CloudFormation templates allow you to automate your deployments in AWS and make them more consistent. You can replicate the deployment multiple times for testing and production, or you can spin up additional environments in other regions.
CloudFormation Templates
CloudFormation templates are available for all our AWS reference architectures in the Barracuda Networks GitHub account: https://github.com/barracudanetworks/ngf-aws-templates.
Before You Begin
Verify that the AMI image IDs used in the CloudFormation template match the IDs for the NextGen Firewall image listed in the AWS Marketplace. The AMI disk images change for every released version. Each region has a separate AMI ID.
Step 1. Subscribe to NextGen Firewall in AWS Marketplace
To be able to deploy a NextGen Firewall image via the CloudFormation template, you must agree to the Terms of Service and subscribe to the image in the AWS Marketplace. You need to do this only once per account, but it must be done separately for PAYG and BYOL images.
- Go to the AWS Marketplace: https://aws.amazon.com/marketplace/
- Search for
Barracuda NextGen Firewall
. - Click on the Barracuda NextGen Firewall F-Series PAYG or Barracuda NextGen Firewall F-Series BYOL image.
- Click Continue.
- Click on the Manual Launch tab.
- Click Accept Software Terms.
You will now receive an email from Amazon confirming your subscription. You can now use the provided AMI in your CloudFormation templates.
Step 2. (BYOL only) Create Stack Policy to Protect Firewall Instance from Stack Updates
Protect your firewall instances from being replaced during stack updates use a stack policy when deploying the CloudFormation template. Replacing the instance automatically invalidates your license. If your license is invalidated, contact Barracuda technical support during the 15 day grace period to transfer your license to the instance.
Step 3. Deploy the CloudFormation Template
CloudFormation templates can be deployed via the AWS web console, CLI, REST, or PowerShell.
- Log into the AWS console.
- Click Services and select CloudFormation.
- Click Create Stack
Select Upload a template to Amazon S3.
- Click Browse and select the template file.
- Click Next.
- Enter the Stack name.
- (optional) If the template includes parameters, fill in the values in the Parameters section.
- Click Next.
- (optional) Enter Tags for your stack.
- In the Advanced section, set additional options for your stack:
- Notification options
- Timeout – Set the timeout in minutes.
- Rollback on failure – When set to yes, the deployment will be rolled back if any errors are encountered.
Stack policy – For BYOL images, it is highly recommended to protect the firewall instance from stack updates.
- Click Next.
- Review the settings and click Create.
The resources defined in the template are now deployed. This may take a couple of minutes. When the Status column shows CREATE_COMPLETE, the template has been deployed successfully. If the firewall fetches a PAR file from a Control Center, it may take a couple of minutes for the firewall to be available.