We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF Control Center

Barracuda WAF Control Center Deployment and Quick Start Guide for Amazon Web Services

  • Last updated on

The Barracuda WAF Control Center (WCC) AMI can be deployed on Amazon Web Services to manage multiple Barracuda Web Application Firewalls. Complete the steps in this guide to configure, launch, and license your Barracuda WAF Control Center instance. Then log into the Barracuda WAF Control Center to verify your configuration and change your password.

Requirements

Before you deploy the Barracuda WAF Control Center on Amazon Web Services, ensure that you have completed the following:  

Step 1 - Create a Security Group

Create a security group with rules specifying allowed protocols, ports and source IP ranges. Multiple security groups can be created with different rules, and assigned to each instance. For more information on security groups, refer to the AWS article Amazon EC2 Security Groups.

  1. Log into the Amazon EC2 Management Console.
  2. From the EC2 dashboard, select Security Groups under NETWORK & SECURITY.
  3. Click Create Security Group.
  4. In the Create Security Group window, do the following:
    1. Enter a name to identify the security group.
    2. Specify the description for the security group.
    3. Select a VPC ID from the list and click Yes, Create.
    The created group appears in the security group table.
  5. Select the security group from the table, and specify the inbound and outbound traffic to be allowed for the instance.

By default, the Barracuda WAF Control Center web interface listens on port 8000 for HTTP and port 443 for HTTPS. Make sure these ports (8000 and 443) are added to the Inbound rule of the associated security group. Additionally, you need to open the following ports in inbound rules as shown in the image.

PortDirectionTCPUDPUsage
22OutYesNoTechnical Support connections
25In/OutYesNoEmail alerts
53OutYesYesDomain Name Service (DNS)
80/8000OutYesNoVirus/attack/security definition and firmware updates
123OutNoYesNetwork Time Protocol (NTP)
443OutYesNoInitial VM Provisioning*
48320/48321In/OutYesNoSecure tunnel between the WCC and WAFs
2200OutYesNoFile Transfer

Step 2 - Create a Network Interface

Create a network interface using the static IP address, for association with the Barracuda WAF Control Center later during deployment.

  1. Log into the Amazon EC2 Management Console.
  2. From the EC2 dashboard, select Network Interfaces under NETWORK & SECURITY.
  3. Click Create Network Interface.
  4. In the Create Network Interface window, provide the following information for the network interface:
    1. Description – Enter a name for the interface.
    2. Subnet – Select a subnet from the list. Make sure to select the subnet of the VPC where you want to create the instance.
    3. Private IP – Enter the static primary private IP address. It is recommended to use the Static IP address.
    4. Security Groups – Select one or more security groups. Make sure the security group has all the required ports open.

      By default, the Barracuda WAF Control Center web interface listens on port 8000 for HTTP and port 443 for HTTPS. Make sure these ports (8000 and 443) are added to the Inbound rule of the associated security group. Additionally, you need to open the following ports in inbound rules as shown in the image.

    5. Click Yes, Create.

Step 3 - Deploy the Barracuda WAF Control Center on Amazon Web Services

In the Amazon VPC that you have configured , launch an Amazon EC2 instance with the Barracuda WAF Control Center AMI image. The Amazon Launch Instance  wizard guides you through the following steps:  

  1. Log into the AWS Management Console and open the EC2 Management Console.
  2. From the top right corner of the page, select the region for the instance. This is important because some Amazon EC2 resources can be shared between regions.

    Image_Different regions drop down_2. of Step 5.png

  3. Click Launch Instance.

    Image_Launch Instance Button.png

  4. In Step 1: Choose an Amazon Machine Image (AMI), select AWS Marketplace and search for the Barracuda WAF Control Center AMI. Click Select next to the Barracuda WAF Control Center AMI.

    Step 1_Choose an Amazon Machine Image (AMI)_AWS Marketplace selected_ASCC Image encircled.png

  5. In Step 2: Choose an Instance Type, select an instance type from the All Instance types or General purpose table. Click Next: Configure Instance Details to continue.

    Step 2_Choose an Instance Type_Configure Instance Details encircled.png

  6. In Step 3: Configure Instance Details:
    1. Ensure that the Number of Instances is set to 1
    2. Select the appropriate Network from the list to deploy the instance.
    3. Select the appropriate Subnet from the list and select the network interface under Network Interface section that was created in Step 2 - Create a Network Interface.
    4. In the Advanced Details pane, keep the default setting for all parameters and click Next: Add Storage.

      Step 3_Configure Instance Details.JPG

  7. In Step 4: Add Storage, the table displays the storage device settings for the instance. Modify the values if required and click Next: Tag Instance.

    Step 4_Add Storage_Next_Add Tags button highlighted.png

  8. In Step 5: Add Tags, add/remove the tags for the instance (if required) and click Next: Configure Security Group.

    Step 5_Tag Instance_Next_Configure Security Group button.png

  9. In Step 6: Configure Security Group, choose Select an existing security group to select and assign the security group(s) from the existing list, or choose Create a new security group to create a new group (see Step 1 - Create a Security Groupor more information).

     

  10. In Step 7: Review Instance Launch page, review your settings before launching the instance, and then click Launch.

After you click Launch, Amazon Web Services begins provisioning the Barracuda WAF Control Center. Allow a few minutes for the Amazon Web Services Agent and the Barracuda WAF Control Center image to boot up.

DO NOT restart the Barracuda WAF Control Center while it is launching.

Step 4 - License the Barracuda WAF Control Center

The Barracuda WAF Control Center is available only as a BYOL instance. It needs to be provisioned and licensed.


  1. Log into the Amazon EC2 Management Console.
  2. From the EC2 Dashboard, select Instances under INSTANCES.

    Services dropdown_Instances selected.png

  3. In the Instances table, select the Barracuda WAF Control Center instance you created and note the Elastic IP address.

    Allocate new address_Elastic IP highlighted.png


  4. Open the browser and enter the copied Elastic IP address (from step 3) with port 8000 for HTTP. No port is required for HTTPS. For example:
     For HTTP:       http://:8000 (Unsecured)
     For HTTPS:           https:// (Secured)

    The Barracuda WAF Control Center is not accessible via HTTPS port while it is booting. Therefore, use ONLY HTTP port to access the unit when booting. This displays the status of the unit i.e., System Booting. Once the boot process is complete, you will be redirected to the login page.

  5. After the boot process is complete, the Licensing page displays with the following options:

    Barracuda Licensing New Screenshot.png

    1. I Already Have a License Token Use this option to provision your Barracuda WAF Control Center with the license token you have already obtained from Barracuda Networks. Enter your Barracuda Networks Token and Default Domain to complete licensing, and then click Provision.
      The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. Once the instance is provisioned, you are redirected to the login page.

    2. I Would Like to Purchase a License – Use this option to purchase the license token for the Barracuda WAF Control Center. Provide the required information in the form, accept the terms and conditions, and click Purchase
      The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. Once the instance is provisioned, you are redirected to the login page.


    3. I Would Like to Request a Free Evaluation – Use this option to get 30 days free evaluation of the Barracuda WAF Control Center. Provide the required information in the form, accept the terms and conditions, and click Evaluate.
      The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. Once the instance is provisioned, you are redirected to the login page.

Step 5 - Open Network Address Ranges on the Barracuda WAF Control Center

In the security group bound with your Barracuda WAF Control Center EC2 instance, open the following Barracuda network address ranges for the ports to ensure proper operation:

  • 64.235.144.0/20
  • 198.207.200.0/22
  • 209.222.80.0/21

For more information on the usage of ports for the WCC, please check the Table below Step 1 - Create a Security Group.

PortDirectionTCPUDPUsage
22OutYesNoTechnical Support connections
25In/OutYesNoEmail alerts
53OutYesYesDomain Name Service (DNS)
80/8000OutYesNoVirus/attack/security definition and firmware updates
123OutNoYesNetwork Time Protocol (NTP)
443OutYesNoInitial VM Provisioning *
48320/48321In/OutYesNoSecure Tunnel between the WCC and WAFs
2200OutYesNoFile Transfer
* The initial provisioning port can be disabled once the initial provisioning process is complete.

Step 6 - Verify Configuration and Change the Password

  1. Log into the Barracuda WAF Control Center web interface as the administrator using the URL, as described in step 4 of Licensing of the Barracuda WAF Control Center after deploying on Amazon Web Services above. Log in with:
    1. Username: admin    
    2. Password: Instance ID of your Barracuda WAF Control Center in Amazon Web Services.
  2. Navigate to the BASIC > Administration page and enter your old password, new password, and re-enter the new password. Click Save Password.

Step 7 - Creating the Barracuda WAF Control Center Account Admin

The Barracuda WAF Control Center Account Admin creates user accounts and associates the Barracuda Web Application Firewall instances to the corresponding accounts. Refer the link: Accounts and Roles for more details on accounts and roles.

To create the Barracuda WAF Control Center Account Admin, first log in to the web interface using the Barracuda WAF Control Center Administrator Account (admin/aws-instance-id), and the complete the listed steps:

It is recommended to change the password from the default (aws-instance-id) to something else.

  1. Go to the BASIC > Account Management page, and in the Account Creation section, enter the Account NameAdministrator Email Address, and select the Preferred Time Zone for the new account.
  2. Click Create Account. The account displays in the Account View table at the top of the page.
  3. A confirmation email containing the login credentials is sent to the administrator email address entered in step above. Use these credentials to log in to the web interface to create users and assign permissions, connect devices, and view device status.

 To connect one or more Barracuda Web Application Firewall devices to the Barracuda WAF Control Center, refer step 3 of this link Getting Started.


Last updated on