It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Load Balancing For Clustered Barracuda CloudGen WAF Instances in Amazon Web Services (AWS)

  • Last updated on

This guide walks you through the steps to load balance traffic across multiple instances of the Barracuda CloudGen WAF deployed in Amazon Web Services:

To set up a High Availability environment with multiple Barracuda CloudGen WAF instances in Amazon Web Services, make sure all services configured on each instance use the WAN IP Address of the Barracuda CloudGen WAF.

Step 1 - Deploy Multiple Barracuda CloudGen WAF Instances in Amazon Web Services

Follow the steps in Barracuda CloudGen WAF Deployment and Quick Start Guide for Amazon Web Services  to deploy multiple Barracuda CloudGen WAF instances. To license and configure your virtual machine, continue with Barracuda CloudGen WAF Deployment and Quick Start Guide for Amazon Web Services. In this example, consider two Barracuda CloudGen WAF instances where, Barracuda-WAF1 is the first unit and Barracuda-WAF2 is the second unit.

Step 2 - Set Up Load Balancing on the Barracuda CloudGen WAF Instances

  1. Log into the Amazon EC2 Management Console.
  2. From the EC2 dashboard, select Load Balancers under NETWORK & SECURITY.


  3. Click Create Load Balancer. The Create Load Balancer window appears.


  4. In the Define Load Balancer page:
    1. Load Balancer Name – Enter a name for the load balancer.
    2. Create LB Inside – Select the VPC ID under which the Barracuda CloudGen WAF instances are launched.
    3. Leave Create an internal load balancer and Enable advanced VPC configuration set to default value.
    4. Add the ports where Services are created requiring load balancing.
    5. Click Continue.
  5. In the Configure Health Check page:
    1. Ping Protocol – Keep the default value i.e. HTTP.
    2. Ping Port – Set to 8000. By default, the Barracuda CloudGen WAF listens on port 8000. If you are using a different port for the Barracuda CloudGen WAF,  specify that port number.
    3. Ping Path – Enter /cgi-mod/index.cgi.
    4. In the Advanced Details section, specify required values and click Continue.


  6. In the Assign Security Groups page, choose Select an existing security group to select and assign the security group(s) from an existing list, or choose Create a new security group to create a new group (refer to Creating a Security Group for more information). Click Continue.

    Ensure the selected group has all ports open, which were configured for load balancer in step 4.

  7. In the Add EC2 Instances page, select the instances to be added to this load balancer and click Continue.
  8. In the Review page, review your settings before creating the load balancer, and then click Create.


  9. The Load Balancers table displays the created load balancer details.


The services configured should be accessed using the DNS Name of the created load balancer. For example, in the above example the DNS Name of the Load Balancer is WAF-LB-678529183 and the HTTP service created on port 80 can be accessible via http://WAF-LB-678529183 / http://WAF-LB-678529183:80.

Step 3 - Set Up a High Availability Environment with the Barracuda CloudGen WAF

Follow these steps to cluster your Barracuda CloudGen WAF virtual machines in Amazon Web Services:

Before clustering your Barracuda CloudGen WAF virtual machines, ensure the following ports are open in the Security Group assigned to the Barracuda CloudGen WAF virtual machines:

  1. Install each system and ensure that each Barracuda CloudGen WAF is running the same firmware version. Each Barracuda CloudGen WAF in a cluster must have the same model number and firmware version.
  2. Make a backup of each Barracuda CloudGen WAF configuration.
  3. No processes should be running on any virtual machine when you link them together. To be sure, go to the ADVANCED > Task Manager page of each Barracuda CloudGen WAF and verify that no processes are running.
  4. From the ADVANCED > High Availability page of Barracuda-WAF1, enter a Cluster Shared Secret password, and click Save Changes.
  5. From the ADVANCED > High Availability page of Barracuda-WAF2, do the following:
    1. Enter the same Cluster Shared Secret password, and click Save Changes. Both units in a cluster must have the same Cluster Shared Secret to communicate with each other.
    2. In the Clustered Systems section, enter the WAN IP address of Barracuda-WAF1, and click Join Cluster. Never cancel the join cluster task when the join is in progress.

      The unit initiating the join cluster inherits the configuration from its Peer unit and has its configuration overwritten.

  6. On each Barracuda CloudGen WAF, refresh the ADVANCED > High Availability page, and verify the following:
    1. Each system's Hostname, serial number and WAN IP address appears in the Clustered Systems list.
    2. The identity of the system (Self or Peer) displays in the Type field.
    3. The Status is green for all virtual machines in the cluster.
  7. View the Cluster Status from the BASIC > Dashboard page, under Performance Statistics.

To add more units to the existing cluster, repeat step 1 to 5.a. and then do the following:

  • From the ADVANCED > High Availability page of the Barracuda CloudGen WAF you are adding to the cluster, enter the WAN IP address of any system in the cluster in the Peer IP Address field and click Join Cluster. Verify the following:
    • The configuration of the cluster automatically propagates to the newly added system.
    • The new unit information propagates to all other units in the cluster.
Last updated on