Home‎ > ‎Barracuda‎ > ‎

Basic Config of a WAF 660


The Barracuda WAF (web application firewall) 660

Initial Setup:

Unlike "higher quality" systems, the barracuda systems needs a keyboard and VGA monitor for the initial configuration.  When plugged in, login with the default user/password (admin/admin) and in the System Configuration window, navigate to the TCP/IP Configuration.  From there, enter in the following information:

  • WAN (external) IP:
  • WAN Mask
  • WAN Gateway
  • Primary and secondary DNS servers.  (Note that the Barracuda's Achilles heal is the external DNS system.  It requires this to work properly, so make sure that it is robust and accessible by the Barracuda.

When you are done, select save and exit.  The changes will be made instantly. 

Setup Outbound Firewall Rules

The system must connect to the Barracuda Network to handle licensing.  (this way they can milk the hell out of you for an over priced support contract. :)  Without this, the system throws errors and behaves poorly for admin purposes.  To enable this bend-overage, allow the following outbound flows on your firewall:

Allow TCP:80 from the Barracuda to the following networks

Activate the Firewall:


From the Basic tab, under Status, select (3) the "Click here for activation code".  This will pull up a Barracuda webpage where you can enter in your company's information for the support contract.  When you are finished, you will get an activation code, which you should paste back in (4) the Basic tabs Status page, under the Subscription Status

Firmware Upgrades:

To update Firmware, go to the Advanced tab, select Firmware Update, and confirm that the Current installed Version is less then the Latest General Release.  If so, select Download Now under the Latest General Release section, and then select Apply Now to install the newest release.

Energize Updates:

To get the latest Security, Virus and Attack updates, under Advanced tab, select the Energize Updates sub-tab.  Then select (A) update on those subsections.  The system will be updated without needing a restart or anything. 

General Settings:

IP Address:

Under the Basic Tab, under IP Configuration, set your LAN and Management IP addresses.    The LAN interface is the one that connects directly to the servers being proxied, and the Management interface is how admin access is


Under the Basic Tab, under IP Configuration, set your DNS servers


Under the Advanced Tab, under Export Logs, set the syslog servers.


There are two different places to change the time on the server, one is in the Basic tab, and the other under the "special expert variables".
Under the Basic Tab, under Admin, set the timezone

Then  in the Advanced tab, under System Configuration, add the Time servers under the NTP Server Settings section.

Admin Access:

Under the Basic Tab, under Admin, set the range of IP's that can connect to the admin port of this system.

SNMP Conf:

Also under the Basic Tab, futher down the Admin sub-tab is the SNMP configuration tab, where you can define the snmp version, community string, and allowed IPs to poll this system.

Change Password:

Change the Admin Password by going to the Basic tab, and selecting Administration, and then adding your new password in the Password Change section. 

Setup HA Pair:

Bind a second load balancer by repeating the process above to the second unit, and then under the Advanced Tab, select High Availability, and enter in the other systems IP, and the same shared secret and group id.