We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Prepare for the Installation

  • Last updated on

Before installing your Barracuda Web Application Firewall:

  • Certain changes might be required to the existing network depending upon the network configuration and the deployment mode you choose. Network changes can be classified as:
    • Hardware changes – Changes related to cabling, switches, routers, network interfaces, etc.
    • Configuration changes Changes related to DNS databases, IP addresses of hosts and services, router configuration, etc.
  • (Reverse proxy deployment only) If Client Impersonation is set to Yes in the BASIC > Services page, an additional IP address should be configured on the LAN subnet of the Barracuda Web Application Firewall. This should be the default gateway configured on the back-end real servers.
  • Note the server IP address and TCP port of the web applications you want to protect.
  • Verify that you have the necessary equipment:
    • Barracuda Web Application Firewall (check that you have received the correct model)
    • AC power cord
    • Ethernet cables
    • Mounting rails (model 660 and higher) and screws
    • VGA monitor (recommended)
    • PS2 keyboard (recommended)

Open Network Address Ranges on Firewall

If your Barracuda Web Application Firewall is located behind a corporate firewall, open the following Barracuda network address ranges for the ports shown in the table below on your firewall to ensure proper operation:


For more information about opening support connections, see How to Open a Support Tunnel.

22Out Yes No Technical Support connections
8788 OutYesNo

Proxy port for support connections

25In/OutYes No Email alerts
53Out Yes Yes Domain Name Service (DNS)
80/8000Out Yes No Virus/attack/security definition and firmware updates
123 Out No Yes Network Time Protocol (NTP)
443OutYes No Initial VM Provisioning *
* The initial provisioning port can be disabled once the initial provisioning process is complete.
Last updated on