The Barracuda CloudGen WAF for AWS provides proven application security and data loss prevention for your applications on Amazon Web Service (AWS), including:
- Detecting and blocking attacks including SQL injections, Cross-Site Scripting, malware uploads, and volumetric or application DDoS.
- Authentication and access control allowing organizations to exercise strong user control.
- Scanning of outbound traffic for sensitive data, with admin control of masking or blocking information to prevent data leakage.
- Built-in load balancing and session management, allowing organizations to manage multiple applications behind a single instance of the Barracuda CloudGen WAF.
The Barracuda CloudGen WAF on Amazon Web Services protects your applications in the cloud.
To meet a variety of performance requirements, the M3 Medium, M3 Large, M3 Extra Large, and M3.2 Extra Large instance types are supported. Depending on the instance type, you can have:
- Up to 8 vCPUs.
- Up to 30 GB of memory.
- Up to 30 private IP addresses per network interface. To ensure that services are available over the Internet, you can allocate a public IP address, or Elastic IP address (EIP), to each private IP address.
The Barracuda CloudGen WAF AMI is available on Amazon Web Services with the following options:
Models and Instance Types
For BYOL, PAYG, and Usage Based/Metered, Barracuda offers four models. The table below lists each model, the corresponding Instance Type to be used in Amazon Web Services, the default CPU and Memory for the instance, and the number of Private IP addresses that can be associated per ENI.
If you want to increase the performance of a license that you have already purchased, you can buy additional cores from Barracuda and reconfigure your VM for a larger instance type.
|Barracuda CloudGen WAF Model||Supported Instance Type in Amazon Web Services|
Bring Your Own License (BYOL)
With the Bring Your Own License (BYOL) option, you are required to get the Barracuda CloudGen WAF for AWS token, either by:
- Providing the required information for a free evaluation at https://www.barracuda.com/purchase/evaluation OR
- Purchasing online at https://www.barracuda.com/purchase.
With this license option, there will be no Barracuda CloudGen WAF Software charges, but Amazon Elastic Compute Cloud (Amazon EC2) usage charges on Amazon will apply.
With the Pay-As-You-Go (PAYG)/Hourly licensing option, you complete the evaluation and purchase of the Barracuda CloudGen WAF entirely within the AWS Marketplace. After the Barracuda CloudGen WAF instance is launched from the marketplace, it is licensed provisioned automatically. You are charged hourly (per instance) for both the Barracuda CloudGen WAF Software and Amazon Elastic Compute Cloud (Amazon EC2) usage on Amazon. For pricing information, refer to the AWS Marketplace: Barracuda Web Application Firewall (WAF) – PAYG, Barracuda Web Application Firewall (WAF) – BYOL and Barracuda Web Application Firewall (WAF) – Metered.
The licensing of the Usage Based/Metered option is same as Hourly/PAYG licensing option i.e. the evaluation and pricing of the Barracuda CloudGen WAF is done entirely within the AWS Marketplace. After the instance is launched, it is licensed automatically.
The Barracuda CloudGen WAF Usage Based instance has two pricing components:
- Charges based on the total bandwidth consumed across all deployed Barracuda CloudGen WAF instances.
- Standard Amazon Elastic Compute Cloud (EC2) charges per instance.
Before You Begin
Before you deploy the Barracuda CloudGen WAF on Amazon Web Services, choose the licensing option (Bring Your Own License (BYOL) or Hourly / Metered). Then set up an Amazon Virtual Private Cloud (VPC).
A Virtual Private Cloud (VPC) is an isolated virtual network on Amazon Web Services (AWS) Cloud where you can launch AWS resources, such as Amazon EC2 instances. When creating a VPC, the IP address(es) should be in the form of Classless Inter-Domain Routing (CIDR) block (for example, 10.0.0.0/16). In a VPC, you can select your own IP address range, create subnets, configure routing tables and network gateways.
To set up a VPC, complete the following steps. If you have already configured a VPC for the Barracuda CloudGen WAF, you can skip the steps below and continue with " .
Step 1 - Create the Amazon VPC Cloud
Perform the steps below to create a VPC:
- Go to the AWS Management Console.
- In the Compute & Networking section, click VPC:
- From the VPC Dashboard, select Your VPCs under VIRTUAL PRIVATE CLOUDS.
- Click Create VPC.
- In the Create VPC dialog box, do the following:
- Enter the IP address in the CIDR Block field.
- Select Default from the Tenancy drop-down list:
- Click Yes, Create.
Step 2 - Add an Internet Gateway to the VPC
By default, the instances launched on the Virtual Private Cloud (VPC) cannot communicate with the internet until an Internet Gateway is created and attached to the VPC.
Perform the following steps to add an internet gateway to your VPC:
- From the VPC Dashboard, select Internet Gateways under VIRTUAL PRIVATE CLOUDS.
- Click Create Internet Gateway.
- In the Create Internet Gateway dialog box, click Yes, Create:
- Select the internet gateway created in the above step, and then click Attach to VPC:
- Select the VPC that you created in Step 1, and then click Yes, Attach:
Step 3 - Add a Subnet to the VPC
Perform the following steps to add a subnet to your VPC:
- From the VPC Dashboard, select Subnets under VIRTUAL PRIVATE CLOUDS.
- Click Create Subnet.
- In the Create Subnet dialog box, do the following:
- Select the created VPC from the VPC drop-down list.
- Select the availability zone that your VPC resides from the Availability Zone drop-down list.
- Specify the IP address(es) in the CIDR Block field:
- Click Yes, Create.
Step 4 - Attach the Internet Gateway to the Route Table
Attach the internet gateway created into the route table by following the steps below:
- From the VPC Dashboard, select Subnets under Virtual Private Cloud.
- In the Subnets list, select the subnet you created in
, and note the Route table entry:
- Now, select Route Tables under Virtual Private Cloud.
- In the Route Tables list, select the route that you noted down in step 2 above.
- In the Routes tab, click Edit and specify the following values:
- Destination – 0.0.0.0/0
- Target – Should be the internet gateway created in
- Click Save.