The growth of cloud computing capabilities and services has driven more data into places where traditional IT security cannot reach - into the datacenters of public cloud providers. Cloud-based deployments can be in the form of a private cloud, where the Barracuda NextGen Firewall F-Series can act as a gateway device, or in a public or hybrid cloud. You can secure instances in a public or hybrid cloud by deploying an F-Series Firewall as a virtual security device within your cloud environment. The F-Series Firewall uses application and user awareness combined with advanced bandwidth management to optimize WAN performance and reliability, thereby securely handling all incoming traffic for the backend server instances.
Microsoft Azure Cloud
Microsoft Azure is a public cloud service. The NextGen Firewall F-Series integrates into your Microsoft Azure virtual network by creating a network security gateway between Internet-facing endpoints and your virtual machines. Microsoft Azure Small and Medium instances use one virtual network interface with a dynamic IP address per virtual machine and can be deployed via web interface or a Microsoft PowerShell script. Large and Extra Large instances support two and four network interfaces, respectively, and must be deployed via PowerShell. There are two types of images available in the Marketplace: Bring-Your-Own-License (BYOL) and an hourly rate (PAYG). The NextGen Firewall F-Series Azure can be deployed on any Azure pricing tier. The F-Series license is bound to the number of CPU cores. Barracuda Networks recommends the following Azure pricing tiers:
| License | Azure Pricing Tier | Number of CPU Cores | Number of NICs |
|---|---|---|---|
| NextGen Firewall F-Series Level 2 | A1 | 1 | 1 |
| NextGen Firewall F-Series Level 4 | A2 | 2 | 1 |
| NextGen Firewall F-Series Level 6 | A3 | 4 | up to 2 |
| NextGen Firewall F-Series Level 8 | A4 | 8 | up to 4 |
| Barracuda NextGen Control Center | A1 - A4 | n/a | 1 |
For more information, see Microsoft Azure Deployment.
Amazon Web Services (AWS)
Amazon AWS offers both virtual private and public cloud services. If you are deploying a virtual private cloud, the Barracuda NextGen Firewall F-Series AWS will act as a gateway device, just like in a traditional network. Internal IP addresses in the VPC can be static or dynamic; public IPs (Amazon Elastic IPs) are then mapped to the internal Network Interfaces. The AMI uses one dynamic Network Interface as a default configuration. Up to 9 additional Amazon Network Interfaces can be added, depending on the instance type with a total of up to 100 network interfaces per VPC. These network interfaces can be connected to subnets in the virtual private cloud, with each subnet containing server instances hosted in a different Availability Zone of your choice. The F-Series Firewall also supports Amazon Enhanced Networking if deployed on Amazon Instance Types with support for this feature. There are two types of images available in the Marketplace: Bring-Your-Own-License (BYOL) and an hourly rate (PAYG). Starting with 6.1.1 both image types are only available in HVM virtualization type. The F-Series AWS is available in four different sizes:
| NextGen Firewall F-Series License | Amazon Instance Type | Number of vCPUs | Number of NICs | IP per NIC | Enhanced Networking Support |
|---|---|---|---|---|---|
| Level 2 | m3.medium | 1 | up to 2 | 4 | No |
| Level 4 | m3.large | 2 | 3 | 10 | No |
| c3.large (recommended) | 2 | 3 | 10 | Yes | |
| Level 6 | m3.xlarge | 4 | 4 | 10 | No |
| c3.xlarge | 4 | 4 | 15 | Yes | |
| Level 8 | m3.2xlarge | 8 | 4 | 30 | No |
| c3.2xlarge | 8 | 4 | 15 | Yes |
For more information, see How to Deploy a Barracuda F-Series Firewall in an Amazon Virtual Private Cloud.