It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure a High Availability Cluster for Managed F-Series Firewalls

  • Last updated on

To be able to configure a high availability cluster between two managed firewalls, both must be in the same cluster on the Control Center. Managed high availability clusters only share the same virtual server configuration; the box level of both firewalls are configured individually. Use cluster level repositories to share the box level configurations between both units. The two firewalls receive their configurations directly from the Control Center; the HA session sync is carried out directly between the two firewalls. You can only combine two firewalls of the same model and platform (hardware, virtual, or public cloud). Using different revisions of the same hardware appliance is supported.


Before you begin
  • In a cluster, select two firewalls of the same model and platform  E.g., two Barracuda NextGen Firewall F-Series F280RevB 
  • Verify that the cabling is done exactly the same on both units. The management IP addresses must also be configured on the same ports. For HA clusters using hardware appliances with different revisions, only use ports present on both systems.
  • License and activate both firewalls

Step 1. Complete box level configuration for both NextGen F-Series Firewalls

The box level configuration for both firewalls must be identical, except for the NetworkBox Properties and Licensing pages. If the connection to the Control Center is over a public IP address each firewall must also have a public IP address configured on the box layer. Use repository links for easy maintenance of the other configuration pages. For more information, see Repositories.

Step 2. Assign primary and secondary unit for the virtual server

Choose which NextGen Firewall F-Series is by default the active unit in the HA cluster. For active-active clusters, repeat this step for the second virtual server.

  1. Go to your cluster in the Control Center > Virtual Servers > your virtual server > Server Properties.
  2. Click Lock.
  3. In the Virtual Server Definition section, define the primary unit and secondary unit.
    • Primary Box – The active system.
    • Secondary Box – The HA partner.

The primary and secondary servers are created and configured as HA partners on both units. 


Last updated on