CGF01015 - Deployment

CGF01015 - Deployment
Hardware Appliance Deployment

Training Video Transcript

In this section, we're going to take a look at how you deploy a hardware Barracuda CloudGen Firewall.

© Barracuda Networks Inc., Revision: 7/19/2022 1

 CGF01015 - Deployment

Deployment
Management access
– Management IP: [Link]
– Username: root
– Password: ngf1r3wall
– Password change enforcement on first login

Training Video Transcript

When you receive your new firewall, it is going to be shipped out with a preconfigured default management IP
address of [Link].

You can connect your laptop or desktop computer, whichever machine you're going to use, for the initial setup
to Port 1.

Port 1 is the management interface for most of our models. When you get into some of our larger models, you
will see a dedicated Management Port and it will be indicated that way on the back of the firewall. But for now
we're going to assume we're dealing with a standard firewall and we're going to connect to it on Port 1.
In order to connect to it on Port 1, we need to assign our computer an IP address within the same subnet as the
firewall, which is 192 168 200.X. It's a 24-bit Network. So we're going to assign 192 168 200.100 as the IP of our
computer. That's the same address you'll see in your quick start guide.
Once we're connected to Port 1, either through a crossover cable or straight-through cable, we can launch
Barracuda Firewall Admin. Barracuda Firewall Admin is going to ask for the management IP address, the
username and password. The default username is “root” and the default password ngf1r3wall that is “ngfirewall”
with a 1 and a 3 instead of the “I” and “E”.
Once you log in the very first time, you will be prompted to change that root password. This is for security
reasons. Assuming you’re setting up a with F400 or below, you're going to go ahead and plug port 4 into your
network. Port 4 can be plugged into your switch or whatever device you use to obtain a DHCP address, because,
by default, port 4 comes with a DHCP client pre-configured. You connect Port 1 to your laptop, Port 4 to, let's
say, your switch, and theoretically you can now get out to the Internet.

© Barracuda Networks Inc., Revision: 7/19/2022 2

 CGF01015 - Deployment

License Activation
• Order date determines start of the subscription
– The system’s serial number is sent to Barracuda Networks
– Enter your registration details and accept EULA
– The license is issued and retrieved by the firewall
• Requirements
– CloudGen Firewall F and Firewall Admin with access to the activation
server

Training Video Transcript

The reason it's important to be able to get out to the internet deals with licensing, which we'll talk about in a few
moments.

When you register your firewall, the serial number of the Barracuda CloudGen Firewall is going to be transmitted
back to our Barracuda license servers. This will then download the appropriate license files that will be installed
on your brand-new firewall.
You will have a short registration form to fill out with the registration details and accept the end-user licensing
agreement. If you're deploying a large number of firewalls, Barracuda Firewall Admin has an option to pre-fill the
registration information using that template you create. The information can be applied to all the firewalls you
register after setting up the template automatically.

In order to download the license and keep the licenses up to date, both the firewall itself and Barracuda Firewall
Admin will need access over the Internet to the license server. Once you registered the firewall, you will see under
License on the dashboard, that it's a success and okay. The really nice thing with a hardware appliance is, when
you get to the process of downloading the licenses, you can click the little right arrow to initiate the download
process. It's going to reach out to the license server for you. There's no serial number you need to put in, no
tokens, nothing. It takes care of downloading the license for you.

© Barracuda Networks Inc., Revision: 7/19/2022 3

 CGF01015 - Deployment

License States
• Normal operation
• Demo mode
– Weak encryption ciphers (DES, RSA512) and management ACLs are
ignored
• Grace mode
– 15-day grace period for single licenses
– 60-day grace period for pool licenses
• Invalid license
– Subscribed features or services keep working
– Updates and configuration changes are blocked

Training Video Transcript

There are different license states that the firewall can be in.

First off, we have our normal operation mode. This is when the box is licensed, the features are working,
everything is good.

We also have a demo mode. Now, demo mode is how the firewall will show up to you when you first receive it
from Barracuda. In demo mode you cannot use any strong encryption mechanisms. This is due the export
restrictions. You also can't set in the ACLs for the management IP, and anything that requires an additional
license or subscription will not work in demo mode.

Now, let's assume that we do license the firewall and we get a one-year license for all the services. We have all
the add-ons features possible. Once that subscription time is over, you have a 15-day grace period if you're using
single firewall licenses.
If you're doing pool licensing through the Barracuda Control Center, you have a 60-day grace period to renew
that license.

If for some reason you don't renew the license, the features will continue to work; however, maybe with limited
functionality, and you will not receive updates. The big one is your Energize Updates license. If you don't renew
your Energize Updates, you do not get any of the security definition updates. You don't get any firmware
updates. You also lose your ability to get Barracuda’s support while the box is unlicensed.
So it's really important to make sure you keep your Energize Updates current and your firewalls activated. With
an expired license you can't get any updates to the firewall and you can't make any configuration changes even
though it's still processing traffic.

© Barracuda Networks Inc., Revision: 7/19/2022 4

 CGF01015 - Deployment

Good to Know
• No artificial limits
– Hardware performance is the sole restriction
• Cold standby licensing
– Firewall is purchased without licenses
– If the firewall fails, Barracuda Networks Technical Support transfers the
license to the cold standby
• Zero-Touch Deployment is available with every firewall

Training Video Transcript

Some things to keep in mind with Barracuda CloudGen Firewalls hardware versions. There are no artificial limits.
You could put 10 users or 10,000 users behind the F280. Now the F280 is not designed to support 10,000 users,
but that is a hardware limitation. The only limitation is what the physical Hardware can actually push through, is.
We don't say “Oh, you get 20 users or 500 users, then you have to pay for more.” You just have to upgrade your
Hardware to be able to support a larger number of users.

You also have the ability to purchase a cold standby firewall. What this is? It's a physical Hardware firewall that
does not have any licenses on it. This is typically used in areas where our Instant Replacement is just not fast
enough for you. You can't wait for next business day to receive your new hardware.
The cold spare you're able to rack up, plug it in, and restore it from the PAR file, which is the backup
configuration file for your existing firewall that just went down. It will run with the mismatched license for up to 15
days. During this time, call Barracuda Support and they can swap the licenses to match your cold-spare or active
a new license. With this, you're not in any rush to get the new replacement one shipped to you from Barracuda.

We also have what's called zero-touch deployment, where you use the Barracuda Control Center to create the
configuration, push it to a Barracuda cloud service, and when a new firewall comes online, it will know that its
configurations are pre-staged and will download that configuration. After applying the configuration, the firewall
will connect back to our Control Center. More information on zero touch deployment is available in our expert
level courses.

© Barracuda Networks Inc., Revision: 7/19/2022 5

 CGF01015 - Deployment

Thank You

Training Video Transcript

In this section, we took a look at how you deploy a hardware appliance and some details on licensing hardware
Barracuda CloudGen Firewalls.

© Barracuda Networks Inc., Revision: 7/19/2022 6