Deploy Barracuda WAF cluster on Azure---2

The previous article talked about how to deploy Barracuda on Azure. This article discusses how to configure Barracuda.

1. License

Apply to Barracuda's sales staff for the license of the WAF. After getting license, open the admin interface of the Barracuda that you just installed:

http://azurebrcd.chinacloudapp.cn:8001

http://azurebrcd.chinacloudapp.cn:8002

See the following page:

Click I already have a license Token, appear:

Enter the resulting token. Domain to fill out your domain.

After determining, wait for its initialization.

1. Change the initial password

After initialization, see the landing page:

Enter the user name and password, default to Admin/admin.

After logging in, change the password in administration:

Enter the old password, and the new password:

1. Create a cluster

   In the Basic Configuration page, select IP configuration, record the IP address, and set the address of the VM to a static address in the Azure PowerShell command:

   PowerShell command:

   PS c:\users\hengz> get-azurevm-servicename azurebrcd-name azurebrcd01 | Set-azurestaticvnetip-ipaddress 10.1.1.4 | Update-azurevm

   OperationDescription OperationID Operationstatus

   -------------------- ----------- ---------------

   UPDATE-AZUREVM 9a555da4-780c-4daa-96e9-0e81ddebf1e4 Succeeded

   Once the address of the VM is fixed, select "Advanced Settings"-à "cluster settings" in the admin interface

   Configure the Pre-share key and the peer IP address on the configuration page:

   When both sides are added, the cluster is established:

3. Create a service

   In the basic settings, select Service, add service name and true server address:

   After adding:

   The second server can be added again, in the join-à server:

   After adding:

4. Customizing security Policies

   The security policy adopted at this time is the default security policy, which requires the creation of a new security policy based on the user's application:

   Click on "Security Policy"à "policy Management", enter "test" in the policy name, click Join:

   After you generate the test policy, set each of the security policies:

   HTTP request limit, select test, adjust the value (you can also choose the default value):

   Cookie protection, select the protected mode of the cookie as the signature mode, define the expiration time of the cookie, etc.:

   URL protection, you can choose the action of HTTP request, whether to prevent SQL injection and so on:

   Parameter protection, set blocking metacharacters to prevent command injection attacks, define types of files that can be uploaded, and so on:

   Web site hiding, you can hide the back-end server A variety of basic information to prevent hackers to use system vulnerabilities to attack:

   Data theft protection, you can define data types through regular expressions, such as identity card numbers, credit card numbers, etc., whether you want to block or hide:

   URL normalization, since WAF is working in proxy mode, you need to define a default character set when the encoding of its hosted HTTP request is not recognized. The configuration is in this project:

   Global ACLs, which can match URLs to allow or block and log actions:

   Action policy, keeping its default configuration:

6. Deployment and well-defined security policies:

   Select "Basic Settings"à"service"à "join"à"rules"

   Change the mode from "passive" to "active" and select the Set test template.

8. Load Balancing policy settings:

   The Barracuda WAF has a very rich load balancing strategy, or on the configuration page just now:

   The algorithm can be: round robin, weight rotation and the minimum number of requests three kinds of: non-use, source IP hold, cookie insertion, passive cookie, HTTP header and Urlparameter six kinds, failover mode has load balance and failover two kinds.

   In general, we choose the configuration mode of round robin, cookie insertion and load balancing.

Summary: At this point, Cluster, basic security policies, load balancing policies are configured to complete. We can see statistical information about the various states of the device system in the system State of the basic setup:

You can see the type and number of attacks.

In addition, there are some advanced security policies in site security, this article is not described in detail.

Deploy Barracuda WAF cluster on Azure---2