We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Azure Solution Templates for F-Series Firewalls

  • Last updated on

Azure solution templates allow you to deploy preconfigured solutions in Azure. Solution templates cannot currently update existing resources. The following solution templates are available:

Barracuda NextGen Firewall Solution (BYOL) and (PAYG)

Azure_Solution_Template_Single.png

This solution deploys a single, stand-alone F-Series Firewall VM into a dedicated firewall subnet in the virtual network. An Azure route table with a UDR route using the firewall as the next hop is also created. To use this route table for backend subnets, you must create a subnet for the backend VMs and associate the Azure route table with the subnet.

The following information is required to deploy this solution:

  • Virtual network address range – Enter an address range in CIDR notation that does not overlap with your on-premises networks.
  • Firewall subnet – Enter at least a /29 network for your firewall.
  • Storage account name and type – Select the storage account type. If premium storage is selected, you must use a VM size with support for this type of storage account.
  • VM size – Depending on the selected firewall size and storage account type, select the VM size from the list.
  • Firewall static internal IP address – The firewall must use a static internal IP address. Enter a free IP address in the firewall subnet. The first three IP addresses in each subnet are reserved by Azure. 
  • Firewall root password Enter the root password for the firewall VM. 
  • (optional) DNS name for the public IP address To use a DNS hostname for the public IP address associated with the NIC, enter the hostname.
  • Public IP address type – Select if the public IP address is static or dynamic. Dynamic IP addresses potentially change every time the firewall VM is restarted.

Barracuda NextGen Firewall Managed Solution (BYOL) and (PAYG)

Azure_Solution_Template_Managed.png

Deploying a managed firewall allows you to preconfigure the firewall in your Control Center. During deployment, the firewall connects to the Control Center on TCP 806 and, after authenticating, retrieves the configuration. Depending on which image you are deploying, the licenses are either retrieved from the Control Center for the BYOL image or pushed to the Control Center for the PAYG image. An Azure route table with the firewall VM as the default gateway is automatically created. To use the firewall as the default gateway for other VMs in the virutal network, create a subnet and associate the subnet with the Azure route table.

The following information is required to deploy this solution:

  • Virtual network address range – Enter an address range in CIDR notation that does not overlap with your on-premises networks.
  • Firewall subnet – Enter at least a /29 network for your firewall.
  • Storage account name and type – Select the storage account type. If premium storage is selected, you must use a VM size with support for this type of storage account.
  • VM size – Depending on the selected firewall size and storage account type, select the VM size from the list.
  • Firewall static internal IP address – The firewall must use a static internal IP address. Enter a free IP address in the firewall subnet. The first three IP addresses in each subnet are reserved by Azure. 
  • Firewall root password Enter the root password for the firewall VM. 
  • (optional) DNS name for the public IP address To use a DNS hostname for the public IP address associated with the NIC, enter the hostname
  • Public IP address type – Select if the public IP address is static or dynamic. Dynamic IP addresses potentially change every time the firewall VM is restarted.
  • Control Center IP address – Enter the public IP address used to access the Control Center. TCP 806 must be forwarded to the Control Center.
  • Range number, cluster name, firewall name – Enter the range, cluster, and name for the firewall configuration you prepared on the Control Center.
  • Shared secret – Enter the shared secret configured in the Advanced view of the Box Properties > Operational Settings for the firewall on the Control Center.

Barracuda NextGen Firewall SAC Solution (BYOL)

Azure_Solution_Template_SACManaged.png

The Secure Access Concentrator uses the F-Series Firewall BYOL image. Before deployment, you must prepare the SAC configuration on the Control Center. The configuration is then retrieved during deployment. Authentication is handled either via Control Center admins or shared secret. An Azure route table with the SAC VM as the default gateway is automatically created. To use the SAC as the default gateway for other VMs in the virtual network, create a subnet and associate the subnet with the Azure route table.

The following information is required to deploy this solution:

  • Virtual network address range – Enter an address range in CIDR notation that does not overlap with your on-premises networks.
  • SAC subnet – Enter at least a /29 network for your firewall.
  • Storage account name and type – Select the storage account type. If premium storage is selected, you must use a VM size with support for this type of storage account.
  • VM size – Depending on the selected firewall size and storage account type, select the VM size from the list.
  • SAC static internal IP address – The firewall must use a static internal IP address. Enter a free IP address in the firewall subnet. The first three IP addresses in each subnet are reserved by Azure. 
  • SAC root password Enter the root password for the firewall VM. 
  • (optional) DNS name for the public IP address To use a DNS hostname for the public IP address associated with the NIC, enter the hostname
  • Public IP address type – Select if the public IP address is static or dynamic. Dynamic IP addresses potentially change every time the firewall VM is restarted.
  • Control Center IP address – Enter the public IP address used to access the Control Center. TCP 806 must be forwarded to the Control Center.
  • Range number, cluster name, firewall name – Enter the range, cluster, and name for the firewall configuration you prepared on the Control Center.
  • Shared secret – Enter the shared secret configured in the Advanced view of the Box Properties > Operational Settings for the firewall on the Control Center.

 

 

Last updated on