We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
Accept
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Deploy an F-Series Firewall in AWS via CloudFormation Template

  • Last updated on

CloudFormation templates allow you to automate your deployments in AWS and make them more consistent. You can replicate the deployment multiple times for testing and production, or you can spin up additional environments in other regions.

CloudFormation Templates

CloudFormation templates are available for all our AWS reference architectures in the Barracuda Networks GitHub account: https://github.com/barracudanetworks/ngf-aws-templates.

Before You Begin

Verify that the AMI image IDs used in the CloudFormation template match the IDs for the NextGen Firewall image listed in the AWS Marketplace. The AMI disk images change for every released version. Each region has a separate AMI ID.

Step 1. Subscribe to NextGen Firewall in AWS Marketplace

To be able to deploy a NextGen Firewall image via the CloudFormation template, you must agree to the Terms of Service and subscribe to the image in the AWS Marketplace. You need to do this only once per account, but it must be done separately for PAYG and BYOL images.

  1. Go to the AWS Marketplace: https://aws.amazon.com/marketplace/
  2. Search for Barracuda NextGen Firewall.
  3. Click on the Barracuda NextGen Firewall F-Series PAYG or Barracuda NextGen Firewall F-Series BYOL image.
    aws_cloudformation_01.png
  4. Click Continue.
    aws_cloudformation_02.png
  5. Click on the Manual Launch tab.
  6. Click Accept Software Terms.
    aws_cloudformation_03.png

You will now receive an email from Amazon confirming your subscription. You can now use the provided AMI in your CloudFormation templates.

aws_cloudformation_04.png

Step 2. (BYOL only) Create Stack Policy to Protect Firewall Instance from Stack Updates

Protect your firewall instances from being replaced during stack updates use a stack policy when deploying the CloudFormation template. Replacing the instance automatically invalidates your license. If your license is invalidated, contact Barracuda technical support during the 15 day grace period to transfer your license to the instance.

Step 3. Deploy the CloudFormation Template

CloudFormation templates can be deployed via the AWS web console, CLI, REST, or PowerShell.

  1. Log into the AWS console.
  2. Click Services and select CloudFormation.
  3. Click Create Stack
    aws_cloudformation_05.png

  4. Select Upload a template to Amazon S3.

  5. Click Browse and select the template file.
    aws_cloudformation_06.png
  6. Click Next.
  7. Enter the Stack name
  8. (optional) If the template includes parameters, fill in the values in the Parameters section.
    aws_cloudformation_07.png
  9. Click Next.
  10. (optional) Enter Tags for your stack.
  11. In the Advanced section, set additional options for your stack:
    • Notification options
    • Timeout – Set the timeout in minutes.
    • Rollback on failure – When set to yes, the deployment will be rolled back if any errors are encountered.

    • Stack policy – For BYOL images, it is highly recommended to protect the firewall instance from stack updates.

      Stack updates that require redeploying the firewall instance will invalidate the license for BYOL firewalls.

  12. Click Next.
  13. Review the settings and click Create.

The resources defined in the template are now deployed. This may take a couple of minutes. When the Status column shows CREATE_COMPLETE, the template has been deployed successfully. If the firewall fetches a PAR file from a Control Center, it may take a couple of minutes for the firewall to be available.

aws_cloudformation_08.png

Last updated on