To set up your Barracuda Web Application Firewall Vx, complete the following steps:
Before You Begin
Before you proceed, it is recommended that you go through the Deployment Best Practices article.
Deploy the Barracuda Web Application Firewall Vx on your hypervisor. When the Barracuda Web Application Firewall Vx is deployed, by default it has only one Network Interface Card (NIC) associated with it. If you want to deploy the Barracuda Web Application Firewall Vx in the One-Arm Proxy mode, then skip ahead to the section.
If you want to deploy the Barracuda Web Application Firewall Vx in the Two-Arm Proxy mode, follow the steps below:
- Power Off your Barracuda Web Application Firewall Vx.
- Go to the hypervisor, right-click on the VM instance and select Edit Settings.
- Add an interface. Note that this interface will be called the LAN interface on the Barracuda Web Application Firewall Vx.
- Add another interface. Note that this interface will be called the Management interface on the Barracuda Web Application Firewall Vx. If your hypervisor does not have a third interface, then ignore this step, and the Management access of the Barracuda Web Application Firewall Vx can be done through the WAN interface/ LAN Interface.
- Power On the Barracuda Web Application Firewall Vx.
Continue with Step 2. Enter the License Code.
Step 1. Open Network Address Ranges on Firewall
If your Barracuda Web Application Firewall Vx is located behind a corporate firewall, open the following Barracuda network address ranges for the ports shown in the table below on your firewall to ensure proper operation:
|22||Out||Yes||No||Technical Support connections|
|53||Out||Yes||Yes||Domain Name Service (DNS)|
|80/8000||Out||Yes||No||Virus/attack/security definition and firmware updates|
|123||Out||No||Yes||Network Time Protocol (NTP)|
|443||Out||Yes||No||Initial VM Provisioning *|
|* The initial provisioning port can be disabled once the initial provisioning process is complete.|
Step 2. Start the Virtual Appliance, Configure Networking, and Enter the License
You should have received your license token/serial # of the Barracuda Vx via email or from the website when you downloaded the Barracuda Web Application Firewall Vx package. If not, you can request an evaluation on the Barracuda website at https://www.barracuda.com/purchase/evaluation or purchase one from https://www.barracuda.com/purchase/index. The license token looks similar to the following: 01234-56789-ACEFG.
- In your hypervisor client, start the virtual appliance and allow it to boot up.
- From the console, log in as admin with the password admin
- In the System Configuration window, use the down arrow key and select TCP/IP Configuration. Configure the following:
- WAN IP Address
- WAN Netmask
- Gateway Address
- Primary DNS Server
- Secondary DNS Server
- If the Internet can be accessed only through an explicit proxy, configure the proxy server using Proxy Server Configuration (Optional), so that it reaches the Internet for provisioning.
Under Licensing enter your Barracuda License Token and Default Domain to complete provisioning. The appliance will reboot as a part of the provisioning process.
Step 3. Accept the End User License Agreement and Verify Configuration
- Go to http://<your ip>:8000 to access the web interface.
- Read through the End User License Agreement. Scroll down to the end of the agreement.
- Enter the required information: Name, Email Address, and Company (if applicable). Click Accept. You are redirected to the Login page.
- Log into the Barracuda Web Application Firewall Vx web interface as the administrator:
Password: Password is either
- The numeric part of the serial number if your Vx preboot version is 4.6.1 or higher. To find the preboot version, check the name of downloaded Vx image (zip file) which is something like BarracudaWebApplicationFirewall-p2-vm4.6.1-fw8.1.0.003-20200113-esx-vbox.zip. The text between "vm" and "-fw" in the filename is the preboot version. In this example, it is 4.6.1. The serial number of your Vx is in your invoice and in your VM Setup email.
- The word "admin" if your Vx preboot version is below 4.6.1.
- Go to the BASIC > IP Configuration page and configure the following:
- Verify that the WAN IP Configuration is setup properly for IP Address, Subnet Mask, and Default Gateway. Make sure Allow Administrative Access is set to Yes.
- Configure the LAN IP Configuration and Management IP Configuration depending on your deployment.
- Make sure Operation Mode is set to Proxy. You should review the proxy deployment options and choose your desired configuration before continuing. See Configuring Two-Arm Proxy Mode and Configuring One-Arm Proxy Mode.
- Verify that the Primary and Secondary DNS server are correct.
- Enter Default Hostname and Default Domain (for example, <yourcompanydomain.com>) in the Domain Configuration. The Hostname will be used in reporting and the Default Domain is the domain for the system.
For more information, see Configure the Barracuda Web Application Firewall.
Step 4. Update the Firmware
Click on the ADVANCED > Firmware Update page. If there is a new Latest General Release available, perform the following steps to update the system firmware:
- Click on the Download Now button located next to the firmware version that you wish to install. To view download progress, click on the Refresh button. When the download is complete, the Refresh button will be replaced by an Apply Now button.
- Click on the Apply Now button to install the firmware. This will take a few minutes to complete.
- After the firmware has been applied, the Barracuda Web Application Firewall Vx will automatically reboot, displaying the login page when the system has come back up.
- Log back into the web interface again and read the Release Notes to learn about enhancements and new features. It is also good practice to verify settings you may have already entered, as new features may have been included with the firmware update.
Step 5. Change the Administrator Password
To avoid unauthorized use, we recommend you change the default administrator password to a more secure password. You can only change the administrator password for the web interface. Go to the BASIC > Administration page and enter your old and new passwords, then click on Save Password.
Continue with the next step, Configuring a Service.