When deploying a Barracuda NextGen Firewall F-Series, basic settings must be made before the system can be used in production. There are some differences, depending on the deployment option you choose (hardware, virtual, or public cloud). In addition, stand-alone hardware models up to the F400 running a fresh 7.1.0 installation use the web interface as the default management interface. This can be changed during the setup process.
Before You Begin
Make sure you completed the steps listed in the deployment articles, depending on which platform you are deploying the F-Series Firewall on:
- Hardware – Complete Hardware deployment and the included Quick Start Guide. The Quick Start Guide is included in the box with every firewall. Your PC must be connected to the management port of the NextGen Firewall F-Series and use an IP address in the 192.168.200.0/24 range. Do not use 192.168.200.200 because this IP address is the default management IP address of the Barracuda NextGen Firewall F-Series.
- Virtual (Vx) – Complete the deployment steps in Virtual Systems (Vx) for your hypervisor.
- Public Cloud – Complete the steps in Public Cloud for your public cloud provider.
Step 1. Prepare the Client
To connect to the F-Series Firewall, you must use the Barracuda NextGen Admin application. The application is a stand-alone, portable executable. Always use the latest version of NextGen Admin. You can download it from the Barracuda Customer Portal.
For more information on the system requirements and NextGen Admin, see Barracuda NextGen Admin.
Step 2. Log into the Barracuda NextGen Firewall F-Series
Connect to your firewall using NextGen Admin:
- Launch NextGen Admin.
In the Log in window, select Firewall.
Enter the Management IP, Username, and Password:
Management IP Address Username Default Password Hardware 192.168.200.200 root ngf1r3wall Virtual (Vx) Set during deployment root ngf1r3wall Public Cloud - Amazon AWS Elastic IP pointing to the Barracuda NextGen Firewall F-Series instance root Instance ID of your Barracuda NextGen Firewall F-Series instance E.g., i-0aaaa123 Public Cloud - Microsoft Azure .cloudapp.net or Virtual IP (VIP) for the cloud service root
- Set during deployment
- If not set during deployment: ngf1r3wall
Public Cloud - Google Cloud Static external IP address assigned to the firewall instance root Name of the instance Public Cloud - VMware vCloud Air Set during deployment root ngf1r3wall
- Click Sign In. The Authentication Check window opens.
- Click Trust.
Step 3. (F18 - F400 only) Select the Management Interface
Barracuda NextGen Firewall hardware models up to the F400 re-imaged with 7.1.0 use the web interface as the default management interface by default. On first login, select the default management interface:
- Manage by web interface – Click Connect via Web Interface to manage your firewall via the web interface (https://192.168.200.200) and log in with the default username (
root) and password (
- Manage via NextGen Admin – Click Manage via NextGen Admin to disable the web interface and use NextGen Admin to manage your firewall configuration.
Step 4. Configure Basic Settings
The box wizard can only be used on hardware units. If you are deploying a virtual F-Series Firewall, you must configure the time zone and change the password manually.
Step 4.1 Complete the Wizard for the Barracuda NextGen Firewall F-Series
If you are using a hardware appliance, the wizard helps you configure basic settings during deployment. Follow the instructions for the Standard Deployment Mode. Skip this step if you are connected to an F-Series in the public cloud because these settings were already configured during deployment.
Step 4.2 Configure the Time Zone and Change the Root Password for the Virtual Barracuda NextGen Firewall F-Series
When using a virtual F-Series Firewall, complete the following tasks:
|Change the password||How to Change the Root Password and Management ACL|
|Set the time zone||Step 1 in How to Configure Time Server (NTP) Settings|
|(optional) Change the management IP address||How to Change the Management IP Address|
Step 5. Configure an Internet Connection
If you are deploying an F-Series Firewall that must connect to the Internet via ISP, configure the Internet connection. Skip this step if your firewall can already access the Internet via the management interface. The F-Series F10 to F30x already have a preconfigured DHCP interface on port 4.
Complete the configuration for your type of Internet connection:
|Internet connection type||Link|
|Static IP address||How to Configure an ISP with Static IP Addresses|
|DHCP||How to Configure an ISP with Dynamic IP Addresses (DHCP)|
|xDSL (PPP, PPPoE and PPTP)||xDSL WAN Connections|
|Wireless WAN||How to Configure an ISP using a WWAN Modem|
|ISDN||How to Configure an ISP with ISDN|
Step 6. Activate and License Your Barracuda NextGen Firewall F-Series
To license your F-Series Firewall, the NextGen Admin application must be able to connect to the Internet directly or via proxy. For hardware appliances, you only need to activate the unit; licenses are automatically downloaded and installed afterwards. For virtual and public cloud systems, you must enter a license token before activating your unit. If you are licensing an F-Series Firewall that is to be used in a high availability cluster, activate the secondary unit first. For more information, see How to Activate and License a Standalone High Availability Cluster.
|Virtual (Vx) + Public Cloud||How to Activate and License a Stand-alone Virtual or Public Cloud F-Series Firewall or Control Center|
Step 7. Configure Administrative Settings
Configure the firewall to use your preferred DNS and NTP servers. To receive email notifications from selected services, you must configure a recipient email address.
|DNS Servers||How to Configure DNS Settings|
|NTP Servers||Step 2 in How to Configure Time Server (NTP) Settings|
|System Email Notification Address||How to Configure System Email Notifications|
Continue with the steps below to set up the system according to your needs.
|Configure VLANs, routing, and add additional network interfaces.||Network|
|Create and configure the virtual server.|
|Create and configure services (e.g., Forwarding Firewall, VPN,...).|
|Configure external authentication servers.||Authentication|
|Configure administrator accounts.||Managing Access for Administrators|
|Create a high availability cluster.||High Availability|