It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure an AWS Elastic Load Balancer for F-Series Firewalls in AWS

  • Last updated on

The Elastic Load Balancer is a manged layer 4 load balancer by AWS. The ELB can be deployed as a public-facing load balancer or internally in your VPC. Instances are added either manually or, if associated with an Auto Scaling group, automatically. The load balancer continuously checks the health of the instances and takes unhealthy instances out of rotation. By enabling cross-zone loadbalancing, the load balancer spreads out the load evenly over multiple availability zones.

AWS reference architectures

This article is used in the following AWS reference architectures:

Create an AWS Load Balancer

  1. Log into the AWS console.
  2. In the upper right, click on the datacenter location, and select the datacenter you want to deploy to from the list.   
  3. Log into the AWS console.
  4. Click Services and select EC2.
  5. In the Load Balancing section of the left menu, click Load Balancer.
  6. Click Create Load Balancer.
  7.  Select Classic Load Balancer and click Continue
  8.  Enter the Basic Configuration Settings:
    • Load Balancer name – Enter name for the load balancer.
    • Create LB inside – Select the VPC the firewalls are deployed to from the list.
    • Create an internal load balancer – Select the check box to create an internal load balancer. Internal load balancers are reachable from within the VPC and do not have a public IP address.
  9. For each Listener, click Add and enter:
    • Load Balancer Protocol – Select the protocol from the list. Supported protocols: TCP, HTTP, HTTPS, SSL (Secure TCP).
    • Load Balancer Port – Enter the external port.
    • Instance Protocol – Enter the protocol. In most cases, this is the same protocol as the Load Balancer Protocol. To offload SSL encryption to the ELB, different protocols can be selected (e.g, HTTPS to HTTP).
    • Instance Port – Enter the port number of the service on the instance. 
  10. Click + in the Actions column to add subnets to the load balancer. Add the subnets containing the firewall instances. Each subnet should be in a different Availability Zone.
  11. Click Next: Assign Security Groups
  12. Click Create new security group.
  13. For each load balancer listener, create a Rule. Click Add Rule for each additional security group rule required.
    • Type – Select the protocol or type of traffic. E.g., Custom TCP Rule for TCP, or HTTPS for SSL-encrypted web traffic.
    • Port Range – Enter the port. E.g., 691 for TINA VPN
    • Source Select the source of the traffic. For Internet traffic, select Anywhere and enter 
  14. Configure the Health Check.
    • Ping Protocol Select the protocol from the list.
    • Ping Port – Enter the port. E.g, 691 for TINA VPN, or 443 for HTTPS
    • Response Timeout  – Enter the number of seconds the probe waits for an answer.
    • Interval – Enter the number of seconds between two probes.
    • Unhealthy threshold Enter the number of failed heath checks for the instance to be considered unhealthy. Unhealthy health checks are taken out of rotation until healthy again.
    • Healthy threshold – Enter the the number of successful heath checks for the instance to be considered healthy.
  15. Click Next: Add EC2 Instances.
  16. (optional) If the firewall EC2 instances are already deployed, select the EC2 instances.
  17. Select Enable Cross-Zone Load Balancing 
  18. Click Next: Add Tags
  19. (optional) Add Key / Value tags to the resource. Click Create Tag to add additional tags.
  20. Click Review and Create
  21. Review the settings and click Create.

The Elastic Load Balancer is now deployed and ready for use.


Last updated on