Before installing your Barracuda Web Application Firewall:
- Installing the Barracuda Web Application Firewall may require certain changes to the existing network depending upon the network configuration and the deployment mode of the Barracuda Web Application Firewall you choose. Network Changes can be classified as:
- Hardware changes – Changes related to cabling, switches, routers, network interfaces, etc.
- Configuration changes – Changes related to DNS databases, IP addresses of hosts and services, router configuration etc.
- (Reverse proxy deployment only) If Client Impersonation is set to Yes on the BASIC > Services page, then an additional IP address should be configured on the LAN subnet of the Barracuda Web Application Firewall and this should be the default gateway configured on the back-end real servers.
- Note the server IP address and TCP port of Web applications you want to protect.
- Verify that you have the necessary equipment:
- Barracuda Web Application Firewall (check that you have received the correct model)
- AC power cord
- Ethernet cables
- Mounting rails (model 660 and higher) and screws
- VGA monitor (recommended)
- PS2 keyboard (recommended)
Open Network Address Ranges on Firewall
If your Barracuda Web Application Firewall is located behind a corporate firewall, open the following Barracuda network address ranges for the ports shown in the table below on your firewall to ensure proper operation:
|22||Out||Yes||No||Technical Support connections|
|53||Out||Yes||Yes||Domain Name Service (DNS)|
|80/8000||Out||Yes||No||Virus/attack/security definition and firmware updates|
|123||Out||No||Yes||Network Time Protocol (NTP)|
|443||Out||Yes||No||Initial VM Provisioning *|
|* The initial provisioning port can be disabled once the initial provisioning process is complete.|