We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure an AWS Elastic Load Balancer for F-Series Firewalls in AWS

  • Last updated on

The Elastic Load Balancer is a manged layer 4 load balancer by AWS. The ELB can be deployed as a public-facing load balancer or internally in your VPC. Instances are added either manually or, if associated with an Auto Scaling group, automatically. The load balancer continuously checks the health of the instances and takes unhealthy instances out of rotation. By enabling cross-zone loadbalancing, the load balancer spreads out the load evenly over multiple availability zones.

AWS Reference Architectures

This article is used in the following AWS reference architectures:

Create an AWS Load Balancer

  1. Log into the AWS console.
  2. In the upper right, click on the datacenter location, and select the datacenter you want to deploy to from the list.   
  3. Click Services and select EC2.
  4. In the Load Balancing section of the left menu, click Load Balancer.
  5. Click Create Load Balancer.
  6.  Select Classic Load Balancer and click Create
  7.  Enter the Basic Configuration Settings:
    • Load Balancer name – Enter name for the load balancer.
    • Create LB inside – Select the VPC the firewalls are deployed to from the list.
    • Create an internal load balancer – Select the check box to create an internal load balancer. Internal load balancers are reachable from within the VPC and do not have a public IP address.
  8. For each Listener, click Add and enter:
    • Load Balancer Protocol – Select the protocol from the list. Supported protocols: TCP, HTTP, HTTPS, SSL (Secure TCP).
    • Load Balancer Port – Enter the external port.
    • Instance Protocol – Enter the protocol. In most cases, this is the same protocol as the Load Balancer Protocol. To offload SSL encryption to the ELB, different protocols can be selected (e.g, HTTPS to HTTP).
    • Instance Port – Enter the port number of the service on the instance. 
  9. Click + in the Actions column to add subnets to the load balancer. Add the subnets containing the firewall instances. Each subnet should be in a different Availability Zone.
  10. Click Next: Assign Security Groups
  11. Click Create new security group.
  12. For each load balancer listener, create a Rule. Click Add Rule for each additional security group rule required.
    • Type – Select the protocol or type of traffic. E.g., Custom TCP Rule for TCP, or HTTPS for SSL-encrypted web traffic.
    • Port Range – Enter the port. E.g., 691 for TINA VPN
    • Source Select the source of the traffic. For Internet traffic, select Anywhere and enter 
  13. Configure the Health Check.
    • Ping Protocol Select the protocol from the list.
    • Ping Port – Enter the port. E.g, 691 for TINA VPN, or 443 for HTTPS
    • Response Timeout  – Enter the number of seconds the probe waits for an answer.
    • Interval – Enter the number of seconds between two probes.
    • Unhealthy threshold Enter the number of failed heath checks for the instance to be considered unhealthy. Unhealthy health checks are taken out of rotation until healthy again.
    • Healthy threshold – Enter the the number of successful heath checks for the instance to be considered healthy.
  14. Click Next: Add EC2 Instances.
  15. (optional) If the firewall EC2 instances are already deployed, select the EC2 instances.
  16. Select Enable Cross-Zone Load Balancing 
  17. Click Next: Add Tags
  18. (optional) Add Key / Value tags to the resource. Click Create Tag to add additional tags.
  19. Click Review and Create
  20. Review the settings and click Create.

The Elastic Load Balancer is now deployed and ready for use.


Last updated on