/
Load Balancing For Clustered Barracuda Web Application Firewall Instances in Amazon Web Services (AWS)

Load Balancing For Clustered Barracuda Web Application Firewall Instances in Amazon Web Services (AWS)

Jan 15, 2026

This guide walks you through the steps to load balance traffic across multiple instances of the Barracuda Web Application Firewall deployed in Amazon Web Services.

In this article

To set up a High Availability environment with multiple Barracuda Web Application Firewall instances in Amazon Web Services, make sure all services configured on each instance use the WAN IP address of the Barracuda Web Application Firewall.

Step 1 - Deploy Multiple Barracuda Web Application Firewall Instances in Amazon Web Services

Follow the steps in Deploy the Barracuda Web Application Firewall on Amazon Web Services   to deploy multiple Barracuda Web Application Firewall instances. To license and configure your virtual machine, continue with Barracuda Web Application Firewall Deployment and Quick Start Guide for Amazon Web Services . In this example, there are two Barracuda Web Application Firewall instances where Barracuda-WAF1 is the first unit and Barracuda-WAF2 is the second unit.

Step 2 - Set Up Load Balancing on the Barracuda Web Application Firewall Instances

Load Balance the Service on Multiple Barracuda Web Application Firewall Instances Using the Application Load Balancer

  1. Log into the Amazon EC2 Management Console.

  2. From the EC2 dashboard, select Load Balancers under Load Balancing.

  3. Click Create Load Balancer. The Select load balancer type page opens.

  4. On the Select load balancer type page, click Create under Application Load Balancer.

    Application_Load_Balancer.png


  5. On the Create Application Load Balancer page:

    1. Basic Configuration

      1. Load Balancer name - Enter a name for the load balancer.

      2. Scheme - Select the scheme to route the client requests to the server.

        1. Internet-facing: Routes client requests over the Internet.

        2. Internal: Routes requests using the private IP addresses.

      3. IP address type - Select the IP address type (IPv4 or dualstack) to communicate with the load balancer.

        1. IPv4: Accepts only IPv4 traffic.

        2. Dualstack: Accepts IPv4 and IPv6 traffic.

    2. Network mapping

      1. VPC – Select the VPC.

      2. Mappings - Select the availability zones and subnets for the VPC load balancer.

    3. Security groups

      1. Security groups - Select an existing security group from the drop-down list and assign it to the load balancer, or choose Create new security group to create a new group.

    4. Listeners and routing

      1. Listener – Configure the following:

        1. Protocol – Select the protocol (HTTP or HTTPS).

        2. Port – Specify the port number.

        3. Default action – Select an existing target group from the drop-down list, or click Create target group to register your targets (services). The load balancer routes the traffic to registered targets (services) using the port and protocol specified for the target group. See the section Create a Target Group.

      2. Click Add Listener.

    5. Tags (optional)

      1. Specify a key and a value for the tag. Click Add tag to add tags.

    6. Summary

      1. Review your settings before creating the load balancer, and then click Create load balancer.

Create a Target Group

You must create a target group and register the Barracuda Web Application Firewall instances or IP addresses for which the traffic needs to be load balanced. The load balancer routes the traffic to the registered targets using the specified port and protocol. For detailed information, refer to the AWS documentation.

  1. Log into the Amazon EC2 Management Console.

  2. From the EC2 dashboard, select Target Groups under Load Balancing.

  3. On the Target groups page, click Create target group.

  4. On the Step 1 Specify group details page, configure the following:

  5. Basic configuration

    1. Choose a target type - If the Barracuda Web Application Firewall instances have created the service using the system IP address, select Instances. If the Barracuda Web Application Firewall instances have services with multiple IP addresses, select IP addresses.

    2. Target group name - Specify a name for the target group.

    3. Protocol - Select the protocol

    4. Port - Specify the port number.

    5. VPC - Select the VPC with the instances that need to be included in the target group.

    6. IP address type - (Available only when the target type is IP addresses) Select the IP address type for the IP addresses. Note: The target group may include only the selected IP address type targets (services).

    7. Protocol version - Select the protocol version.

  6. Health checks – Modify the default settings as needed.

  7. Tags (Optional) – Expand the tags section, and add the tags with key and value pair.

  8. Click Next.

  9. On the Register targets page, do the following:

    1. If the target type is Instances:

      1. Select the instances to which the traffic needs to be load balanced and click Include as pending below.

    2. If the target type is IP addresses:

      1. Select a network VPC from the list.

      2. Specify the IP addresses. You can add up to five IP addresses at a time.

      3. Specify the port number to route the traffic to specified IP addresses.

      4. Click Include as pending below.

  10. Review the targets and click Create target group.

Load Balance the Service on the Barracuda Web Application Firewall Instances Using the Classic Load Balancer

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.