Overview:
The Barracuda WAF (web application firewall) 660
Initial Setup:
Unlike "higher quality" systems, the barracuda systems needs a keyboard and VGA monitor for the initial configuration. When plugged in, login with the default user/password (admin/admin) and in the System Configuration window, navigate to the TCP/IP Configuration. From there, enter in the following information:
- WAN (external) IP:
- WAN Mask
- WAN Gateway
- Primary and secondary DNS servers. (Note that the Barracuda's Achilles heal is the external DNS system. It requires this to work properly, so make sure that it is robust and accessible by the Barracuda.
When you are done, select save and exit. The changes will be made instantly.
Setup Outbound Firewall Rules
The system must connect to the
Barracuda Network to handle licensing. (this way they can milk the hell
out of you for an over priced support contract. :) Without this, the
system throws errors and behaves poorly for admin purposes. To enable
this bend-overage, allow the following outbound flows on your firewall:
Allow TCP:80 from the Barracuda to the following networks
64.235.147.0 255.255.255.0
host 64.235.144.132
216.129.105.0 255.255.255.0
216.129.125.0 255.255.255.0
205.158.110.0 255.255.255.0
Activate the Firewall:
Subscription:
From the
Basic tab, under
Status, select (3) the "
Click here for activation code". This will pull up a Barracuda webpage where you can enter in your company's information for the support contract. When you are finished, you will get an activation code, which you should paste back in (4) the
Basic tabs
Status page, under the
Subscription Status.
Firmware Upgrades:
To update Firmware, go to the
Advanced tab, select
Firmware Update, and confirm that the
Current installed Version is less then the
Latest General Release. If so, select
Download Now under the Latest General Release section, and then select
Apply Now to install the newest release.
Energize Updates:
To get the latest Security, Virus and Attack updates, under
Advanced tab, select the
Energize Updates sub-tab. Then select (A)
update on those subsections. The system will be updated without needing a restart or anything.
General Settings:
IP Address:
Under the Basic Tab, under IP Configuration, set your LAN and Management IP addresses. The LAN interface is the one that connects directly to the servers being proxied, and the Management interface is how admin access is
DNS:
Under the
Basic Tab, under
IP Configuration, set your DNS servers
Syslog:
Under the
Advanced Tab, under
Export Logs, set the syslog servers.
Time:
There
are two different places to change the time on the server, one is in
the Basic tab, and the other under the "special expert variables".
Under the
Basic Tab, under
Admin, set the timezone
Then in the
Advanced tab, under
System Configuration, add the Time servers under the
NTP Server Settings section.
Admin Access:
Under the
Basic Tab, under
Admin, set the range of IP's that can connect to the admin port of this system.
SNMP Conf:
Also under the
Basic Tab, futher down the
Admin sub-tab is the SNMP configuration tab, where you can define the snmp
version, community string, and allowed IPs to poll this system.
Change Password:
Change the Admin Password by going to the
Basic tab, and selecting
Administration, and then adding your new password in the
Password Change section.
Setup HA Pair:
Bind a second load balancer by repeating the process above to the second unit, and then under the
Advanced Tab, select
High Availability, and enter in the other systems IP, and the same shared secret and group id.
