We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Azure Networking

  • Last updated on

To use your firewall in Azure as you would with on-premises firewalls, you must configure routing and other networking features.

Azure Route Tables (UDR) Using Azure Web Portal

To use your firewall VM as the gateway for other VMs in your virtual network, you can configure a user-defined routing table in Azure. Route tables can also be used to route Control Center VIP networks and S-Series networks to the correct VM. HA clusters must be configured to rewrite the Azure routing table so that the backend VMs are always using the active firewall as the gateway.

For more information, see How to Configure Azure Route Tables (UDR) using Azure Portal and ARM.

Azure Route Tables (UDR) Using Azure PowerShell

Create a user-defined routing table to send traffic from the VMs in the backend subnets through the firewall using PowerShell.

For more information, see How to Configure Azure Route Tables (UDR) using PowerShell and ARM.

Azure Load Balancer for High Availability Clusters

For HA clusters, you need a load balancer in front of the two firewall VMs to forward incoming traffic to the active firewall. The load balancer handles all traffic that matches the load balancer rules you defined. The service is polled by a health probe every 4 seconds. After two failed health checks, the VM is marked as inactive and traffic is redirected to the now-active secondary firewall.

For more information, see How to Configure Azure Load Balancer for HA Clusters using PowerShell and ARM.

Azure Cloud Integration

Azure cloud integration allows the firewall to connect directly to the Azure service fabric to rewrite Azure user-defined routes and to monitor the IP Forwarding setting of the NIC of your firewall VM.

For more information, see How to Configure Azure Cloud Integration using ARM.

VNET Peering

VNET peering allows you to connect virtual networks with a high-bandwidth, low-latency connection. The VNETs can be configured to use this peering connection to send all traffic through a pair of firewalls in a central VNET. This allows you to apply security policies to all traffic leaving your VNET in one central location. You can also forward traffic between VNETs that are not directly peered with each other by using the firewall as the next-hop device.

For more information, see How to Configure VNET Peering with the CloudGen Firewall.

Azure Accelerated Networking

Accelerated Networking provides single-root I/O virtualization (SR-IOV) technology to enable multiple virtual host operating systems to share PCI-e I/O devices. With Accelerated Networking, data packets are routed between virtual machines without traversing the virtual switch in order to increase network performance between Azure virtual machines. Accelerated Networking is enabled by default on CloudGen Firewalls with firmware 8.0.1 or higher when the size of the virtual machine meets the requirements for Accelerated Networking. Accelerated Networking creates, for each existing interface, a second interface for Accelerated Networking (one for the hv_netvsc driver, and one for Mellanox). Use only every second interface in boxnet (e.g., eth0, eth2, eth4). On devices with DHCP enabled, eth0 is replaced with the DHCP interface. On DHCP-enabled devices, as well, use only every second interface (e.g., eth0, eth2, eth4).

For more information, see How to enable Azure Accelerated Networking.

 

Last updated on