Microsoft Azure offers two ways to deploy and manage your cloud resources:
- Azure Resource Manager
- Azure Service Manager
Azure Resource Manager (ARM) is the recommended deployment model for new Azure deployments. Grouping your resources into resource groups makes it easy to create setups that are modular. Azure Service Manager (ASM) is the classic model and should no longer be used for new deployments.
There are several different configuration and deployment tools available for Azure cloud deployment:
- Web Portal (https://portal.azure.com)
- Azure Templates
- Azure PowerShell (version 1.0 or higher)
- REST API
- Azure CLI
Not all configuration tools offer the same functionality. New features are usually first available via PowerShell, Azure templates, and REST API, with the web portal catching up later.
Azure Resource Manager Deployment
In the Azure Resource Manager deployment model, each resource is placed in a resource group. These logic containers allow you to group your resources to simplify monitoring, access control, and billing for your applications. Resource groups also make it easier to redeploy individual parts. For example, if you need to update the application servers, you only redeploy the resource group for these VMs, leaving the rest untouched.
Deploy a CloudGen Firewall or Control Center via Azure Portal
The Azure portal allows you to deploy the Barracuda CloudGen Firewall and Firewall Control Center images from the Azure Marketplace using an easy-to-use web interface. Azure solution templates allow you to deploy one of the multiple preconfigured solutions depending on your use case in Azure. The following solutions are available in the Azure Marketplace:
- Single, stand-alone CloudGen Firewall including Azure Route Table. The firewall is deployed into a dedicated subnet. Both PAYG and BYOL versions are available.
- Single, managed CloudGen Firewall including Azure Route Table. The firewall fetches the configuration directly from your Control Center on deployment.
- A single managed Secure Access Controller. The SAC fetches the configuration directly from your Control Center on deployment.
For more information, see How to Deploy a CloudGen Firewall from the Microsoft Azure Market Place.
Deploy a CloudGen Firewall or Control Center via Azure PowerShell
For custom deployments using user images, or other Azure features not available via the web portal, use Azure PowerShell to deploy your firewall VM.
For more information, see How to Deploy a CloudGen Firewall in Microsoft Azure Using PowerShell and ARM.
Deploy a CloudGen Firewall or Control Center via Azure Templates
Azure templates are JSON files containing resource descriptions and parameter definitions. These parameters can be passed to the template during deployment either on the command line or through a template file. Deploy templates using Azure PowerShell, Azure CLI, Azure Rest API, or Visual Studio.
- Templates can be up to 1 MB in size. Parameter files up to 64 KB.
- Azure PowerShell 1.0 or higher is required.
- You can only deploy resources in one Azure location per template.
Templates can be deployed in two modes: incremental and complete. Neither deployment mode re-deploys existing resources in the resource group, as long as the configuration settings in the template are identical to the running resource. Resources defined in the template that are missing in the resource group are added. The difference between the two modes is how resources not part of the template, but already running in the resource group, are handled. In incremental mode, these resources are left unchanged, whereas in complete mode these resources are deleted. Production deployments should use complete mode to secure against rogue configuration elements. Incremental mode should be used during template development. It should also be used in cases where either a resource cannot be created with the template or should not be managed by the template.
For more information, see How to Deploy a CloudGen Firewall via Azure Templates.
Lab Guide: Getting Started with the Barracuda CloudGen Firewall on Azure
In this lab you will learn how to:
- Deploy a Barracuda CloudGen Firewall
- Configure Azure networking for the firewall
- Set user defined roles, create traffic routing rules, and control the flow of traffic between virtual machines
Download the Lab Guide: Working with the F-Series Firewall in Azure.
Modifying a CloudGen Firewall Azure Template to Retrieve the PAR File
If you are using the Firewall Control Center either on-premises or in the cloud, modify the Azure template to retrieve the PAR file for the new CloudGen Firewall VM directly from the Control Center during deployment. The scripts authenticate either with CC admin credentials or a shared secret.
For more information, see How to Modify Azure Templates to Retrieve the PAR File from a Control Center.
Deploy a CloudGen Firewall High Availability Cluster
To avoid downtime when the primary firewall is unavailable due to maintenance or hardware failure, configure a high availability cluster. A Microsoft Azure Load Balancer in front of the two firewalls forwards all incoming traffic to the active firewall. The firewall then applies your policies and forwards the traffic accordingly to the backend VMs. The Azure User Defined Routing Table, which is used for the backend VMs to be able to use the firewall as the default gateway, is updated and monitored by the active firewall after a failover event so that the active firewall is always used as the gateway.
For more information, see High Availability in Azure.
Upload User Images from VHD Files
If you need a specific firmware version of the CloudGen Firewall or Control Center for Azure that is not available in the Marketplace, or you are deploying in a region without access to the Azure Marketplace, download the VHD disk images from the Barracuda download portal, and then upload them to your Azure storage account. Use the uploaded disk images to deploy via Azure PowerShell or Templates.
For more information, see How to Upload Azure VHD Images for User Defined Images using ARM.
Deploy in Azure Germany
If you are deploying to the Azure Germany, the Azure Marketplace is not available, limiting your deployment options. Disk images must be uploaded manually and then deployed via Azure PowerShell or Azure Templates. In addition, to use Azure PowerShell, the environment must be added and appended when logging in.
Fore more information, see Microsoft Azure Deployments in Azure Germany.