We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Pay-As-You-Go (PAYG)/Hourly Auto Scaling

  • Last updated on

To deploy the Pay-As-You-Go/Hourly Barracuda CloudGen WAF for AWS in the auto scaling model, follow the instructions mentioned in this article.

 The Pay-As-You-Go/Hourly Auto Scaling CloudFormation Template includes:

  • The number of Barracuda CloudGen WAF instances to be deployed and provisioned.
  • Creates an IAM role that can be used to access the S3 storage and create the S3 bucket for the stack. Typically, an S3 bucket stores the instance data such as serial number and primary IP address (i.e., WAN IP address) of the deployed Barracuda CloudGen WAF VM(s).
  • Security group created and attached to the deployed Barracuda CloudGen WAF instances.
  • Alarms created for CPU and network usage to determine the scaling up/down of instances.

Before proceeding with the deployment ensure that the AWS Services required for the auto scaling setup are created/configured. Refer to the AWS Services Required for the Auto Scaling Setup section in the Auto Scaling of Barracuda CloudGen WAF using CloudFormation Template on Amazon Web Services article.

The PAYG auto scaling CFT is available on GitHub.

Prerequisites

  • Latest Barracuda CloudGen WAF CFT Template.
  • Availability Zone(s), VPC ID, and subnet ID where you want to deploy the Barracuda CloudGen WAF and protect your servers.
  • Elastic Load Balancer to load balance the traffic between the deployed Barracuda CloudGen WAFs. For more information, see Elastic Load Balancing in the AWS documentation.
  • Ability to create an IAM Role with access to S3. The CFT will create an IAM role that has permissions to create and modify an S3 bucket. The S3 bucket stores the IP address and serial number details of the deployed Barracuda CloudGen WAF instances. The IAM Role uses  "AssumeRole" and "STS keys" for maximum security while accessing the S3 bucket.

Default Values of the Barracuda CloudGen WAF PAYG CloudFormation Template

The following are the default values of the Barracuda CloudGen WAF PAYG CloudFormation Template (CFT). You can modify the values as needed.

  • ScalingMinSize - The minimum number of Barracuda CloudGen WAF instances to be deployed initially to serve the web traffic. Default: 1
  • Scaling MaxSize - The maximum number of instances to be scaled up to handle the traffic whenever required.  Default: 4
  • Instance Type - Instance type to be used in Amazon Web Services (AWS). Default: m3.medium
  • Health Check Grace Period for Auto Scaling is set to 1200 seconds.
  • Pause Time for Update Policy is set to 600 seconds.
  • Security Group with the following ports opened:

    PortProtocolDescription
    8000TCPProvides HTTP access to the Barracuda CloudGen WAF web interface.
    8443TCPProvides HTTPS access to the Barracuda CloudGen WAF web interface.
    8002TCPRequired for clustering the instances and to auto scale the instances up/down.
    32575TCPRequired for clustering the instances and to auto scale the instances up/down.
    32576UDPRequired for clustering the instances and to auto scale the instances up/down.
    Server Port specified in the CFT when creating the StackTCPRequired for the service(s) configured on the Barracuda CloudGen WAF.
  • Default Cool Down time for scaling the instances up/down is set to 300 seconds.
  • Alarms for CPU and Bandwidth. Note: These alarms are designed in such a way as to ensure that auto scaling does not lead to instability. The alarms will scale up quickly and scale down slowly to ensure traffic to the site is not disrupted.

    Alarm TypeThreshold Value (Average)ActionEvaluation Periods
    Network-In High Alarm70% of max throughput for 5 minutesBring up one instance5 minutes
    Network-In Low Alarm< 50% of max throughput for 2 hours 30 minutes"Bring down one instance2 hours 30 minutes
    Network-Out High Alarm70% of max throughput for 5 minutesBring up one instance5 minutes
    Network-Out Low Alarm< 50% of max throughput for 2 hours 30 minutes"Bring down one instance2 hours 30 minutes
    CPU High Alarm> 85% for 5 minutesBring up one instance5 minutes
    CPU Normal Alarm< 60% for 2 hours 30 minutesBring up one instance2 hours 30 minutes
Next Step

Continue with the How the Barracuda CloudFormation Template Works in Pay-As-You-Go (PAYG)/Hourly Instance article.

Last updated on