How to run Barracuda NG Firewall on UNetLab

Sometimes you need to step outside of your usual sphere of technologies, and this is one of those times. I have, for a project, needed to become quite conversant with the Barracuda NG Firewall.

So, it makes sense that I can get one to play with at home. It will run on KVM, Xen, Citrix XenServer, Hyper-V and VMWare. But will it run in UNetLab?

Let’s find out. Before we do that though I am going to do a very quick review.

Barracuda NG Firewall review

I must say that when I was given the options of what firewall to run (the choices being either Check Point or Barracuda, I immediately banged my hand on the table and proclaimed my desire to run Check Point.

Have you every tried to download a trial from Check Points website? It’s almost impossible without having to sacrifice a goat or something. Barracuda, on the other hand, make getting an eval a very simple task.

So, we rolled out our first NG Firewall and, with a lot of help from Barracuda, I must say I am rather impressed.

Coming from an ASA background, some things don’t seem to work as easily, such as the firewall ruleset, but in reality, this is just a mindset issue, and really, it does work well if you stop thinking like an ASA.

There are a couple of things I really love about the NG Firewalls, and that is the ability to cut and paste. Now I know that cutting and pasting has been around for ages, but it’s nice that if you have two firewalls, one already set up with Site to Site VPNS, you can copy the VPN settings to the clipboard, and paste them onto the new firewall.

It makes life so much easier, you can do this access-rules as well, and it will even change the box IPs for you, and automatically create any custom objects required for the rule.

It’s early days yet, but as I get more to grips with the NG, the more I like it.

Anyway, that’s my three minute Barracuda NG Firewall review. Let’s set one up in UNetLab.

Running the Barracuda NG Firewall in UNetLab

This is my very simple topology.

Barracuda NG Firewall in UNetLab
The router (lazily named “R”) will have the IP address (/24), and the NGF will use, the Windows PC will use

To install the NG Firewall in UNetlab you need to download the OVA file from Barracuda. You can sign up for free at Select Firewall NG and fill out the form.

To install it you need to copy the OVA file to your UNetLab machine, extract, convert, rename, move it and run the fixpermissions wrapper:

root@unl01:/tmp# cd /tmp/
root@unl01:/tmp# tar -xvf GWAY-6.1.0-112-VC610.ova
root@unl01:/tmp# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 GWAY-6.1.0-112-VC610-disk1.vmdk hda.qcow2
root@unl01:/tmp# mkdir /opt/unetlab/addons/qemu/win-barracuda-6.1.0
root@unl01:/tmp# mv hda.qcow2 /opt/unetlab/addons/qemu/win-barracuda-6.1.0/
root@unl01:/tmp# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Once this is done, you can create the topology add it. Note that there will soon be a proper UNetLab template for this! All being well, it will boot up:

Barracuda NG Firewall bootup

The VM will then enter ART (Active Recovery Technology), here you can set a static IP address:

Barracuda NG Firewall ART configuration

Now save it. If you are using a Mac, then press fn + F3 to save.

You should now have connectivity:

Router(config)#int e0/1
Router(config-if)#ip add
Router(config-if)#no shut
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to
Success rate is 100 percent (5/5)

The tricky part is how to get the NGAdmin utility loaded on the Windows VM, this was a neat little thing I learned today. It also deserves (well I think so) a post of its own, so click here to find out how to load files into a Qemu VM.

So once we have our files loaded into the Windows VM, we can fire up the NGAdmin console.

Barracuda NGAdmin-6-1-1 download for Windows

It shows us the splash screen:

Barracuda NGAdmin

And we can log in using root and the password of “ngf1r3wall”.

Barracuda NGAdmin login default username and password

Click on Trust at the Authentication check box

Barracuda NGAdmin login certificate

If (like me) you havn’t got your UNetLab network hooked into your main network, then click on Cancel at this box:

Barracuda NGAdmin licensing

After a few moment, we have logged into the box, and we have two days in which to register it with Barracuda. So, it will need to have proper internet access.

Barracuda NGAdmin dashboard

A couple more screenshots:

Barracuda NG firewall dashboard

Barracuda NG firewall disk usage
It all looks pretty happy. I haven’t done any of the configuration yet, but will do posts on those later on. Need to get my NG licensed first.