/
Barracuda Web Application Firewall Deployment and Quick Start Guide for Amazon Web Services

Barracuda Web Application Firewall Deployment and Quick Start Guide for Amazon Web Services

Jan 08, 2026

The Barracuda Web Application Firewall for AWS can be deployed in One-Arm Proxy Mode on Amazon Web Services. This article explains One-Arm Proxy Mode deployment. Complete the steps in this guide to configure, launch, and license your Barracuda Web Application Firewall instance. Then log into the Barracuda Web Application Firewall to verify your configuration and change your password.

Requirements

Before you deploy the Barracuda Web Application Firewall on Amazon Web Services, ensure that you have completed the following:

Step 1 - Create a Security Group

Create a security group with rules specifying allowed protocols, ports and source IP ranges. Multiple security groups can be created with different rules, and assigned to each instance. For more information on security groups, refer to the AWS article Amazon EC2 Security Groups.

  1. Log into the Amazon EC2 Management Console.

  2. From the EC2 dashboard, select Security Groups under Network & Security.

  3. Click Create security group.

  4. In the Create security group window, do the following:

    1. Enter a name to identify the security group.

    2. Specify the description for the security group.

    3. Select a VPC ID from the list.

  5. Specify the inbound and outbound traffic to be allowed for the instance and click Create security group.

By default, the Barracuda Web Application Firewall web interface listens on port 8000 for HTTP and port 8443 for HTTPS. Make sure these ports (8000 and 8443) are allowed by the Inbound rule of the associated security group. Also, add the port(s) through which you configure the Service(s) for this instance.

Step 2 (Optional) - Allocate and Assign an Elastic IP Address to Your Instance

When an instance of your Barracuda Web Application Firewall is created, a public IP address is associated with the instance. That public IP address changes automatically when you STOP and START the Barracuda Web Application Firewall. To resolve this issue, assign a persistent public IP address to the instance using Elastic IP addressing. For more information, refer to the Amazon Web Services article Elastic IP Addresses.

  1. Log into the Amazon EC2 Management Console.

  2. From the EC2 dashboard, select Elastic IPs under Network & Security.

  3. Click Allocate Elastic IP Address.

  4. On the Allocate Elastic IP address page, keep the default settings and click Allocate to allocate a new IP address. A random Public IP gets generated and displayed in the Elastic IP addresses table.

  5. In the Elastic IP addresses table, click on the new allocated IP address.

  6. On the IP address page, click Associate Elastic IP address.

  7. On the Associate Elastic IP address page:

    1. Select Instance and the Private IP Address of the instance from the respective lists.
      OR

    2. Select Network Interface and the Private IP Address from the respective lists.

    3. Select the Allow the Elastic IP address to be reassociated check box.

  8. Click Associate.

If you have configured multiple internal IP addresses to the interface, then follow the steps above to allocate and assign the elastic IP address to each internal IP address, so that they can be accessed by the outside world.

Step 3 - Deploy the Barracuda Web Application Firewall on Amazon Web Services

Before you proceed, it is recommended that you go through the Deployment Best Practices article.

In the Amazon VPC that you configured, launch an Amazon EC2 instance with the Barracuda Web Application Firewall AMI image. The Amazon Launch Instance wizard guides you through the following steps:

  1. Log into the AWS Management Console and open the EC2 Management Console.

  2. From the top right corner of the page, select the region for the instance. This is important because some Amazon EC2 resources can be shared between regions.

                              

  3. Select Instances under Instances.

  4. On the Instances page, click Launch Instances.

     

  5. On the Launch an instance page, do the following:

    1. Name and tags

      1. Name: Specify a name for the instance.

    2. Application and OS Images (Amazon Machine Image)

      1. Click Browse more AMIs.

                  

      2. On the Choose an Amazon Machine Image (AMI) page:

        1. Select AWS Marketplace AMIs and search for the Barracuda Web Application Firewall AMI. Click Select next to the Barracuda Web Application Firewall AMI.

        2. Go through the overview and product details and click Continue.

        3. Click Confirm Changes when prompted.

      3. The selected AMI appears on the Launch an instance page.

            

    3. Instance type

      1. Select an instance type from the drop-down list.

    4. Key pair (login)

      1. Select the existing key pair or create a new key pair.

    5. Network Settings

      1. VPC: Select the VPC from the drop-down list.

      2. Subnet: Select a subnet from the drop-down list. Make sure to select the subnet of the VPC where you want to create the instance.

      3. Firewall (security groups): Click Select existing security group to select and assign the security group(s) from the existing list, or choose Create security group to create a new group.

    6. Configure Storage

      1. The storage device settings for the instance is displayed. Modify the values if required.

    7. Advanced details

      1. Keep the default setting for all parameters.

  6. Review your settings under Summary and click Launch instance.

                         

Contact Us
Barracuda Campus
Barracuda Support