After your virtual appliance has been deployed, you must provision it. You need your Barracuda Vx license token, which you received via email or from the website when you downloaded the Barracuda SSL VPN Vx package. The license token is a 15 character string, formatted like this:
Before you begin
For more information, see .
Step 1. Open firewall ports
If your Barracuda SSL VPN Vx is located behind a corporate firewall, open the following ports on your firewall to ensure proper operation:
|22||TCP||Out||Remote diagnostics and service (recommended)|
|25||TCP||Out||Email alerts and one-time passwords|
|123||UDP||Out||Network Time Protocol (NTP)|
|443||TCP||In/Out||HTTPS/SSL port for SSL VPN access and Initial VM Provisioning|
External appliance administrator port (HTTP)
External appliance administrator port (HTTPS)
If PPTP or L2TP/IPsec access is required, also open the following ports:
Note: Only open the appliance administrator interface ports on 8000/8443 if you intend to manage the appliance from outside the corporate network.
Configure your network firewall to allow ICMP traffic to outside servers, and open port 443 to
updates.barracudacentral.com. You must also verify that your DNS servers can resolve
updates.barracudacentral.com from the Internet.
Step 2. Start the virtual appliance, configure networking, and enter the license
You should have received your Barracuda Vx license token via email or from the website when you downloaded the Barracuda SSL VPN Vx package. If not, you can request an evaluation on the Barracuda website athttps://www.barracuda.com/purchase/evaluation or purchase one from https://www.barracuda.com/purchase/index. The license token looks similar to the following: 01234-56789-ACEFG.
- In your hypervisor client, start the virtual appliance and allow it to boot up.
- From the console, log in as admin with the password admin.
- In the System Configuration window, use the down arrow key and select TCP/IP Configuration. Configure the following:
- WAN IP Address
- WAN Netmask
- Gateway Address
- Primary DNS Server
- Secondary DNS Server
- If the Internet can be accessed only through an explicit proxy, configure the proxy server using Proxy Server Configuration (Optional), so that it reaches the Internet for provisioning.
- Under Licensing enter your Barracuda License Token and Default Domain to complete provisioning. The appliance will reboot as a part of the provisioning process.
Step 3. Accept the end user license agreement and verify the configuration
- Go to http://<your ip>:8000 to access the web interface.
- Read through the End User License Agreement. Scroll down to the end of the agreement.
- Enter the required information: Name, Email Address, and Company (if applicable). Click Accept. You are redirected to the Login page.
- Log into the Barracuda SSL VPN Vx web interface as administrator:
- Go to the BASIC > IP Configuration page and verify that the following settings are correct:
- IP Address, Subnet Mask, and Default Gateway.
- Primary DNS Server and Secondary DNS Server.
- (If you are using a proxy server on your network) ProxyServer Configuration.
Step 4. Update the firmware
Go to the ADVANCED > Firmware Update page. If there is a new Latest General Release available, perform the following steps to update the system firmware:
- Click Download Now next to the firmware version that you want to install.
- When the download finishes, click Apply Now to install the firmware. The firmware installation takes a few minutes to complete.
After the firmware has been applied, the Barracuda SSL VPN Vx automatically reboots. The login page displays when the system has come back up.
- Log back into the web interface, and read the Release Notes to learn about enhancements and new features.
For more information, see.
Step 5. Change the administrator password for the appliance web interface
To prevent unauthorized use, change the default administrator password to a more secure password. Go to the BASIC > Administration page, enter your old and new passwords, and then click Save Password. This only changes the password for the appliance web interface. The password for the ssladmin user on the SSL VPN web interface must be changed separately.
Step 6. Route incoming SSL connections to the Barracuda SSL VPN Vx
Route HTTPS incoming connections on port 443 to the virtual appliance. This is typically achieved by configuring your corporate firewall to port forward SSL connections directly to the Barracuda SSL VPN Vx.
Step 7. Verify incoming SSL connections to the Barracuda SSL VPN Vx
After you configure your corporate firewall to route SSL connections to the Barracuda SSL VPN Vx, verify that you can accept incoming SSL connections.
- Test the connection by using a web browser from the Internet (not inside the LAN) to establish an SSL connection to the external IP address of your corporate firewall. For example, if your firewall's external IP address is 220.127.116.11, go to
in your browser.
- When you are prompted to accept an untrusted SSL certificate, accept the warning and proceed to load the page.
If you see the Barracuda SSL VPN login screen, this confirms that your appliance can receive connections from the Internet.
Configure your virtual machine. For instructions, see.