Read Before Updating
Before installing any firmware version, back up your configuration and read all release notes that apply to versions more recent than the one currently running on your system.
Do not manually reboot your system at any time during an update unless otherwise instructed by Barracuda Networks Technical Support. Depending on your current firmware version and other system factors, updating can take up to 10 minutes. If the process takes longer, contact Barracuda Networks Technical Support for further assistance.
Firmware Version 5.1
Authentication and Authorization
- Barracuda Load Balancer ADC models 540 and above can be integrated with an external authentication server for client authentication. LDAP, RADIUS, and Kerberos authentication protocols are supported. You can create authorization policies that control access by authenticated users to web applications.
User Interface
- The Services page makes it easier to add, edit, and view services and servers. You can view and update every option when you add a service or a server. If you have similar services, you can use the settings of one service as a starting point when creating a new service. And, as before, you can view the status of all services and real servers at a glance.
- The Status and Security Policies pages also have a new layout.
- The web interface has a new color scheme and improved look and feel.
- An Instant SSL service (that redirects an HTTP connection to an HTTPS service) appears as only one service in the user interface. An Instant SSL service includes both the service port and the redirect port.
Application Security
- The Application Security subscription, which adds Layer 7 security to your existing HTTP-, HTTPS-, FTP-, or FTPS-based applications, is now available at no charge on the Barracuda Load Balancer ADC 540 and above. Configure security policies using the pages under the SECURITY tab.
Support for Barracuda Load Balancer Configuration
- You can restore backup files from a Barracuda Load Balancer to a new ADC system.
Enhancements
- Persistence across services for the same server. A client that uses a real server on one port and is redirected to another port / service will continue to use the same real server. [BNADC-2533]
- Provide support for TCP keepalive for Layer 7 HTTP services. [BNADC-2627]
- Added option to redirect requests with the 301 or 302 status code to a specific URL so that the URL can be cached on the client system. [BNADC-2106]
- Added ability to configure the global Layer 4 connection timeout on the ADVANCED > System Configuration page. [BNADC-1801]
Fixed
- Microsoft Outlook clients failover from one CAS to another without delay. [BNADC-2665]
- Barracuda Load Balancer ADC SNMP, syslog, and NTP services continue to operate even if a Layer 7 UDP service is configured. [BNADC-2315]
- Instant SSL services will rewrite HTTP to HTTPS for content type application/json. [BNADC-1610]
Known Issue
- If you are using IE 7 or IE 8, the BASIC > Services page may not always render correctly.
Version 5.1.0.009:
Note:- The Barracuda Load Balancer ADC Vx is now available on Amazon Web Services.
- The "DEFAULT" certificate for the Barracuda Load Balancer ADC UI has been renewed as part of the upgrade. If the firmware is upgraded over HTTPS, you might not be redirected to the login screen due to renewal of the "DEFAULT" certificate. Please refresh the page after five (5) minutes, and then accept the certificate to proceed.
Fixed
- Vulnerability fix: OpenSSL vulnerabilities outlined in CVE-2014-0224, CVE-2014-0198, CVE-2010-5298 addressed. [BNADC-3916]
- The "DEFAULT" certificate being used by Barracuda Load Balancer ADC for UI access using HTTPS has been renewed. [BNADC-3823]
- It is now possible to change the service type for Layer 4 TCP services. [BNADC-3596]
- The services were disrupted in a high availability environment due to an unnecessary reload issue. This is fixed now. [BNADC-3822]
- In rare circumstances, the Barracuda Load Balancer ADC web interface used to hang up when any configuration change was made. This issue is fixed now. [BNADC-3784]
- It is now possible to add the "Simple HTTPS" testing method under Server Monitor. [BNADC-3574]
Known Issue
- Layer 4 service with Direct Server Return (DSR) mode is not supported on Amazon Web Services.
Version 5.1.0.008:
- Fixed : OpenSSL vulnerability [ CVE-2014-0160 ] for TLS/DTLS Heartbleed attack has been addressed. [ BNADC-3633 ]
Firmware Version 5.0.1
Enhancements
- This firmware version supports the new 540 model.
- Added ability to configure a server using its FQDN.
Fixed
- Unable to add interface if web UI language is any language other than English. [BNADC-1986]
- Traffic statistics for a server are reset to 0 after it is put into maintenance mode. [BNADC-1789]
- Changing service type from HTTPS to Instant SSL does not automatically create the port 80 service. [BNADC-1700]
- Unable to create a TCP and UDP service using the same IP address and port. [BNADC-1698]
- Cannot add valid email addresses of a certain format for notifications. [BNADC-1674]
- Network interfaces are not recognized when the Vx image is deployed on a XEN hypervisor. [BNADC-1647]
Security Vulnerability Fixes
These fixes address vulnerabilities in the web interface.- Fix: Med - High severity vulnerability: unauthenticated, non-persistent XSS. [BNSEC-1251 / BNADC-1997]
- Fix: High severity vulnerability: code injection, remotely exploitable, unauthenticated. [BNSEC-1816 / BNADC-1764]
- Fix: Low severity vulnerability: requires authentication, non-persistent XSS. [BNSEC-1538 / BNADC-1670]
- Fix: Low severity vulnerability: requires authentication, non-persistent XSS. [BNSEC-1279 / BNADC-1422]
Firmware Version 5.0
Application Availability and Delivery
The Barracuda Load Balancer ADC ensures application availability by efficiently distributing traffic to servers, monitoring the health and performance of the servers and balancing traffic between multiple datacenters using GSLB. The Barracuda Load Balancer ADC is designed to optimize web application traffic by performing caching, compression, connection pooling and SSL offloading.
Web Application Security
The Barracuda Load Balancer ADC offers enterprise-grade web application security. Increase your web application security with the Application Security subscription which adds Layer 7 security to your existing HTTP-, HTTPS-, FTP- or FTPS-based applications.
The Application Security subscription includes:
- Protocol limit check
- Protection against OWASP top 10 Attacks
- Protection against common attacks
- SQL injection
- Cross-site scripting (XSS) attacks
- OS command injections
- Cookie or forms tampering
- Brute force protection
- Pre-defined security templates for OWA, SharePoint and Oracle
- Outbound protection
- Web site cloaking
- Outbound data theft protection
- File upload control and virus scanning
- Protection against DDOS attacks
- FTP command checks
Networking
Networking and Layer 4 security features include:
- Network firewall: Layer 4 ACLs can be configured based on IP address, ports and protocols
- Link bonding: Ability to bond multiple links for redundancy and higher throughput
- Geo IP based protection provides an easy way to block or allow clients based on geographic location of clients
Improved Management
This version includes enhanced graphs, logs and reports:
- The BASIC > Status page has a new dashboard look and can be customized based on your requirements
- Enhanced logging allows administrators to view Web firewall logs, Web logs, audit logs, network logs and system logs
- You can generate reports classified in three broad categories, and each category contains a predefined set of reports