The growth of cloud computing capabilities and services has driven more data into places where traditional IT security cannot reach - into the datacenters of public cloud providers. Cloud-based deployments can be in the form of a private cloud, in which the Barracuda CloudGen Firewall acts as a gateway device, or in a public or hybrid cloud. You can secure instances in a public or hybrid cloud by deploying a CloudGen Firewall as a virtual security device within your cloud environment. The CloudGen Firewall uses application and user awareness combined with advanced bandwidth management to optimize WAN performance and reliability, thereby securely handling all incoming traffic for the backend server instances.
Microsoft Azure Cloud
Microsoft Azure is a public cloud service. The CloudGen Firewall integrates into your Microsoft Azure virtual network by creating a network security gateway between Internet-facing endpoints and your virtual machines. Microsoft Azure Small and Medium instances use one virtual network interface with a dynamic IP address per virtual machine and can be deployed via web interface or a Microsoft PowerShell script. Large and Extra Large instances support two and four network interfaces, respectively, and must be deployed via PowerShell. There are two types of images available in the Marketplace: Bring-Your-Own-License (BYOL) and an hourly rate (PAYG). The CloudGen Firewall Azure can be deployed on any Azure pricing tier. The CloudGen license is bound to the number of CPU cores. Barracuda Networks recommends the following Azure pricing tiers:
|License||Number of CPU Cores||Number of NICs|
|CloudGen Firewall Level 2||1||1|
|CloudGen Firewall Level 4||2||1|
|CloudGen Firewall Level 6||4||up to 2|
|CloudGen Firewall Level 8||8||up to 4|
|Barracuda Firewall Control Center||n/a||1|
For more information, see Microsoft Azure Deployment.
Amazon Web Services (AWS)
Amazon AWS offers both virtual private and public cloud services. If you are deploying a virtual private cloud, the Barracuda CloudGen Firewall AWS will act as a gateway device, just like in a traditional network. Internal IP addresses in the VPC can be static or dynamic; public IPs (Amazon Elastic IPs) are then mapped to the internal network interfaces. The AMI uses one dynamic network interface as a default configuration. Up to 9 additional Amazon network interfaces can be added, depending on the instance type, with a total of up to 100 network interfaces per VPC. These network interfaces can be connected to subnets in the virtual private cloud, with each subnet containing server instances hosted in a different availability zone of your choice. The CloudGen Firewall also supports Amazon Enhanced Networking if deployed on Amazon instance types with support for this feature. There are two types of images available in the Marketplace: Bring-Your-Own-License (BYOL) and an hourly rate (PAYG). Starting with 6.1.1, both image types are available only in HVM virtualization type. The CloudGen AWS is available for the following instance types: t2.small, t2.medium, t2.large, t2.xlarge. t2.2xlarge, m3.medium, m3.large, m3.xlarge, m3.2xlarge, m4.large, m4.xlarge, m4.2xlarge, c4.large, c4.xlarge and c4.2xlarge. For BYOL licenses select the license based on the number of vCPUs of the instance type:
|CloudGen Firewall License||Number of vCPUs|
|Barracuda Firewall Control Center||n/a|
For more information, see Amazon AWS Deployment.
Google Cloud Platform
Google Cloud Platform is a public cloud on Google's infrastructure. The CloudGen Firewall can be deployed as a stand-alone Google Compute Engine instance to protect your cloud resources in the Google Cloud Platform. High availability clusters are not supported. The firewall is available as a BYOL image from Google Launcher.
|License type||Number of vCPUs||Minimum Memory (GB)|
For more information, see How to Manually Upload and Deploy the CloudGen Firewall in the Google Cloud.