Barracuda Web Application Firewall deployment with ARM template

Hi there, I am going to show how to deploy Barracuda Web Application Firewall (WAF) from Azure marketplace with ARM template. The example is pretty straight-forward but I want you to provide with step-by-step guide how to automate it.

First, we need to create a template for deployment. So we go to the New button and type Template deployment. After clicking Create it forwards us to the template deployment setup.

Second, in the Edit template field delete all the current code and paste the following:


{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
      "Barracuda_WAF_VM_username": {
        "type": "string",
        "metadata": {
        "description": "User name for the Virtual Machine."
      }
	  },
      "Barracuda_WAF_VM_adminPass": {
        "defaultValue": null,
        "type": "securestring"
        }
    },
    "variables": {
      "Barracuda_WAF_VM_name": "barracuda",
      "Barracuda_WAF_NetInterface": "Barracuda-NetInterface",
      "Barracuda_WAF_NSG": "Barracuda-NSG",
      "Barracuda_WAF_PIP": "Barracuda-PIP",
      "Barracuda_WAF_sa": "[concat(uniquestring(resourceGroup().id), 'barracuda')]",
      "addressPrefix": "9.0.0.0/16",
      "subnetName": "Subnet",
      "subnetPrefix": "9.0.0.0/24",
      "storageAccountType": "Standard_LRS",
      "vmSize": "Standard_D1",
      "virtualNetworkName": "VNET",
      "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
      "subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]"
		},
    "resources": [
        {
            "type": "Microsoft.Compute/virtualMachines",
            "name": "[variables('Barracuda_WAF_VM_name')]",
            "apiVersion": "2015-06-15",
           "location": "[resourceGroup().location]",
            "plan": {
                "name": "hourly",
                "product": "waf",
                "publisher": "barracudanetworks"
            },
            "properties": {
                "hardwareProfile": {
                    "vmSize": "[variables('vmSize')]"
                },
                "storageProfile": {
                  "imageReference": {
                    "publisher": "barracudanetworks",
                    "offer": "waf",
                    "sku": "hourly",
                    "version": "latest"
                  },
                  "osDisk": {
                    "name": "[variables('Barracuda_WAF_VM_name')]",
                    "createOption": "FromImage",
                    "vhd": {
                      "uri": "[concat('https', '://', variables('Barracuda_WAF_sa'), '.blob.core.windows.net', concat('/vhds/', variables('Barracuda_WAF_VM_name'),'2016112233445566.vhd'))]"
                    },
                    "caching": "ReadWrite"
                  },
                    "dataDisks": []
                },
              "osProfile": {
                "computerName": "[variables('Barracuda_WAF_VM_name')]",
                "adminUsername": "[parameters('Barracuda_WAF_VM_username')]",
                "linuxConfiguration": {
                  "disablePasswordAuthentication": false
                },
                "secrets": [ ],
                "adminPassword": "[parameters('Barracuda_WAF_VM_adminPass')]"
              },
                "networkProfile": {
                    "networkInterfaces": [
                      {
                        "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('Barracuda_WAF_NetInterface'))]"
                      }
                    ]
                }
            },
							"resources": [],
          "dependsOn": [
            "[resourceId('Microsoft.Storage/storageAccounts', variables('Barracuda_WAF_sa'))]",
            "[resourceId('Microsoft.Network/networkInterfaces', variables('Barracuda_WAF_NetInterface'))]"
          ]
        },
      {
        "type": "Microsoft.Network/networkInterfaces",
        "name": "[variables('Barracuda_WAF_NetInterface')]",
        "apiVersion": "2016-03-30",
        "location": "[resourceGroup().location]",
        "properties": {
          "ipConfigurations": [
            {
              "name": "ipconfig1",
              "properties": {
                "privateIPAllocationMethod": "Dynamic",
                "publicIPAddress": {
                  "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('Barracuda_WAF_PIP'))]"
                },
                "subnet": {
                  "id": "[variables('subnetRef')]"
                }
              }
            }
          ],
          "dnsSettings": {
            "dnsServers": [ ]
          },
          "enableIPForwarding": false,
          "networkSecurityGroup": {
            "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('Barracuda_WAF_NSG'))]"
          }
        },
        "resources": [ ],
        "dependsOn": [
          "[resourceId('Microsoft.Network/publicIPAddresses', variables('Barracuda_WAF_PIP'))]",
          "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
          "[resourceId('Microsoft.Network/networkSecurityGroups', variables('Barracuda_WAF_NSG'))]"
        ]
      },
      {
        "type": "Microsoft.Network/networkSecurityGroups",
        "name": "[variables('Barracuda_WAF_NSG')]",
        "apiVersion": "2016-03-30",
        "location": "[resourceGroup().location]",
        "properties": {
          "securityRules": [
            {
              "name": "MGMT_-_HTTP",
              "properties": {
                "protocol": "TCP",
                "sourcePortRange": "*",
                "destinationPortRange": "8000",
                "sourceAddressPrefix": "*",
                "destinationAddressPrefix": "*",
                "access": "Allow",
                "priority": 1010,
                "direction": "Inbound"
              }
            },
            {
              "name": "MGMT_-_HTTPS",
              "properties": {
                "protocol": "TCP",
                "sourcePortRange": "*",
                "destinationPortRange": "443",
                "sourceAddressPrefix": "*",
                "destinationAddressPrefix": "*",
                "access": "Allow",
                "priority": 1020,
                "direction": "Inbound"
              }
            },
            {
              "name": "default-allow-ssh",
              "properties": {
                "protocol": "TCP",
                "sourcePortRange": "*",
                "destinationPortRange": "22",
                "sourceAddressPrefix": "*",
                "destinationAddressPrefix": "*",
                "access": "Allow",
                "priority": 1030,
                "direction": "Inbound"
              }
            }
          ]
        },
        "resources": [ ],
        "dependsOn": [ ]
      },
      {
        "type": "Microsoft.Network/publicIPAddresses",
        "name": "[variables('Barracuda_WAF_PIP')]",
        "apiVersion": "2016-03-30",
        "location": "[resourceGroup().location]",
        "properties": {
          "publicIPAllocationMethod": "Dynamic",
          "idleTimeoutInMinutes": 4
        },
        "resources": [ ],
        "dependsOn": [ ]
      },
        {
            "type": "Microsoft.Network/virtualNetworks",
            "name": "[variables('virtualNetworkName')]",
            "apiVersion": "2016-03-30",
           "location": "[resourceGroup().location]",
            "properties": {
                "addressSpace": {
                    "addressPrefixes": [
                        "[variables('addressPrefix')]"
                    ]
                },
                "subnets": [
                    {
                        "name": "[variables('subnetName')]",
                        "properties": {
                            "addressPrefix": "[variables('subnetPrefix')]"
                        }
                    }
                ]
            },
            "resources": [],
            "dependsOn": []
        },
      {
        "type": "Microsoft.Storage/storageAccounts",
        "sku": {
          "name": "[variables('storageAccountType')]",
          "tier": "Standard"
        },
        "kind": "Storage",
        "name": "[variables('Barracuda_WAF_sa')]",
        "apiVersion": "2016-01-01",
        "location": "[resourceGroup().location]",
        "tags": { },
        "properties": { },
        "resources": [ ],
        "dependsOn": [ ]
      }
    ]
}


Third, in the parameters provide username and password of Barracuda VM. Choose resource group, location and after reviewing legal terms purchase the Barracuda license.

Fourth, after the template will be deployed, you will be able to access Barracuda portal by the following URL: http://<public ip address>:8000

barracuda

 

Username: admin
Password: your password that you have provided within parameters tab

barracuda-login

 

Note, that by Barracuda recommendations no extensions should be deployed to make sure that vm is running correctly. And DO NOT forget to check the pricing as it comes with different charges on your Azure subscription! Good luck!

 

Leave a Reply

Your email address will not be published.