We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Prepare for the Installation

  • Last updated on

Before installing your Barracuda Web Application Firewall:

  • Installing the Barracuda Web Application Firewall may require certain changes to the existing network depending upon the network configuration and the deployment mode of the Barracuda Web Application Firewall you choose. Network Changes can be classified as:
    • Hardware changes – Changes related to cabling, switches, routers, network interfaces, etc.
    • Configuration changes Changes related to DNS databases, IP addresses of hosts and services, router configuration etc.
  • (Reverse proxy deployment only) If Client Impersonation is set to Yes on the BASIC > Services page, then an additional IP address should be configured on the LAN subnet of the Barracuda Web Application Firewall and this should be the default gateway configured on the back-end real servers.
  • Note the server IP address and TCP port of Web applications you want to protect.
  • Verify that you have the necessary equipment:
    • Barracuda Web Application Firewall (check that you have received the correct model)
    • AC power cord
    • Ethernet cables
    • Mounting rails (model 660 and higher) and screws
    • VGA monitor (recommended)
    • PS2 keyboard (recommended)

Open Network Address Ranges on Firewall

If your Barracuda Web Application Firewall is located behind a corporate firewall, open the following Barracuda network address ranges for the ports shown in the table below on your firewall to ensure proper operation:

  • 64.235.144.0/20
  • 198.207.200.0/22
  • 209.222.80.0/21
PortDirectionTCPUDPUsage
22Out Yes No Technical Support connections
25In/OutYes No Email alerts
53Out Yes Yes Domain Name Service (DNS)
80/8000Out Yes No Virus/attack/security definition and firmware updates
123 Out No Yes Network Time Protocol (NTP)
443OutYes No Initial VM Provisioning *
* The initial provisioning port can be disabled once the initial provisioning process is complete.
Last updated on