We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Attention

Barracuda CloudGen Firewall version 8.0 is a cloud-only version. It is currently not available for on-premises deployments and can only be deployed in Microsoft Azure, Amazon Web Services, or Google Cloud Platform public clouds.

Best Practice - Hostname List for Barracuda Online Services

  • Last updated on

Access to hosts and domains in the Barracuda Cloud is required for the proper operation of a Barracuda CloudGen Firewall or Control Center. Ensure that the proper ACLs are in place to allow access to these services:

Update Servers - Port 80, 443, 8000

  • updates.cudasvc.com
  • cnt07.upd.cudasvc.com
  • cnt08.upd.cudasvc.com
  • *.upd.cudasvc.com
  • 64.235.148.65 - barracuda.com
  • 64.235.151.230 - cntdtw02.sup.cudaops.com

These update servers deliver pattern updates for the following services and features: 

Download Portal - Port 443

  • dlportal.barracudanetworks.com
  • d.barracudanetworks.com
  • ec2-35-158-213-49.eu-central-1.compute.amazonaws.com
  • ec2-54-93-201-228.eu-central-1.compute.amazonaws.com

The download portal hosts all update packages, as well as hotfixes, and the associated tools and utilities used to run the CloudGen Firewall. The firewall queries the download portal for a list of available hotfixes and updates matching the firmware version.

For more information, see DASHBOARD General Page and Updating CloudGen Firewalls and Control Centers.

License Activation Server - Port 443

  • bcc.barracudanetworks.com
  • api.bcc.barracudanetworks.com

Used to send license activation service, and to continuously poll for licenses available for the serial number associated with the firewall or Control Center.

For more information, see How to License a CloudGen Firewall and Licensing CloudGen Firewalls in the Control Center.

Zero Touch Deployment - Port 443

  • ztd.barracudanetworks.com

The Control Center queries the list of available Zero Touch Enabled firewalls from this service and push the minimal configurations to the cloud service, pending retrieval from Zero Touch ordered firewalls.

For more information, see Zero Touch Deployment.

ATP Server

  • api-eucentral1-aws.batd.cudasvc.com
  • api-euwest1-aws.batd.cudasvc.com
  • api-useast1-aws.batd.cudasvc.com
  • api-uswest1-aws.batd.cudasvc.com
  • atd.fra.svc.fusion.cudasvc.com
  • atd.rdn.svc.fusion.cudasvc.com
  • atd.rzc.svc.fusion.cudasvc.com
  • atd.sfj.svc.fusion.cudasvc.com

Barracuda ATP cloud services. If ATP is enabled the firewall uploads files to be scanned via ATP to these services.

For more information, see Advanced Threat Protection (ATP).

URL Categorization Servers

  • *.wcs.cudasvc.com
  • wcs.rzc.svc.fusion.cudasvc.com
  • wcs.fra.svc.fusion.cudasvc.com
  • wcs.sfj.svc.fusion.cudasvc.com
  • wcs.rdn.svc.fusion.cudasvc.com
  • auth.svc.fusion.cudasvc.com

Barracuda online URL categorization services used by the Barracuda URL filter in the firewall.

For more information, see URL Filtering in the Firewall.

DNS Blacklist

  • b.barracudacentral.org

If the DNS Blacklisting is configured, the firewall checks the hostnames in the DNS queries against this online service.

For more information, see  Botnet and Spyware Protection in the Firewall.

Link Protection

  • linkprotect.cudasvc.com

If the Mail Security in the Firewall and Link Protection is configured, the firewall checks the hostnames in the DNS queries against this online service.

For more information, see How to Configure Link Protection for Mail Security in the Firewall.

AWS / Azure and Google Cloud APIs

Firewalls and Control Centers deployed to the public cloud use API calls for Cloud Integration features.

For more information, see Public Cloud.

Public Cloud Datacenter Network Objects

  • https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653
  • https://ip-ranges.amazonaws.com/ip-ranges.json

To fill network objects with up-to-date IP ranges used by Azure and AWS datacenters, the firewall queries these two services.

For more information, see How to Configure Network Objects for AWS and Azure Datacenter Networks.

Last updated on