It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Prepare for the Installation

  • Last updated on

Before installing your Barracuda Web Application Firewall:

  • Certain changes might be required to the existing network depending upon the network configuration and the deployment mode you choose. Network changes can be classified as:
    • Hardware changes – Changes related to cabling, switches, routers, network interfaces, etc.
    • Configuration changes Changes related to DNS databases, IP addresses of hosts and services, router configuration, etc.
  • (Reverse proxy deployment only) If Client Impersonation is set to Yes in the BASIC > Services page, an additional IP address should be configured on the LAN subnet of the Barracuda Web Application Firewall. This should be the default gateway configured on the back-end real servers.
  • Note the server IP address and TCP port of the web applications you want to protect.
  • Verify that you have the necessary equipment:
    • Barracuda Web Application Firewall (check that you have received the correct model)
    • AC power cord
    • Ethernet cables
    • Mounting rails (model 660 and higher) and screws
    • VGA monitor (recommended)
    • PS2 keyboard (recommended)

Open Network Address Ranges on Firewall

If your Barracuda Web Application Firewall is located behind a corporate firewall, open the following Barracuda network address ranges for the ports shown in the table below on your firewall to ensure proper operation:


For more information about opening support connections, see How to Open a Support Tunnel.

22Out Yes No Technical Support connections
8788 OutYesNo

Proxy port for support connections

25In/OutYes No Email alerts
53Out Yes Yes Domain Name Service (DNS)
80/8000Out Yes No Virus/attack/security definition and firmware updates
123 Out No Yes Network Time Protocol (NTP)
443OutYes No Initial VM Provisioning *
* The initial provisioning port can be disabled once the initial provisioning process is complete.
Last updated on