoE and PPTP)||How to Configure an ISP with xDSL|
|UMTS/3G||How to Configure an ISP with UMTS/3G|
|ISDN||How to Configure an ISP with ISDN|
Step 5. Activate and License your Barracuda NextGen Firewall F-Series
To license your F-Series Firewall, the NextGen Admin application must be able to connect to the Internet directly or via proxy. For hardware appliances you only need to activate the unit; licenses are automatically downloaded and installed afterwards. For virtual and public cloud systems you must enter a license token before activating your unit. If you are licensing an F-Series Firewall that is to be used in a high availability cluster, it is important to activate the secondary unit first. For more information, see How to Activate and License a NextGen F-Series High Availability Cluster.
|Virtual (Vx) + Public Cloud||How to Activate and License a Stand-alone Virtual or Public Cloud F-Series Firewall or Control Center|
Step 6. Configure Administrative Settings
Configure the firewall to use your preferred DNS and NTP servers. To receive email notifications from selected services, you must configure a recipient email address.
|DNS Servers||How to Configure DNS Settings|
|NTP Servers||Step 2 in How to Configure Time Server (NTP) Settings|
|System Email Notification Address||How to Configure the System Email Notification Address|
Continue with the steps below to set up the system according to your needs.
|Configure VLANs, routing and add additional network interfaces.||Network|
|Create and configure the virtual server.|
|Create and configure services (e.g., Forwarding Firewall, VPN,...).|
|Configure external authentication servers.||Authentication|
|Configure administrator accounts.||Managing Access for Administrators|
|Create a high availability cluster||High Availability|