Specifications
8 Barracuda Link Balancer Administrator’s Guide
In Front of Firewall
Figure 2.1 gives an example of a customer network that has both client and server traffic.
Figure 2.1: Deployment Example - before Barracuda Link Balancer
Figure 2.2 shows the same network with a Barracuda Link Balancer that was installed with no
changes to the configuration of the existing firewall. A new WAN link has been added.
In this network:
• The Barracuda Link Balancer has a static IP address on WAN1 that is on the same network as
the firewall and the externally visible servers.
• The clients are on a different subnet than all WAN links.
• The external IP address and gateway of the firewall remain the same.
• The gateway IP addresses of the Barracuda Link Balancer and the firewall are provided by the
ISPs. The gateway of the LAN devices is provided by the firewall.
WAN Link If you are enabling inbound access to resources
behind the Barracuda Link Balancer, such as a
Web server, at least one WAN link must have a
static IP address.
The Barracuda Link Balancer may use the same
IP address that had been used by your firewall.
Site to Site VPN If you already have a site to site VPN it should be
terminated on your existing firewall. VPN traffic
has one source IP address so it goes out on only
one WAN link. It is recognized as VPN traffic so it
will not be NAT’d by the Barracuda Link Balancer.
No failover or failback is available.
Alternatively, make the Barracuda Link Balancer
a VPN endpoint to achieve failover and failback
to and from a secondary link.
Failover and failback to and from a secondary
link.
Table 2.1: Deployment Modes
In Front of Firewall Replacing Your Firewall