You can install the Barracuda CloudGen Firewall as a virtual machine in the Microsoft Azure public cloud. The Azure Solution Template deploys a single firewall into a dedicated subnet of a new or existing Virtual Network and configures an Azure Route Table to use the firewall as the default gateway. Centrally managed firewalls get their configuration from the Control Center.
You can choose between the following images in the Azure Marketplace:
- Bring Your Own License (BYOL) – Uses licenses purchased directly from Barracuda Networks. Barracuda Networks offers a 30-day evaluation license.
- Pay As You Go (PAYG) – No dedicated licenses required. Licensing fees are included in the hourly price of the virtual machine. All charges are billed directly through your Microsoft Azure account.
Depending on your deployment, you may want to use more than one resource group to be able to maintain the deployed VMs more easily.
Before You Begin
- Create a Microsoft Azure account.
- (BYOL images only) Purchase a Barracuda CloudGen Firewall or Control Center for Microsoft Azure license, or register to receive an evaluation license from the Barracuda Networks Evaluation page.
Step 1. Basics
- Go to the Azure portal: https://portal.azure.com
- In the upper left-hand corner, click + Create a resource.
Search the Marketplace for
Barracuda CloudGen Firewall for Azureand click Barracuda CloudGen Firewall for Azure Solution.
- In the next window, click Create.
- In the Basics blade, configure the following settings:
- Firewall Name – Enter the hostname for the CloudGen Firewall.
- License scheme – Select either PAYG and BYOL.
- Firmware version – Select one of the available firmware versions. Barracuda recommends deploying the highest available version.
- Subscription – Select your subscription.
- Resource Group – Select the resource group to deploy to. Click Create new for a new resource group.
- Location – Select the desired location the firewall will be deployed to.
- Click OK.
Step 2. High Availability
- In the Availability Region/Set section select No availability region/set deployment from the drop-down menu.
To enable High Availability, select either Deploy into an availability set or Deploy into an availability zone according to your requirements.
- Click OK.
Step 3. Size and Networking
- In the Size and Networking blade, configure the following settings.
Size and Storage – Select the size of the virtual machine
- Private networking – Select an existing Virtual network, or create a new one. Also, select or create Subnets within the virtual network.
- Public networking – Select an existing Public IP address, or create a new one. Also, enter a Domain name label for this virtual machine.
- Click OK
Step 4. Firewall Management
- In the Firewall Management blade, configure the following settings.
Firewall management interface – Select the management interface type for your Barracuda CloudGen Firewall. You can choose between Firewall Admin (Windows only), Web Interface and Centrally managed via Control Center. For more information on each topic, see Barracuda Firewall Admin, Web Interface and Firewall Control Center.
Configuration backup PAR file – Select an unencrypted configuration backup to restore a firewall configuration. Make sure that static IP addresses, hostname and licenses of the configuration backup match the configuration of the virtual machine.
Management ACL – Introduces a Network Security Group that restricts access to management ports of the firewall. Enter
0.0.0.0/0to allow access from any network and to skip creating a Network Security Group.
Root password – Enter the password for the root user of the firewall.
- Click OK.
Step 5. Advanced
- In the Advanced blade, configure the following settings.
- Barracuda CloudGen Firewall private IP address – Enter a static private IP address from the subnet the firewall is deployed to. The first four and the last IP addresses in the subnet are reserved by Azure.
- Custom firewall VM size – If not already configured, change the virtual machine size.
Advanced networking options – Enable or disable Azure Accelerated Networking if the size of your virtual machine meets the requirements.
- SSH management access – Select Enabled to allow SSH access to the Barracuda CloudGen Firewall, and enter the SSH public key.
- Click OK.
Step 6. Summary
- The basic configuration of the Barracuda CloudGen Firewall is validated, and if no errors are found, the virtual machine is ready for provisioning. For automated deployments, you can download the configuration template.
- Click OK.
Step 7. Buy
- Click Create.
The Barracuda CloudGen Firewall will now be deployed with the configured settings. This process can take several minutes.
Wait for Microsoft Azure to finish the deployment of your Barracuda CloudGen Firewall. Go to Virtual machines, click on the CloudGen Firewall VM, and locate the Public IP address used to connect to your firewall. Use this IP address to connect to your CloudGen Firewall, as configured, either via Barracuda Firewall Admin or Web User Interface. The username is root and the password is the password you configured in Step 4.
Configure a user-defined routing table for the backend VMs to send traffic through the firewall, and enable Azure Cloud Integration to allow the firewall VM to directly connect to the Azure service fabric.