It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Configuring the Barracuda Web Application Firewall with Multiple NICs

  • Last updated on

You can deploy the Barracuda Web Application Firewall instances in Microsoft Azure and attach multiple network interface controllers (NICs) to it. Multiple NIC is a requirement for network appliances and virtual machines that forward the traffic from one subnet to another. Multiple NICs also provide more network traffic management functionality, including isolation of traffic between a front-end NIC and a backend NIC. Using Multiple NICs you can separate the data (WAN) traffic from the backend server (LAN) traffic, i.e., the servers can reside in the LAN network. For more information, refer to the Create a VM with multiple NICs article in the Microsoft Azure documentation.

You can deploy the Barracuda Web Application Firewall instance(s) with Single NIC and Multi IP or Multi NIC and Multi IP on Microsoft Azure using the Azure Resource Manager (ARM) template. See Configuring Multiple IP Addresses for the Barracuda Web Application Firewall Instance in Azure Resource Manager.

Multi_NIC-01.png

This article provides information on how to deploy the Barracuda Web Application Firewall instance with multiple NICs using Azure Resource Manager (ARM).

Prerequisite

To configure the Barracuda Web Application Firewall with multiple NICs, the virtual network should include two subnets, i.e., one for the WAN traffic and the other for the LAN traffic. When the Barracuda Web Application Firewall instance is deployed in Microsoft Azure, the virtual network is associated with a single subnet (i.e., for WAN traffic). To add another subnet, perform the following steps:

  1. Log into the Microsoft Azure portal, click Resource groups on the left panel.
  2. In the Resource groups list, click on the resource group to which the Barracuda Web Application Firewall instance is associated.
  3. On the resource group page, click on the virtual network associated with the resource group.

    Select_VNET.png
  4. On the virtual network page, select Subnets under SETTINGS and click Subnet.

    Subnets.png
  5. On the Add Subnet page:
    1. Name: Enter a name for the subnet.
    2. Address range (CIDR block): Enter the IP address for the subnet. The IP address should be within the address space of the virtual network.
    3. Network security group: Select the network security group associated with the resource group selected in Step 2.
    4. Click OK.

      Add_subnet.png

      NSG_Added.png
  6. The new subnet gets displayed in the Subnets list.

    Subnet_Added.png

To configure the Barracuda Web Application Firewall with multiple NICs, perform the following steps:

Step 1. Deploy the Barracuda Web Application Firewall Instance

Follow the steps mentioned in Deploying and Provisioning the Barracuda Web Application Firewall in the New Microsoft Azure Management Portal or Deploying and Provisioning the Barracuda Web Application Firewall in the Classic Microsoft Azure Management Portal.

Step 2. Set the Private IP Address of the Instance to Static

After the instance is deployed, set the private IP address to static by following the steps below:

The IP address should be changed to static to ensure that the system retains the same IP address even after the system reboots.

  1. In the Microsoft Azure portal, click Resource groups on the left panel.

    Resource_Group.png
  2. In the Resource groups list, locate and click on the resource group to which the Barracuda Web Application Firewall instance is associated.
  3. On the Resource groups page, select the network interface (NIC) of the deployed Barracuda Web Application Firewall instance.

    Resource_Group1.png
  4. On the instance Network interface page, select IP configuration under Settings.
  5. Select the Private IP Address under IP configurations.
  6. Set Assignment to Static under Private IP address settings and click Save.

    IP_Config.png

Step 3. Create a Network Interface (NIC)

By default, the Barracuda Web Application Firewall instance is deployed with a single NIC. You can add an additional NIC for LAN either through the Azure Portal or Azure CLI.

Create a NIC Using the Azure Portal

  1. Log into the Microsoft Azure portal.
  2. Click Marketplace in the left panel and type Network Interface in the Search Everything field.
  3. Select Microsoft Network interface from the search results.
  4. On the Network interface page, click Create.
  5. On the Create network interface page:
    1. Name: Enter a name for the network interface. Example: LAN
    2. Virtual network: Select the virtual network for the network interface. Ensure that the virtual network exists in the same subscription and location as that of the network interface.
    3. Subnet: Select a subnet within the virtual network.
    4. Private IP address assignment: Set to Static.
    5. Private IP address: Enter an IP address that belongs to the configured subnet.
    6. Network security group: Select an existing network security group, or create a network security group.
    7. Subscription: Select the subscription from the drop-down list.
    8. Resource group: Select Use existing and select the resource group to which the Barracuda Web Application Firewall instance is associated.
    9. Location: Select the location. Ensure that the network interface location and the location specified for the Barracuda Web Application Firewall instance are the same. 
  6. Click Create.
Creating a NIC Using the Azure CLI

To create a network interface using the Azure CLI, perform the steps below:

  1. Install Azure CLI by following the steps mentioned in Install Azure 2.0 CLI.
  2. To authenticate to your Azure account, run the Azure login command and follow the instructions.

    az login

    This displays a message as: “To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code ********* to authenticate.”

    Az_Login.png
  3. Copy the URL and paste it in the web browser.
  4. Enter the Code in the text field and click Continue.

    Device_Login.png
  5. Enter your Microsoft account username and password.
  6. After successful authentication, you can use the Azure CLI to perform actions on your Azure account.

    Signed_In.png
  7. Run the following command to create a NIC:

    az network nic create --resource-group <Resource group name to which your Barracuda Web Application Firewall instance is associated> --name <Name for the new NIC> --vnet-name <Name of the virtual network to which this network interface needs to be created--subnet <Name of the subnet> --network-security-group <Name of the network security group>

    Example: az network nic create --resource-group WAFRG-TEST --name NIC-2 --vnet-name WAFRG-TEST-vnet --subnet default --network-security-group BWAF-TEST1-nsg

    Add_Network_Interface.png

Step 4. Add the LAN Network Interface to the Barracuda Web Application Firewall Instance

To add the created network interface to the Barracuda Web Application Firewall instance, perform the following steps:

  1. Log into the Microsoft Azure Portal.
  2. Click Virtual machines in the left panel.

    Virtual_Machine.png
  3. In the Virtual machines list, click on the virtual machine to which the network interface needs to be added.
  4. Click Stop to shut down the virtual machine.

    Virtual_Machine.png
  5. After the virtual machine has stopped, go to the Microsoft Azure Command Line Interface, and run the following command:

    az vm nic add --output json --vm-name <Name of the Barracuda Web Application Firewall instance to which the network interface needs to added> --resource-group <Name of the resource group>  --nics <Name of the network interface that needs to be added to the instance>

    Example: az vm nic add  --output json --vm-name BWAF-TEST1 --resource-group WAFRG-TEST  --nics NIC-2

Step 5. Configure the LAN IP Address

The private IP address of the new NIC should be configured as the LAN IP address in the BASIC > IP Configuration page.

  1. Log into the Barracuda Web Application Firewall web interface.
  2. Go to the BASIC > IP Configuration page.
  3. In the LAN IP Configuration section:
    1. IPv4 Address: Enter the IP address of the second NIC that was added to the instance.
    2. IPv4 Subnet Mask: Enter the netmask associated with the IP address
    3. Allow Administration Access: Set to No to allow administration access.
  4. Click Save.

    LAN_IP_Config.png