The Barracuda NG Firewall is a family of hardware and virtual appliances designed to protect network infrastructure, improve site-to-site connectivity and simplify administration of network operations.
Beyond its powerful network firewall, IPS and VPN technologies, the Barracuda NG Firewall integrates a comprehensive set of next generation firewall technologies, including Layer 7 application control, WAN optimization, Web filtering, anti-virus, anti-spam and network access control enforcement.
Integrated content security
Layer 7 Application Control
By integrating Layer 7 Application Control into its core firewall engine, the Barracuda NG Firewall can identify and enforce security policies on more sophisticated applications, which may hide their traffic inside otherwise “safe” port/protocols such as HTTP. Especially instant messaging (IM) and and peer-to-peer (P2P) applications are particularly notorious for opening backdoors into the network and spreading malicious content thus requiring ultra-reliable application control for policy enforcement. The Barracuda NG Firewall enables enforcement of policy based on user ID, group affiliation, location and time of day – thus providing a full application and user awareness across the entire corporate network environment. Policy actions include reporting, blocking, throttling, or even enabling or disabling of specific application features.
Optimization of intelligent traffic flow across the WANThe Barracuda NG Firewall provides application-aware traffic management and prioritization across the WAN, featuring adaptive routing based on network traffic conditions and link status. In addition, through Barracuda NG Control Center, administrators can efficiently monitor VPN tunnels and firewall status.
Network access control
Barracuda NG Firewalls include licenses for an unlimited number of IPSec site-to-site connections and IPSec clients through the Barracuda NG VPN Client. The Barracuda NG Firewall SSL VPN and NAC option adds a customizable and easy-to-use Web portal-based SSL VPN as well as sophisticated network access control (NAC) functionality. NAC allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of anti-virus and/or anti-spyware and user ID. The Barracuda NG Network Access Client also adds support for 802.1x port based security for 802.1x enabled routers and switches.
Industry Leading Centralized Management Capabilities
To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations. The Barracuda NG Control Center supports multiple administrators simultaneously - even within the same configuration tree. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.
Roles-based Administration and Multi-Tenancy
The Barracuda NG Control Center is offered at three levels - Standard Edition, Enterprise Edition and Global Edition. All Barracuda NG Control Center levels enable administration of an unlimited number of Barracuda NG Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or “range.” The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each “range.”
Quick Troubleshooting for Network Administrators
All Barracuda NG Control Center and Barracuda NG Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.
The Barracuda NG Firewall integrates stateful packet filtering and Layer 7 Application Control. The stateful packet filtering firewall ensures that the network and the system itself is protected against classic TCP Layer 2 to Layer 4 attacks.
The Barracuda NG Firewall includes a client-to-site as well as site-to-site virtual private network (VPN) service to allow safe, encrypted communication over the Internet. Every Barracuda NG Firewall model includes an unlimited number of VPN client licenses.
Transparent TCP Proxy
The Barracuda NG Firewall includes a TCP proxy to effectively open TCP packets, inspect and rebuild TCP network traffic.
NAT / PAT/ IP Masquerading
The Barracuda NG Firewall includes the ability to modify network address information in datagram (IP) packet headers for the purpose of remapping a given address space into another. This feature is most often used to hide internal IP addresses from the outside network.
Intrusion Prevention System (IPS)
The Barracuda NG Firewall monitors network and system activities for malicious or suspicious behavior and can react in real-time to block or prevent those activities. Each Barracuda NG Firewall includes a database of regularly updated signatures of thousands of attacks.When an attack is detected, the Barracuda NG Firewall can drop the offending packets while still allowing all other traffic to pass or just Log the intrusion attempt. Reporting includes Alerts, warnings and notices. Attacks are classified into 5 common categories from Critical to Informational, 64 custom policies can be created to determine the actions applicable per severity. Explicit actions for individual IPS signature patterns can easily be defined.
Barracuda NG Firewall models F200 and above provide WAN compression technology, enabling customers to apply generic large disctionary compression to the byte stream inside VPN tunnels between two Barracuda NG Firewall appliances. For typical network traffic, compression rates of up to 95% dramatically increase the experinced bandwidth available connecting remote locations.
SFP Fiber Interfaces (Models F400, F600, F800 and F900)
Barracuda NG Firewall F800 and F900 models are available with optional small form factor pluggable (SFP) network ports. Also known as Mini-GBIC, these network ports allow connecting the Barracuda NG Firewall to one or multiple 1 Gigabit fiber optic or copper networks. Barracuda NG Firewall models F400 and F600 may optionally be equipped with four small form factor pluggable (SFP) network ports as a field upgrade option.
SFP+ Fiber Interfaces (Models F800 and F900)
Barracuda NG Firewall F800 and F900 models are available with optional small form factor pluggable plus (SFP+) network ports. These network ports allow connecting the Barracuda NG Firewall to one or multiple 10 Gigabit fiber optic networks.
Wi-Fi Access Point (Models F101, F201, F301)
Barracuda NG Firewall models F101, F201, F301 are equipped with a built in Wi-Fi access point to establish a wireless local area network according to IEEE 802.11 standards b and g with bandwidth of up to 108 Mbps.The included click-through and login portal functionality may be used to facilitate kiosk style internet or network access.
3.5G wireless USB Modem
All Barracuda NG Firewall models are equipped with high speed USB 2.0 ports, supporting wireless uplink technology for the Barracuda USB MODEM M10 . This GSM based quad band wireless 3.5G modem allows for upload speeds of up 3.6 Mbit/s and download speeds of up to 7.2Mbit/s, depending on your carrier an coverage. (SIM not provided)
Barracuda Web Filter (Models F100 and higher)
The Barracuda Web Filter included with Barracuda NG Firewall models F100 and above enforces Internet usage policies by blocking access to non business related Web sites based on domain or URL pattern. The Barracuda Web Filter database provides millions of websites in 96 categories and is constantly updated be collecting feedback from hundreds of thousands of deployed Barracuda Networks Web Filter appliances in Barracuda Central.
Barracuda NG Web Filter (Models F100 and higher)
The Barracuda NG Web Filter is a subscription option for Barracuda NG Firewall models F100 and above that enforces Internet usage policies by blocking access to Web sites and Internet applications that are not related to business. The Barracuda NG Web Filter content category database contains more than 100 million Web sites in 62 categories.
Barracuda NG Malware Protection (Models F100 and higher)
The Barracuda NG Malware Protection subscription option for Barracuda NG Firewall models F100 and higher provides gateway-based protection against malware, viruses, spyware, Dialers and other unwanted programs inside SMTP, HTTP, POP3 and FTP traffic.
Barracuda NG Web Security (Models F100 and higher)
The Barracuda NG Web Security subscription option for Barracuda NG Firewall models F100 and higher offers complete Web security and consists of a bundle of the Barracuda NG Web Filter and Barracuda NG Malware Protection.
Barracuda NG Secure Web Proxy (Models F600 and higher)
Subscription option for Barracuda NG Firewall models F600 and higher. The NG Secure Web Proxy option enables HTTPS traffic inspection to enable NG Malware Protection and NF Web Filter inside otherwise encrypted HTTPS traffic.
Barracuda SSL VPN and NAC (Models F200 and higher)
The Barracuda SSL VPN & NAC subscription is available for Barracuda NG Firewall models F200 and higher. The Barracuda NG SSL VPN enables secure, clientless remote access to internal network resources from almost any Web browser.
Network Access Control (NAC) restricts access to the network based on identity, security posture, presence of operating system patches, anti-virus and anti-spyware solutions. Barracuda NG SSL VPN and NAC supports NAC enforcement via IEEE 802.1X compatible routers and switches.