We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF Control Center

Deploying the Barracuda WAF Control Center in a High Availability (HA) Setup using the CloudFormation Template on Amazon Web Services

  • Last updated on

The Barracuda WAF Control Center can be deployed in an HA setup on Amazon Web Services using the CloudFormation Template. The Barracuda WAF Control Center integrates with various AWS services to provide HA capability.

Deployment using the CloudFormation template enables you to bootstrap the configuration of the Barracuda WAF Control Center. The initial deployment will allow you to specify the service configuration during launch. After the deployment, the instances come up as a clustered Active/Passive HA pair.

The latest Barracuda CloudFormation Template (CFT) is available < HERE >. This CFT will deploy the Barracuda WAF Control Center with the basic service configuration.

This CFT deploys the Barracuda WAF Control Center into a pre-existing VPC deployment to load balance the servers.

The Barracuda CloudFormation Template (CFT):

  • Provides an option to select the deployment mode (Stand-alone or High Availability (HA)) for the Barracuda WAF Control Center.
  • Security group creation and assignment to the deployed Barracuda WAF Control Center instances.
  • Creates a Classic Elastic Load Balancer (ELB) with listeners on the required ports with TCP Health Check configured on Port 48320.
  • Creates two Barracuda WAF Control Center EC2 instances

AWS Services required for the HA Setup

The following are the AWS services required for the HA setup:

Prerequisites

  • The latest Barracuda WAF Control Center CFT template.
  • VPC ID and subnet ID where you want to deploy the Barracuda WAF Control Center
  • At least two subnet IDs in different availability zones (AZ) for the Classic Load Balancer.

Default Values of the Barracuda WAF Control Center CloudFormation Template

The following are the default values of the Barracuda CloudFormation Template (CFT). You can modify the values as needed.

  • Instance Type - Instance type to be used in Amazon Web Services (AWS). Default: t2.large
  • Security Group with the following ports opened:
PortDirectionTCPUDPUsage
22OutYesNoTechnical Support connections
25In/OutYesNoEmail alerts
80/8000In/OutYesNoVirus/attack/security definition and firmware updates
23557InYesNoBackup port if 80 and 8000 are not available
443OutYesNoUI access
48320In/OutYesNoThe secure tunnel between the WCC and WAFs
2200OutYesNoFile Transfer
112In/OutYesNoHA Health Check
8001/8002In/OutYesNoHA Configuration Sync


How Barracuda CloudFormation Template (CFT) Works

A CloudFormation Template (CFT) is uploaded and a stack is created on Amazon Web Services. With this:

  1. Two Barracuda WAF Control Center instances will be deployed.
  2. A Classic Load Balancer will be deployed and will attach the two Barracuda WAF Control Center instances to it.
  3. After the instances are up and clustered, WAFs can be connected using the Classic Load Balancer DNS name.

Importing the Barracuda WAF Control Center Template and Deploying the Instance

Perform the steps below to import the Barracuda WAF Control Center CloudFormation Template and deploy the instance:

  1. Log into the Amazon Management Console.
  2. Select CloudFormation under Management Tools.
    Screenshot-1-CFT.png
  3. In the CloudFormation Management Console, click Create Stack.
  4. In the Create Stack with New Resources (standard) page, perform the following steps:
    1. On the Specify Template page:
      1. Upload the Barracuda WAF Control Center’s latest CFT.

      2. Click Next. The Specify Stack Details page appears.
        Screenshot-3-stack-details-1.png

    2. On the Specify Stack Details page, do the following configuration:
      1. In the Specify Details section:

        1. Enter a name for the CloudFormation stack in the Stack Name field.
      2. In the Parameters section, specify values for the following:

        Network Configuration

        Parameter Name

        Description

        Which VPC should this be deployed to?

        Select the VPC that you wish to deploy the Barracuda WAF Control Center instance(s) from the drop-down list.

        Select the subnet of the VPC where you want to create the instance

        Select the subnet ID associated with the availability zone(s) where the Barracuda WAF Control Center instance needs to be deployed. Note that the subnet must be part of the VPC that you choose.

        Amazon EC2 Configuration

        Parameter Name

        Description

        Instance Type

        Select an instance type depending on your requirement.

        Configure instances in High Availability Mode?

        • Select Yes if you want to deploy the instance in a high availability setup.
        • Select No if you want to deploy the instance as a stand-alone unit.

        Load Balancer Subnets

        Select at least two subnets in different availability zones for your load balancer.


        Screenshot-4-stack-details-2.png

    3. Click Next to continue.
    4. On the Options page, enter a key-value pair to identify the instance(s) of this stack. Click Next.
    5. On the Review page, verify the values you entered, select the IAM capability check box, and click Create.
      Screenshot-5-review-stack.png
  5. The CFT now starts its operation. You can see the CREATE_IN_PROGRESS status displayed on the CloudFormation Management Console for the stack. Select the tabs and see the status of events and resources that are being created. An example of the successfully created resources is available in the screenshot below:
    Screenshot-6-Create-Stack-confirm.png
  6. After the stack is created, the Barracuda WAF Control Center instances will be deployed. To access the instance(s), select the Output tab and click on the Management URLs.
    Screenshot-7-CFT-Creation-Status.png
  7. You will be redirected to the Licensing page with the following options.

    Licensing.PNG
    1. I Already Have a License Token – Use this option to provision your Barracuda WAF Control Center with the license token you have already obtained from Barracuda Networks. Enter your Barracuda Networks Token and Default Domain to complete licensing, and then click Provision.
      The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. Once the instance is provisioned, you are redirected to the login page.
    2. I Would Like to Purchase a License – Use this option to purchase the license token for the Barracuda WAF Control Center. Provide the required information in the form, accept the terms and conditions, and click Purchase.
      The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. Once the instance is provisioned, you are redirected to the login page.
    3. I Would Like to Request a Free Evaluation – Use this option to get a 30-day free evaluation of the Barracuda WAF Control Center. Provide the required information in the form, accept the terms and conditions, and click Evaluate.
      The Barracuda WAF Control Center connects to the Barracuda Update Server to get the required information based on your license, and then reboots automatically. Allow a few minutes for the reboot process. Once the instance is provisioned, you are redirected to the login page.
  8. Log into the Barracuda WAF Control Center instance with:
    1. Username : admin     
    2. Password: Instance ID of your Barracuda WAF Control Center in Amazon Web Services.
  9. Navigate to the BASIC > Administration page and enter your old password, new password, and re-enter the new password. Click Save Password.

If you have configured an HTTPS/Instant SSL service, ensure that the correct domain name and the trusted certificate is associated with the service.

 

 

Last updated on