We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Deploy an F-Series Firewall in AWS via CloudFormation Template

  • Last updated on

CloudFormation templates allow you to automate your deployments in AWS and make them more consistent. You can replicate the deployment multiple times for testing and production, or you can spin up additional environments in other regions.

Example templates

CloudFormation templates for our AWS reference architectures are available in our AWS Implementation Guide.

For more information see Implementation Guide - NextGen Firewall in AWS.

Before you begin

  • To deploy templates for other NextGen Firewall reference architectures, select the reference architecture in the Implementation Guide - NextGen Firewall in AWS and download the template in the Example CloudFormation Template section, or to deploy a single  F-Series Firewall go to download the CloudFormation template from Barracuda Campus.
  • (optional) Modify the UserData section of the template to download a PAR file directly from a Control Center. For more information, see How to Modify AWS CloudFormation Templates to Retrieve the PAR File from a Control Center.
  • Verify that the AMI image IDs used in the CloudFormation template match the IDs for the NextGen Firewall image listed in the AWS Marketplace. The AMI disk images change for every released version. Each region has a separate AMI ID.

Step 1. Subscribe to NextGen Firewall in AWS Marketplace

To be able to deploy a NextGen Firewall image via the CloudFormation template, you must agree to the Terms of Service and subscribe to the image in the AWS Marketplace. You need to do this only once per account, but must be done separately for PAYG and BYOL images.

  1. Go to the AWS Marketplace: https://aws.amazon.com/marketplace/
  2. Search for Barracuda NextGen Firewall.
  3. Click on the Barracuda NextGen Firewall F-Series PAYG or Barracuda NextGen Firewall F-Series BYOL image.
  4. Click Continue.
  5. Click on the Manual Launch tab.
  6. Click Accept Software Terms.

You will now receive an email from Amazon confirming your subscription. You can now use the provided AMI in your CloudFormation templates.



Step 2.  (BYOL only) Create stack policy to protect firewall instance from stack updates

Create and enter a stack policy to protect the firewall instance from stack updates that would invalidate the license of your firewall. The stack policy is uploaded when creating a CloudFormation stack.

Step 3.  Deploy CloudFormation template

CloudFormation templates can be deployed via the AWS web console, CLI, REST, or PowerShell.

  1. Log into the AWS console.
  2. Click Services and select CloudFormation.
  3. Click Create Stack
  4. Select Upload a template to Amazon S3.

  5. Click Browse and select the template file.
  6. Click Next.
  7. Enter the Stack name
  8. (optional) If the template includes parameters, fill in the values in the Parameters section.
  9. Click Next.
  10. (optional) Enter Tags for your stack.
  11. In the Advanced section, set additional options for your stack:
    • Notification options
    • Timeout – Set the timeout in minutes.
    • Rollback on failure – When set to yes, the deployment will be rolled back if any errors are encountered.
    • Stack policy – For BYOL images, it is highly recommended to protect the firewall instance from stack updates.

      Stack updates that require redeploying the firewall instance will invalidate the license for BYOL firewalls.

  12. Click Next.
  13. Review the settings and click Create.

The resources defined in the template are now deployed. This may take a couple of minutes. When the Status column shows CREATE_COMPLETE, the template has been deployed successfully. If the firewall fetches a PAR file from a Control Center, it may take a couple of minutes for the firewall to be available.


Last updated on