We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Cloud Security Guardian

Configuring and Deploying a Firewall using Azure

  • Last updated on

Before You Begin

To be able to deploy a Barracuda CloudGen Firewall image template, you must agree to the Terms of Service and subscribe to the image in the Azure Marketplace. You need to do this only once per account, you must do this separately for PAYG and BYOL images.

  1. Go to the Azure Marketplace appropriate for your location. For example,  https://azuremarketplace.microsoft.com/en-us/marketplace/.
  2. Search for Barracuda CloudGen Firewall for Azure.
  3. Click on the Barracuda CloudGen Firewall.
    azureMarketplace2.png
  4. Click Want to deploy programatically? Get started.
    wanttoDeploy.png
  5. Change the Status to Enable, then click Save.
    enable.png

You will now receive an email from Microsoft confirming your subscription. 

Step 1: Create a Shared Firewall Policy

A Shared Policy is a way of grouping firewalls together.

New accounts do not have any Shared Policies, so the Shared Firewall Policies page is blank.

To create a new Shared Policy:

  1. Log into your Barracuda Cloud Security Guardian account.
  2. From the menu, navigate to Policy Management > Infrastructure.
  3. On the Infrastructure Policies page, click Add Shared Policy.
  4. Enter a Name for this Shared Policy and click Add.
    The new Shared Policy appears in the Shared Firewall Policies list.

You can edit or delete the Shared Policy at any time. Click the three dots in the table and select the appropriate action.

  • Editing the Shared Policy enables you to change the Policy's name within Barracuda Cloud Security Guardian.  
  • Deleting the Shared Policy removes it from your instance of the Barracuda Cloud Security Guardian. The Delete option is only available for Policies that do not contain any Firewalls.
Step 2: Deploy a Firewall
  1. Click Deploy Firewall.
  2. For the Group, select the Shared Policy you just created.
    Alternatively, you can enter a name to create a new group here.
  3. Click Next to continue.
  4. Provide a name for the new Firewall Instance. This should be a fairly specific name.
  5. Optionally create a description for the Firewall. Click Next to continue.
  6. Select the Location for your Cloud Service Provider – here, Microsoft Azure. The list of Regions in that Location loads automatically.
  7. Select the Region where you want to deploy the Firewall. For example, US-West or EU-North. Click Next to continue.
  8. Select the Barracuda CloudGen Firewall. The window expands to display all of the required fields. Enter the following information:
    • VPC Address Space –Specify the subnet in CIDR notation. For example, 10.0.0.0/8.
    • MIP1 – Enter an IP address within the VPC Address Space you specified above.
    • MIP2 – Enter a second IP address within the VPC Address Space you specified above.
    • Availability Zone 1 –Select an Availability Zone from within the Region specified earlier.
    • Availability Zone 2 – Select a second Availability Zone from within the Region specified earlier.
    • Instance Type – Select the size and pricing structure for this instance.
    • Admin Password – Create and confirm a password to be used by the Firewall Administrator.
    • Admin Email – Specify the email address for communicating with the Firewall Administrator.
  9. Click Next to continue.
    Click Deploy. The Infrastructure Policies page displays with the new firewall in the Shared Policy Group you specified. Refresh the page, if needed.
    The Barracuda CloudGen Firewall is configured and deployed, changing states from Deploying to Ready.
    When the new firewall is ready, it is listed under the appropriate Group/Shared Policy. You can access it with the login you created.

You can also deploy your own firewall, instead of deploying a Barracuda CloudGen Firewall. See more at the bottom of this page.

Step 3: Create Rules

After the new firewall is ready, you can create rules at the Group/Shared Policy level or at the local level for a single firewall. Learn more about the Barracuda CloudGen Firewall.

Newly created rules must synchronize with the firewall. This process can take approximately ten minutes to complete.

Group/Shared Policy Rules

To create shared rules:

  1. In the Shared Firewall Policies list, locate the Shared Policy for which you want to create rules. In its table row, click Rules.
  2. Select the appropriate tab to create either Layer 4 Rules or Domain Rules. Click Add Rule.
    Layer 4 Rules – Creates inbound and outbound layer 4 network rules, for example which IP addresses are able to access which destination IP addresses.  
    Specify the following information, then click Add.  
    • Name – Specify a unique name for this new rule.
    • Protocol –Select the protocol to use for this rule: TCP, UDP, or Any.
    • Action – Select the type of rule, Allow or Block.
    • Features –  Select either one or both: IPS/IDS, Application Control. If you choose IDS/IPS, you can only deploy the rule set on a Barracuda CloudGen Firewall.
    • Source IP Address – Provide the Source IP Address.
    • Destination IP Address – Provide the Destination IP Address.
    • Port – Provide the Port.
    Domain Rules – Outbound rules specific to domains you would like to connect.
    Specify the following information, then click Add.  
    • Name – Specify a unique name for this new rule.
    • Protocol –Select the protocol to use for this rule: TCP, UDP, or Any.
    • Action – Select the type of rule, Allow or Block.
    • Source IP Address – Provide the Source IP Address.
    • Host Name – Provide the fully qualified domain name (FQDN) for this rule.
    The new rule is added and displays in the Shared Policy Rules window.
Local Rules

To create Local Rules for one specific firewall:

  1. In the Shared Firewall Policies list, locate the firewall for which you want to create a Local Rule.
  2. In the row for that firewall, click Local Rule.
    localRules2.png
    Select the appropriate tab to create either Layer 4 Rules or NAT Rules. Click Add Rule.
  3. Layer 4 Rules – Creates inbound and outbound layer 4 network rules.
    Specify the following information, then click Add.  
    • Name – Specify a unique name for this new rule.
    • Protocol –Select the protocol to use for this rule: TCP, UDP, or Any.
    • Action – Select the type of rule, Allow or Block.
    • Features –  Select either one or both: IPS/IDS, Application Control.
    • Source IP Address – Provide the Source IP Address.
    • Destination IP Address – Provide the Destination IP Address.
    • Port – Provide the Port.
    NAT Rules Outbound rules specific to domains you would like to connect.
    Specify the following information, then click Add.  
    • Name – Specify a unique name for this new rule.
    • Protocol –Select the protocol to use for this rule: TCP, UDP, or Any.
      • Source IP Address – Provide the Source IP Address.
      • Port – Provide one or more ports for this rule.
      • Translated IP Address – The new IP address, after NAT mapping.  
      • Translated Port – The new port, after NAT mapping.

The new rule is added and displays in the Local Firewall Rules window.

Detecting Existing Firewalls

The Barracuda Cloud Security Guardian automatically detects connected firewalls. Any firewall that was not added through the system is listed under Unmanaged Firewalls and cannot be controlled through the Barracuda Cloud Security Guardian.

Converting a Barracuda CloudGen Firewall from Unmanaged to Managed

If you have already deployed a Barracuda CloudGen Firewall and want it to be managed under Barracuda Cloud Security Guardian:

  1. Enable the REST API for the Barracuda CloudGen Firewall as described in REST API for the Barracuda NextGen Firewall F-Series 7.1.

     

    Enabling the REST API is required and must be done before you can start to manage your firewall with Barracuda Cloud Security Guardian.

  2. Log into your Barracuda Cloud Security Guardian account.
  3. On the Barracuda CloudGen Firewall, open an Azure Network Security Group (NSG) on ports 8080 and 8443.
  4. From the menu, navigate to Policy Management > Infrastructure.
  5. On the Infrastructure Policies page, scroll down to Unmanaged Firewalls. Locate the Barracuda CloudGen Firewall you want to manage and, in that row, click Link.
  6. Provide the administrative username and password for managing that firewall and click Link.
  7. The Barracuda CloudGen firewall becomes managed and displays under a new Shared Policy group and is no longer listed under Unmanaged Firewalls. The new Shared Policy is named with a <long number>_policy. You can rename this Shared Policy.

Removing a Firewall

Removing a firewall not only removes it from management under Barracuda Cloud Security Guardian, but also removes it from your security infrastructure.

Exercise caution when removing a firewall. Removing a firewall here removes the firewall from your account entirely.

If you no longer want to manage a firewall through Barracuda Cloud Security Guardian:

  1. Log into your Barracuda Cloud Security Guardian account.
  2. From the menu, navigate to Policy Management > Infrastructure.
  3. On the Infrastructure Policies page, locate the firewall you want to remove.
  4. In the same row as that firewall, click the three dots threeDots.png and select Remove Firewall.

You can watch the states change during the removal process: Deleting > Finalizing. When the process is finalized, the firewall listing is removed from the page. This process takes approximately 10 minutes.

Last updated on