We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Link Balancer

How do I install the Barracuda Link Balancer in front of my existing firewall?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00003849

Scope:
All Barracuda Link Balancers,  firmware versions 2.1.2.004 and above.

This knowledge base article assumes that your Barracuda Link Balancer has been activated.

To activate your Barracuda Link Balancer please reference the Quick Start Guide and stop after step 4.

Barracuda Link Balancer Quick Start Guide

Answer:
To deploy your Barracuda Link Balancer in front of an existing network firewall you need to meet the prerequisites and follow the steps provided below:

Prerequisites:
  • Ensure that your ISP has issued you a block of IP addresses with a network prefix of 29.
    • Example: 64.66.68.1/29 or 64.66.68.1 255.255.255.248
  • Remove any static ARP table entries that may be configured on the ISP?s router, and switches that may be physically connected to your Barracuda Link Balancer and on your network firewall.
Steps:
  1. Disable the Barracuda Link Balancer built-in firewall.
  2. Configure WAN 1 with an IP address in the same sub-net of your network firewall:
    • Example:
      • Network Firewall IP: 64.66.68.2/29
      • WAN 1 Interface IP: 64.66.68.3/29
  3. Pre-configure your Barracuda Link Balancer.
  4. Deploy your Barracuda Link Balancer into the production network.
  5. Test WAN link usage and fine tune the Barracuda Link Balancer configuration.

Step 1: Disable the Barracuda Link Balancer Network Firewall:
  • Navigate to the Basic > IP Configuration page.
  • Under Operating Mode, set Network Firewall to 'Disabled'.
    • If you receive the following Message Alert: ?Changing the operating mode requires a reboot. Click OK to continue.?, then select 'OK'.
    • Otherwise, Save changes and make sure your Barracuda Link Balancer performs a complete reboot.
  • After the Barracuda Link Balancer has rebooted, login to the Web interface.
Step 2: Configure the WAN Links:
  • Go to the Basic > Links page.
  • Click the port image or on the plus sign in the Links Configuration section to expand the WAN link and update the following fields:
    • Name: The name used on the Barracuda Link Balancer to identify the connection.
    • Type: Select Static. (Static is required for Wan1 only)
    • Upstream / Downstream Speeds: Enter the throughput speeds specified by your ISP, in kilobits per second.
    • Link Usage for Outbound / Inbound Traffic: Select Primary.
    • WAN IP address
    • Subnet mask
    • Gateway
    • Primary and secondary DNS Server: use IP addresses specified by your Internet Service Provider.
    • Additional IP Addresses: You may need to add Additional IP Addresses if the built-in firewall of the Barracuda Link Balancer is disabled. The Additional IP Addresses are the externally reachable IP addresses that are behind the Barracuda Link Balancer, including the address of your firewall.
    • Health Check: Select the test to be used to monitor regularly the status of this link. "Always On" means that no test will be performed and the link will always be considered active. The use of PING with the router?s IP address as a ?Test Host? is not recommended as a production configuration because the ICMP echo packet does not leave your existing network infrastructure.
  • Save Changes.
  • For each new WAN link repeat Step 2.
    • All WAN Link network schemas must be logically separated via use of a proper subnet, and they cannot share the same gateway.
Step 3*: Pre-configure outbound routing rules on your Barracuda Link Balancer:
*Note: Step 3 is only required if your LAN or DMZ hosts servers that serve data to the internet. If this doesn?t apply to your network infrastructure then skip Step 3 and proceed to step 4.
  • Go to Policy > Outbound Routing and ?Delete? any pre-configured rules that aren?t needed.
  • Add a rule to IP/Application Routing Table:
    • Rule Name: Enter a unique Rule Name
    • Source IP Address: Enter the public IP address of a server (e.g. 64.66.68.4)
    • Source Netmask: Enter a netmask (e.g. 255.255.255.255).
    • Application: Select * for any protocol or port combination or select an application from the list.
    • Destination IP Address and Netmask: use 0.0.0.0 for both fields.
    • Link Balance: Select Yes to link balance outgoing traffic across any available WAN interfaces, or select No and then select a Primary and a Backup link.
    • NAT: Clear the check box to maintain the original source IP address of a packet configured in ?Source IP Address?.
  • Click Add.
*Note: If you select a ?Backup Link? then you need to check ?NAT?. Otherwise, if the ?Backup Link? is used then packets sent from your network firewall or DMZ will be dropped by the Backup Link?s gateway. If you need to maintain the original source IP address while the ?NAT? option is enabled, then add an Outbound Source NAT rule:
  • Adding a Source NAT Rule for proper use of the Primary Link:
    • Rule Name: Enter a unique Rule Name
    • Source IP Address/Range: Enter the public IP address of a server (e.g. 64.66.68.4)
    • Source Netmask: Enter a netmask (e.g. 255.255.255.255).
    • Application: Select * port combination or select an application from the list.
    • Link: Must match the ?Primary Link? selected in a ?IP/Application Routing rule? with ?NAT? enabled.
    • Masquerade IP Address/Range: Enter the ?same? public IP address of a server configured as the source IP address. (e.g. 64.66.68.4)
  • Click Add.
  • Adding a Source NAT Rule for proper use of the Backup Link:
    • Repeat the steps mentioned above for the Backup Link.

Step 4: Permanently install the Barracuda Link Balancer:
  • LAN IP or Management IP Configuration:
    • *Note: If the Barracuda Link Balancer?s Firewall is disabled then the LAN IP address is only used for access to the Web interface of the Barracuda Link Balancer. It is not used for routing or as a gateway.
    • The LAN IP address can be any internal or public address that is reachable through your existing firewall. If the default address, 192.168.200.200, meets the criteria, then there is no need to change it. Otherwise, assign the LAN interface an IP address:
    • Optional: Create a static route on your Network Firewall. It will be used to administer the Barracuda Link Balancer from your LAN.
  • Go to the Basic > IP Configuration page and assign the LAN interface an IP address and a Netmask.
  • Save Changes.
  • Power down your Barracuda Link Balancer using the power button on the front of the unit. Please be sure to wait for the Barracuda Link Balancer to complete the shut down process.
  • Mount the Barracuda Link Balancer in a 19-inch rack, or place it in a stable location. To ensure proper ventilation, do not block the cooling vents on the front and back of the unit.
  • Connect each of the cables from the Internet links into a WAN port on the front of the Barracuda Link Balancer. The ports are labeled WAN1, WAN2, etc. These ports correspond to the WAN ports configured via the Web Interface. Be sure to connect them according to your configuration. It is recommended that you label the Ethernet cables.
  • Connect an Ethernet cable from WAN interface of your network firewall, to the LAN interface of your Barracuda Link Balancer:
    • Example:
    • Network Firewall WAN Interface ::::::: Barracuda Link Balancer LAN Interface
  • If your network firewall is in a cluster, High Availability, or has more than one interface then please consider the following example:
    • Example:
    • Network Firewall WAN Interfaces ::::::: Switch ::::::: Barracuda Link Balancer LAN Interface
      • Note: The gateway of your network firewall will be the same gateway that?s configured for WAN Link 1.

Step 5: Test Connectivity:
  • Flush ARP table entries on all network devices that are physically connected to the Barracuda Link Balancer. (This may require you to reboot the ISP Routers.)
  • Confirm that you can access the Internet from a host on the LAN; If this works, continue.
    • Note: DO NOT use the PING utility to test the link usage. Instead, use TCP or a browser.
  • Log-in to the Barracuda Web interface using the permanent LAN IP address and go to the Basic > Links page. The Status of each link should appear as Connected. You can see the utilization of each link by moving the mouse over the graphic.
  • Generate some traffic; Open more tabs in your browser, and download files from the Internet. Go to the Basic > Status page to view graphs which show the incoming and outgoing traffic for each link.
  • You can continue to monitor the WAN links using the Basic > Links page and the Basic > Status page.

Link To This Page:
https://campus.barracuda.com/solution/50160000000HZqlAAG