Before installing your Barracuda Web Application Firewall:
- Certain changes might be required to the existing network depending upon the network configuration and the deployment mode you choose. Network changes can be classified as:
- Hardware changes – Changes related to cabling, switches, routers, network interfaces, etc.
- Configuration changes – Changes related to DNS databases, IP addresses of hosts and services, router configuration, etc.
- (Reverse proxy deployment only) If Client Impersonation is set to Yes in the BASIC > Services page, an additional IP address should be configured on the LAN subnet of the Barracuda Web Application Firewall. This should be the default gateway configured on the back-end real servers.
- Note the server IP address and TCP port of the web applications you want to protect.
- Verify that you have the necessary equipment:
- Barracuda Web Application Firewall (check that you have received the correct model)
- AC power cord
- Ethernet cables
- Mounting rails (model 660 and higher) and screws
- VGA monitor (recommended)
- PS2 keyboard (recommended)
Open Network Address Ranges on Firewall
If your Barracuda Web Application Firewall is located behind a corporate firewall, open the following Barracuda network address ranges for the ports shown in the table below on your firewall to ensure proper operation:
For more information about opening support connections, see How to Open a Support Tunnel.
|22||Out||Yes||No||Technical Support connections|
Proxy port for support connections
|53||Out||Yes||Yes||Domain Name Service (DNS)|
|80/8000||Out||Yes||No||Virus/attack/security definition and firmware updates|
|123||Out||No||Yes||Network Time Protocol (NTP)|
|443||Out||Yes||No||Initial VM Provisioning *|
|* The initial provisioning port can be disabled once the initial provisioning process is complete.|