It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure Virtual Servers

  • Last updated on

To manage networking and services on the Barracuda CloudGen Firewall, you can use the virtual server S1 that is already present on the unit. To extend firewalling and networking capabilities, introduce additional servers with IP addresses that can be adapted and used by networks and services created under them. If a CloudGen Firewall hosting virtual servers is running in a high availability (HA) cluster, the virtual servers are also present on the HA unit. If the primary unit fails, the virtual server, IP addresses, and all services are taken over instantly by the secondary unit. Optionally, it is also possible to enforce unique server/service names on a global level.

Before You Begin

  • Verify that direct routes exist on the box layer for the network the virtual server IPs are in. If you are using an HA cluster, the routes must be configured on both units.

Create a Virtual Server on a CloudGen Firewall

  1. On a stand-alone firewall: Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers.
  2. Right-click Virtual Servers in your cluster and select Create Server. The Create Server windows opens.
  3. Configure the following settings:
    • Server Name – Enter a unique name of up to 30 characters for the virtual server.
    • Product Type – Select the model of your CloudGen Firewall. The product type of the virtual server and the CloudGen Firewall the virtual server is running on must match.
    • Active Box – Select This-Box.
    • Backup Box (optional) – Select Other-Box if you are using a high availability cluster, or No-Backup if you are using a stand-alone CloudGen Firewall.
    • Encryption Level – Select Full Featured Encryption unless you are running in demo mode or are located in an export-restricted country.      
    • First-IP – Enter the first IP address for the virtual server.
    • Reply to Ping – Select yes for the virtual server to answer ICMP pings on the first IP address.
    • Second-IP (optional) – Enter the second IP address for the virtual server.
    • Reply to Ping – Select yes for the virtual server to answer ICMP pings on the second IP address.
    • (optional) Additional IP – Click + to add additional IP addresses.
    • (optional) Additional IPv6 Address – Click + to enter IPv6 addresses.
    IPv6_virtual_server_Ips.png
  4. Click Next 
  5. (optional) Configure monitoring settings for the virtual server. For more information, see Virtual Server Monitoring.
  6. Click Next.
  7. (optional) Enter custom command-line scripts that are executed when the virtual server is started or stopped. For more information, see Command-Line Interface
  8. Click Finish.
  9. Click Activate.

Create a Virtual Server on a Barracuda Firewall Control Center

Create a virtual server in a cluster on the Firewall Control Center. The virtual server can be used for every managed CloudGen Firewall of the same product type in the cluster.

By default, server and service names must be unique on a cluster level. However, if you want to use unique service/server names on a global level, you must configure the CC to enforce unique server/service names.

  1. On your Control Center, go to CONFIGURATION > Configuration Tree > CC Parameters
  2. In the left menu, click Operational Setup.
  3. In the left menu, click Switch to Advanced mode.
  4. In the section Configuration Setup, select Global for Enforce Unique Service/Server Name.
  5. Click Send Changes.
  6. Click Activate.
  1. Go to CONFIGURATION > Multi-Range > your range > your cluster.
  2. Right-click Virtual Servers in your cluster and select Create Server. The Create Server windows opens.
  3. Configure the following settings:
    • Server Name – Enter a unique name of up to 30 characters for the virtual server. 
    • Product Type – Select the model of your CloudGen Firewall. The product type of the virtual server and the CloudGen Firewall the virtual server is running on must match.
    • Encryption Level – Select Full Featured Encryption unless you are running in demo mode or are located in an export-restricted country.      
    • Primary Box – Select the CloudGen Firewall the  virtual server runs on. The box must be in the same cluster as the virtual server.   
    • Secondary Box (optional) – Select the secondary CloudGen Firewall.  
    • First-IP – Enter the first IP address for the virtual server.
    • Reply to Ping – Select yes for the virtual server to answer ICMP pings on the first IP address.
    • Second-IP (optional) – Enter the second IP address for the virtual server.
    • Reply to Ping – Select yes for the virtual server to answer ICMP pings on the second IP address.
    • (optional) Additional IP – Click + to add additional IP addresses.
    • (optional) Additional IPv6 Address – Click + to enter IPv6 addresses.
  4. Click Next.
    • (optional) Create or import the Server Private Key
    • (optional) Import the Server Certificate.
  5. Click Next
  6. (optional) If you are planning to use GTI, add the local networks for the VPN tunnels. For more information, see CC VPN GTI Editor.
  7. Click Next.
  8. (optional) Configure monitoring settings for the virtual server. For more information, see Virtual Server Monitoring.
  9. Click Next.
  10. (optional) Enter custom command-line scripts that are executed when the virtual server is started or stopped. For more information, see Command-Line Interface.
  11. Click Finish.
  12. Click Activate.

Deleting a Virtual Server

If you delete a virtual server, all of its assigned services are also deleted. Before changing server and service settings, back up your system configuration. For more information, see Backups and Recovery.

  1. Right-click on the virtual server you want to delete and click Lock.
  2. Right-click on the virtual server and click Remove Server.
  3. Click Yes. The virtual server and all its services are now marked with a red "x".
  4. Click Activate.

(Control Center only) Moving/Copying Virtual Servers

You can move or copy virtual servers on the Control Center between different clusters. It is not possible to create a copy of a virtual server in the same cluster it is currently in. The clusters must use at least the same release version. For example, you cannot move a 7.0 virtual server to a 6.2 cluster.

  1. Right-click on the virtual server you want to move or copy and click Lock.
  2. Right-click on the virtual server and click Move Server or Copy Server.
  3. Select the destination in the Range/Cluster tree.
  4. Enter the new Name of the virtual server.
  5. Click OK.
  6. Click Activate.