It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Barracuda Web Application Firewall Vx Quick Start Guide

  • Last updated on

To set up your Barracuda Web Application Firewall Vx, complete the following steps:

Before You Begin

Before you proceed, it is recommended that you go through the Deployment Best Practices article.

Deploy the Barracuda Web Application Firewall Vx on your hypervisor. When the Barracuda Web Application Firewall Vx is deployed, by default it has only one Network Interface Card (NIC) associated with it. If you want to deploy the Barracuda Web Application Firewall Vx in the One-Arm Proxy mode, then skip ahead to the Step 2. Enter the License Code section.

Only Proxy mode is supported for virtual deployment. For more information about deployment modes, please see Choosing Your Deployment Mode.

If you want to deploy the Barracuda Web Application Firewall Vx in the Two-Arm Proxy mode, follow the steps below:

  1. Power Off your Barracuda Web Application Firewall Vx.
  2. Go to the hypervisor, right-click on the VM instance and select Edit Settings.
  3. Add an interface. Note that this interface will be called the LAN interface on the Barracuda Web Application Firewall Vx.
  4. Add another interface. Note that this interface will be called the Management interface on the Barracuda Web Application Firewall Vx. If your hypervisor does not have a third interface, then ignore this step, and the Management access of the Barracuda Web Application Firewall Vx can be done through the WAN interface/ LAN Interface.
  5. Power On the Barracuda Web Application Firewall Vx.

Continue with Step 2. Enter the License Code.

You cannot add a Management interface without adding a LAN interface.

Step 1. Open Network Address Ranges on Firewall

If your Barracuda Web Application Firewall Vx is located behind a corporate firewall, open the Barracuda Networks destinations and ports mentioned under Open Network Address Ranges on Firewall in the Prepare for the Installation article on your firewall to ensure proper operation.

Step 2. Start the Virtual Appliance, Configure Networking, and Enter the License

You should have received your license token/serial # of the Barracuda Vx via email or from the website when you downloaded the Barracuda Web Application Firewall Vx package. If not, you can request an evaluation on the Barracuda website at https://www.barracuda.com/purchase/evaluation or purchase one from https://www.barracuda.com/purchase/index. The license token looks similar to the following: 01234-56789-ACEFG.

  1. In your hypervisor client, start the virtual appliance and allow it to boot up.
  2. From the console, log in as admin with the password admin
  3. In the System Configuration window, use the down arrow key and select TCP/IP Configuration. Configure the following:
    1. WAN IP Address
    2. WAN Netmask
    3. Gateway Address
    4. Primary DNS Server
    5. Secondary DNS Server
  4. If the Internet can be accessed only through an explicit proxy, configure the proxy server using Proxy Server Configuration (Optional), so that it reaches the Internet for provisioning.
  5. Under Licensing enter your Barracuda License Token and Default Domain to complete provisioning. The appliance will reboot as a part of the provisioning process.

    Please make a note of the Barracuda Vx serial number displayed here. The same serial number should be provided as Password when you log into the Barracuda Web Application Firewall Vx web interface.

Step 3. Accept the End User License Agreement and Verify Configuration

  1. Go to http://<your ip>:8000 to access the web interface.
  2. Read through the End User License Agreement. Scroll down to the end of the agreement.
  3. Enter the required information: Name, Email Address, and Company (if applicable). Click Accept. You are redirected to the Login page.
  4. Log into the Barracuda Web Application Firewall Vx web interface as the administrator:


    Username
    : admin
    Password: Based on the preboot version you are using:

    • versions 4.6.1 or higher: The numeric portion of the appliance serial number, found in your invoice and in your VM setup email. In this example, use 123456: #BAR-WF-123456
    • versions before 4.6.1: admin

      To find the preboot version number, check the name of downloaded Vx image (zip file). The number after vm is the version number. In this example, the version is 4.6.1: BarracudaWebApplicationFirewall-p2-vm4.6.1-fw8.1.0.003-20200113-esx-vbox.zip. 

  5. Go to the BASIC > IP Configuration page and configure the following:
    1. Verify that the WAN IP Configuration is setup properly for IP Address, Subnet Mask, and Default Gateway. Make sure Allow Administrative Access is set to Yes.
    2. Configure the LAN IP Configuration and Management IP Configuration depending on your deployment.
    3. Make sure Operation Mode is set to Proxy. You should review the proxy deployment options and choose your desired configuration before continuing. See Configuring Two-Arm Proxy Mode and Configuring One-Arm Proxy Mode.
    4. Verify that the Primary and Secondary DNS server are correct.
    5. Enter Default Hostname and Default Domain (for example, <yourcompanydomain.com>) in the Domain Configuration. The Hostname will be used in reporting and the Default Domain is the domain for the system.

The above configuration puts the VM in One-Arm Proxy mode. To deploy the VM in Two-Arm Proxy mode, do the following additional configuration:

  • Add the interfaces (LAN and/or MGMT) by editing the VM on the VM server.
  • Access the web interface using the WAN IP address and configure the IP addresses for the added interfaces (LAN and/or MGMT) on the BASIC > IP Configuration page.

For more information, see Configure the Barracuda Web Application Firewall.

If you are planning to put the Barracuda Web Application Firewall Vx in Offline mode, ensure you check the following:

  • All definitions are updated on the ADVANCED > Energize Updates page.
  • The Barracuda Web Application Firewall Vx is on the latest Firmware Version on the ADVANCED > Firmware Update page.

The Barracuda Web Application Firewall periodically connects to Barracuda Central to check for the availability of new Energize Updates. To receive new Energize Updates, ensure your Barracuda Web Application Firewall is able to connect to internet to reach Barracuda Central.

Step 4. Update the Firmware

Click on the ADVANCED > Firmware Update page. If there is a new Latest General Release available, perform the following steps to update the system firmware:

  1. Click on the Download Now button located next to the firmware version that you wish to install. To view download progress, click on the Refresh button. When the download is complete, the Refresh button will be replaced by an Apply Now button.
  2. Click on the Apply Now button to install the firmware. This will take a few minutes to complete.
  3. After the firmware has been applied, the Barracuda Web Application Firewall Vx will automatically reboot, displaying the login page when the system has come back up. 
  4. Log back into the web interface again and read the Release Notes to learn about enhancements and new features. It is also good practice to verify settings you may have already entered, as new features may have been included with the firmware update.

Step 5. Change the Administrator Password

To avoid unauthorized use, we recommend you change the default administrator password to a more secure password. You can only change the administrator password for the web interface. Go to the BASIC > Administration page and enter your old and new passwords, then click on Save Password.

Next Step

Continue with the next step, Configuring a Service.