Barracuda Web Application Firewall

Deploying and Provisioning the Barracuda Web Application Firewall on Microsoft Azure

This guide walks you through the steps to deploy and provision the Barracuda Web Application Firewall on Microsoft Azure.


The Barracuda Web Application Firewall on Microsoft Azure supports ONLY One-Arm Proxy mode deployment. For more information, see Configuring One-Arm Proxy Mode.

In this section:

Deploying and Provisioning the Barracuda Web Application Firewall Using the New Microsoft Azure Management Portal 

Perform the following steps to deploy and provision the Barracuda Web Application Firewall on Microsoft Azure using the new portal:

  1. Log into the Microsoft Azure Management Portal.
  2. Click Marketplace at the bottom of the screen.

                Mircrosoft_Azure_Home_page.png
  3. In the Marketplace window, select Virtual Machines and enter Barracuda Web Application Firewall in the text field.

               WAF_BYOL_and_Hourly.png
  4. Mouse over the search result and select Barracuda Web Application Firewall (BYOL or Hourly/Metered as per your requirement). Read the product overview and click Create.

    If you want to deploy a BYOL image, select the Barracuda Web Application Firewall (WAF BYOL) image.  


              WAF_BYOL.png

  5. On the Create VM page:
    1. Enter the host name in the HOST NAME field.
    2. Enter a username in the USER NAME field . This entry is not used by the Barracuda Web Application Firewall.
    3. Under Authentication Type, choose SSH Public Key or Password based on your selection. Note that this entry will not be used by the Barracuda Web Application Firewall.
    4. Select the PRICING TIER based on your requirement.
    5. In the OPTIONAL CONFIGURATION section, do the following:
      1. AVAILABILITY SET - Configure as per your requirement.
      2. NETWORK - Configure the network in which you want to deploy the Barracuda Web Application Firewall. Ensure it is in the same network as your web servers.

         It is recommended to assign a Static IP address to the Barracuda Web Application Firewall. Follow the steps below to assign the Static IP address:

        1. Select IP ADDRESSES under Network.
        2. In the IP ADDRESSES section, select Static under Static IP address assignment.
        3. Specify a static IP address from your network pool and click OK.
      3. STORAGE ACCOUNT - Select an existing storage account or create a storage account
      4. ENDPOINTS - By default, port 8000 (TCP) and port 443 (TCP) will be opened as endpoints to access the web interface of the Barracuda Web Application Firewall.  Configure additional endpoints which you want to use for creating services on the Barracuda Web Application Firewall.
      5. EXTENSIONS - Do not add any extension, as the Barracuda Web Application Firewall does not support extensions.
    6. Select a group in RESOURCE GROUP.
    7. Choose the subscription for the instance and click Create.

      WAF_Create_VM.png
    8. Read the legal terms in the Buy page and click Buy to complete the deployment.

      WAF_Buy.png

After clicking Buy, Microsoft Azure begins provisioning the Barracuda Web Application Firewall. You can check the status of the provisioned Barracuda Web Application Firewall from the Microsoft Azure Portal. Allow a few minutes before taking any further actions in the Portal. During this time, the Microsoft Azure Linux Agent and Barracuda Web Application Firewall image boots up.

Make sure you do not restart the Barracuda Web Application Firewall while it is provisioning.

Deploying and Provisioning the Barracuda Web Application Firewall Using the Classic Microsoft Azure Management Portal

Perform the following steps to deploy and provision the Barracuda Web Application Firewall on Microsoft Azure using the classic portal:

  1. Log into the Microsoft Azure Management Portal.
  2. On the VIRTUAL MACHINES page, click NEW at the bottom of the screen.

                 Virtual_Machines.png
  3. In the NEW window, navigate to COMPUTE > VIRTUAL MACHINE > FROM GALLERY.

                 Gallery.png
  4. On the Choose an Image page, search for Barracuda Web Application Firewall image. Select the Barracuda Web Application Firewall image and click Next (->) to continue.

    The Classic Portal allows you to deploy only the Barracuda Web Application Firewall BYOL. To deploy the Barracuda Web Application Firewall HOURLY, use the new portal and follow the instructions mentioned in Deploying and Provisioning the Barracuda Web Application Firewall Using the New Microsoft Azure Management Portal.


                  Choose_an_Image.png

  5. On the Virtual machine configuration page:
    1. Enter a name in the VIRTUAL MACHINE NAME field.
    2. Select the TIER (BASIC or STANDARD).
    3. Select a size for the virtual machine from the SIZE list based on the Barracuda Web Application Firewall license.
    4. In the NEW USER NAME field, enter a username. This entry is not used by the Barracuda Web Application Firewall.
    5. Clear the UPLOAD COMPATIBLE SSH KEY FOR AUTHENTICATION check box.
    6. Select the PROVIDE A PASSWORD check box and enter a password in NEW PASSWORD. Re-enter the password in CONFIRM and click Next (->). This entry is not used by the Barracuda Web Application Firewall.

            Virtual_Machine_Configuration.png
  6. On the second page of Virtual machine configuration:
    1. Select Create a new cloud service from the CLOUD SERVICE list.
    2. Enter a name in the CLOUD SERVICE DNS NAME field.
    3. Select a region from the REGION/AFFINITY GROUP/VIRTUAL NETWORK list.
    4. Select a subnet from the VIRTUAL NETWORK SUBNETS list.
    5. Select None for AVAILABILITY SET.
    6. Configure the ENDPOINTS to access the web interface of the Barracuda Web Application Firewall. By default, the Barracuda Web Application Firewall web interface listens on port 8000 for HTTP and port 443 for HTTPS. Make sure these ports (8000 and 443) are configured as ENDPOINTS on the Barracuda Web Application Firewall. Specify values for the following fields to configure the endpoints.
      1. NAME: a name of your choice.
      2. PROTOCOL: TCP
      3. PUBLIC PORT: 8000
      4. PRIVATE PORT: 8000

        Endpoints.png
    7. Follow the same steps to open other ports.
    8. Click Next (->) to continue.
    9. Read the legal terms and product description in the next page, and click the check mark (√) to complete the deployment.

               VM_Agent.png

After clicking on (√), Microsoft Azure begins provisioning the Barracuda Web Application Firewall. You can check the status of the provisioned Barracuda Web Application Firewall from the Microsoft Azure Management Portal under VIRTUAL MACHINES. You will see Starting (Provisioning) in the beginning on the Microsoft Azure Management Portal. Allow a few minutes before taking any further actions in the Portal. During this time, the Microsoft Azure Linux Agent and Barracuda Web Application Firewall image boot up.

Make sure you do not restart the Barracuda Web Application Firewall while it is provisioning.

Next Step

Continue with the Barracuda Web Application Firewall Quick Start Guide - Microsoft Azure for licensing and initial configuration of your virtual machine.

 


Feedback Did you find this article helpful: |

Still need help?

If you have a technical issue with the product, please contact Barracuda Networks Technical Support.