It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda Web Application Firewall
Overview Documentation Training Certification Materials

How to Set Up a High Availability Environment with Multiple Barracuda Web Application Firewall Virtual Machines

  • Last updated on

In public cloud deployments, you can create a high availability cluster of Barracuda WAF instances to synchronize the configuration in real time where each node in the cluster can process incoming traffic.

Configuration Synchronization

With multi-node clustering, each of the Barracuda Web Application Firewalls will accept application traffic on its system IP address (WAN IP). Due to this, it is important to create services using the WAN IP address of the unit. When High Availability is set, other peers in the cluster will synchronize all configurations apart from the service IP, which will be auto-configured to the system IP address (WAN IP). As the virtual service’s listening IP address will be unique on each WAF, this deployment requires an external load balancer to share the incoming traffic load amongst the available WAF instances.

HA_with_Multiple_VMs.png

Pre-requisites:

Enable multi-node clustering on each virtual machine:

  1. Go to the Barracuda Vx console screen and enable multi-node clustering:

    Console.png
  2. If the option is enabled in the console settings, the option to enable/disable multi-node clustering is available in the ADVANCED > System Configuration page, Configuration Tools section. By default, it is set to Enable.

    Multi_Node_Clustering.png

To configure the cluster, perform the following steps:

  1. Install each system and ensure that each Barracuda WAF is running the same firmware version. Each Barracuda WAF in a cluster must have the same model number and firmware version.
  2. Make a backup of each Barracuda WAF configuration.
  3. From the ADVANCED > High Availability page of Barracuda-WAF1, enter a Cluster Shared Secret password, and click Save.
  4. From the ADVANCED > High Availability page of Barracuda-WAF2, do the following:
    1. Enter the same Cluster Shared Secret password, and click Save. Both units in a cluster must have the same Cluster Shared Secret to communicate with each other.

    2. In the Add System to Cluster section, enter the WAN IP address of Barracuda-WAF1 in the Peer IP Address field, and click Join Cluster

      Ensure that you do not cancel the join cluster task when the join is in progress. The unit initiating the join cluster inherits the configuration from its peer unit and has its configuration overwritten.

  5. To add more units to the existing cluster, repeat Steps 1 to 4.b.
  6. On each Barracuda WAF, refresh the ADVANCED > High Availability page, and verify the following:
    1. Each system's hostname, serial number, and WAN IP address appears in the Clustered Systems list.
    2. The system's identity (self or peer) is displayed in the Type field.
    3. The Status is green for all virtual machines in the cluster.
  7. View the Cluster Status from the BASIC > Dashboard page, under Performance Statistics.

Before clustering your Barracuda WAF virtual machines, ensure the following ports are open for communication between the Barracuda WAF virtual machines:

PortProtocol
8002TCP
32575TCP
32576UDP

Known Issues:

  • When the multi-node cluster (active-active) is enabled, it takes 20 minutes to set all nodes to active in the cluster.