It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Deploy a CloudGen in AWS via CloudFormation Template

  • Last updated on

CloudFormation templates allow you to automate your deployments in AWS and make them more consistent. You can replicate the deployment multiple times for testing and production, or you can spin up additional environments in other regions. Including user data scripts in the template automatically disables the web interface. You can re-enable it via the cloud-enable-webui command. For more information, see Public Cloud Provisioning Command Line Tools.

CloudFormation Templates

CloudFormation templates are available for all our AWS reference architectures in the Barracuda Networks GitHub account: https://github.com/barracudanetworks/ngf-aws-templates.

Before You Begin

Verify that the AMI image IDs used in the CloudFormation template match the IDs for the CloudGen Firewall image listed in the AWS Marketplace. The AMI disk images change for every released version. Each region has a separate AMI ID.

Step 1. Subscribe to CloudGen Firewall in AWS Marketplace

To be able to deploy a CloudGen Firewall image via the CloudFormation template, you must agree to the Terms of Service and subscribe to the image in the AWS Marketplace. You need to do this only once per account, but it must be done separately for PAYG and BYOL images.

  1. Go to the AWS Marketplace: https://aws.amazon.com/marketplace/
  2. Search for Barracuda CloudGen Firewall.
  3. Click the Barracuda CloudGen Firewall F-Series PAYG or Barracuda CloudGen Firewall F-Series BYOL image.
    aws_cloudformation_01.png
  4. Click Continue.
    aws_cloudformation_02.png
  5. Click the Manual Launch tab.
  6. Click Accept Software Terms.
    aws_cloudformation_03.png

You will now receive an email from Amazon confirming your subscription. You can now use the provided AMI in your CloudFormation templates.

aws_cloudformation_04.png

Step 2. (BYOL only) Create Stack Policy to Protect the Firewall Instance from Stack Updates

To protect your firewall instances from being replaced during stack updates, use a stack policy when deploying the CloudFormation template. Replacing the instance automatically invalidates your license. If your license is invalidated, contact Barracuda Networks Technical Support during the 15-day grace period to transfer your license to the instance.

Step 3. Deploy the CloudFormation Template

CloudFormation templates can be deployed via the AWS web console, CLI, REST, or PowerShell.

  1. Log into the AWS console.
  2. Click Services and select CloudFormation.
  3. Click Create Stack
    aws_cloudformation_05.png
  4. Select Upload a template to Amazon S3.

  5. Click Browse and select the template file.
    aws_cloudformation_06.png
  6. Click Next.
  7. Enter the Stack name
  8. (optional) If the template includes parameters, fill in the values in the Parameters section.
    aws_cloudformation_07.png
  9. Click Next.
  10. (optional) Enter Tags for your stack.
  11. In the Advanced section, set additional options for your stack:
    • Notification options
    • Timeout – Set the timeout in minutes.
    • Rollback on failure – When set to yes, the deployment will be rolled back if any errors are encountered.
    • Stack policy – For BYOL images, it is highly recommended to protect the firewall instance from stack updates.

      Stack updates that require redeploying the firewall instance will invalidate the license for BYOL firewalls.

  12. Click Next.
  13. Review the settings and click Create.

The resources defined in the template are now deployed. This may take a couple of minutes. When the Status column shows CREATE_COMPLETE, the template has been deployed successfully. If the firewall fetches a PAR file from a Control Center, it may take a couple of minutes for the firewall to be available.

aws_cloudformation_08.png