Monitoring Barracuda WAF

eG Enterprise provides a specialized Barracuda WAF monitoring model (see Figure 1), which periodically polls the SNMP MIB of the firewall to measure the availability, responsiveness, resource usage, etc. of the firewall, and notifies administrators of potential resource crunches or configuration issues with the firewall.

Figure 1 : Layer Model for Barracuda WAF

Using the metrics reported, administrators can find quick and accurate answers for the following performance questions:

  • Are the current CPU and system fan speeds within safe operational limits to ensure adequate cooling?

  • Is the CPU temperature elevated, indicating possible overheating or insufficient cooling performance?

  • Is the CPU usage consistently high, indicating potential resource strain on the Barracuda WAF?

  • Is the memory usage approaching critical levels, potentially affecting the performance and stability of the Barracuda WAF?

  • Is the Barracuda WAF system experiencing high load, storage pressure, or datapath issues that could impact traffic inspection or performance?

  • Is the cookie handling on the configured service secure and error-free, without signs of tampering, encryption failures, or decryption issues?

  • Are any services experiencing frequent request component overflows such as excessive URL, header, or content lengths?

  • Which services are most affected by blocked method errors or request length violations?

  • Is the total number of profile violations unusually high for the service?

  • Are the ACL hits, policy hits, reserved ACLs, and allowed hits showing that the URL access control is working well?

  • Does the frequency of URL normalization errors,encoding, slash dot, tilde, and character set, indicate improper traffic handling?

  • Are URL translations, re-writes, and redirects happening as expected?

  • Are URL policies being served efficiently without excessive queuing, dropping, or resource errors?

  • Are there any devices not in the expected HA state?

  • Does any recent switchover occur between the active and passive WAF devices?

  • Is the HTTP proxy handling traffic efficiently without excessive timeouts, aborts, or errors, while maintaining adequate protection against intrusions and threats?

  • Are SSL handshakes, session reuse, certificate validations, and traffic volumes consistent and error-free across all SSL proxy IPs and ports?

  • Are all backend HTTP servers consistently accepting and successfully processing requests, while maintaining optimal response times, connection usage, and data flow without excessive rejections, timeouts, or queue build-up?

  • Are all backend SSL servers handling requests efficiently and securely without rejections, timeouts, or performance degradation?

  • Are there any links that are currently down or in an unknown state?

  • Does the Barracuda WAF have any services that are currently down or stopped?

  • Is the number of configured VIPs on the Barracuda WAF as expected?