- What is a Next Generation Firewall?
- Why do I need a Next Generation Firewall?
- What are the major capabilities of the Barracuda NG Firewall?
- What are the differences in levels between the Barracuda NG Control Center editions?
- What application proxies are included?
- What is Layer 7 application control?
- Does Barracuda NG Firewall provide VPN?
- What user authentication methods are supported?
- Does the Barracuda NG Firewall help my organization troubleshoot network problems?
- What if I am not looking to replace my entire firewall infrastructure?
- Is web content filtering included with the Barracuda NG Firewall?
- What appliance models are recommended for my organization?
- Does the Barracuda NG Firewall involve per user fees for VPN client or SSL VPN client usage?
- What is the pricing?
- What is included in the Energize Updates subscription for the Barracuda NG Firewall?
- Is there a warranty?
- When will the Barracuda NG Firewall be available?
- What if I have more questions about the Barracuda NG Firewall?
What is a Next Generation Firewall?
Next generation firewalls are the successors of traditional firewall and unified threat management (UTM) devices. Traditional firewalls generally perform packet forwarding and blocking functions and often incorporate packet inspection techniques. UTM devices usually add content security functions but typically fail to tightly integrate those functions tightly with network management, network access and WAN connectivity capabilities of enterprise-class firewalls.
To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application control and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).
Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda NG Firewall is the most advanced next generation firewall on the market today.
Why do I need a Next Generation Firewall?
Absent application awareness, existing firewall and UTM solutions will generally prove ineffective at dealing with a growing category of current and emerging threats. Even when best-of-breed point solutions can be utilized to provide protection along all threat vectors, such as email, Web, remote access, and IM, operational costs can typically be reduced through consolidation.
Beyond threat protection, application-awareness can dramatically improve traffic prioritization and routing decisions over site-to-site connections, resulting in cost reductions of MPLS, leased line, bandwidth, or 3G data charges associated with maintaining reliable WANs.
Through the Barracuda NG Control Center, the Barracuda NG Firewall delivers next generation firewall features with industry-leading centralized management, capable of scaling to thousands of firewalls with very little administrative overhead.
What are the major capabilities of the Barracuda NG Firewall?
The Barracuda NG Firewall is a next generation firewall and VPN that provides:
- Full application and user awareness
- Integrated content security and network access control
- Optimization of intelligent traffic flow across the WAN
- Industry-leading centralized management capabilities
Integrated content security and network access control:
Barracuda NG Firewall integrates a comprehensive set of next generation firewall technologies, including Web filtering, malware protection, intrusion prevention, anti-spam protection and Layer 7 application control.
Barracuda NG Firewalls include licenses for an unlimited number of IPSec site-to-site connections and IPSec clients through the Barracuda NG VPN Client. The Barracuda NG Firewall SSL VPN and NAC option adds a customizable and easy-to-use Web portal-based SSL VPN as well as sophisticated network access control (NAC) functionality. NAC allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of anti-virus and/or anti-spyware and user ID. The Barracuda NG Network Access Client also adds support for 802.1x port based security for 802.1x enabled routers and switches.
Optimization of intelligent traffic flow across the WAN:
The Barracuda NG Firewall provides application-aware traffic management and prioritization across the WAN - featuring WAN traffic compression and local data deduplication as well as adaptive routing based on network traffic conditions and link status. In addition, through Barracuda NG Control Center, administrators can efficiently monitor VPN tunnels and firewall status.
Industry Leading Centralized Management Capabilities:
To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.
The Barracuda NG Control Center supports multiple administrators simultaneously - even within the same configuration tree. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.
What are the differences in levels between the Barracuda NG Control Center editions?
The Barracuda NG Control Center is offered at three levels - Standard Edition, Enterprise Edition and Global Edition. All Barracuda NG Control Center levels enable administration of an unlimited number of Barracuda NG Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or “range.” The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each “range.”
What application proxies are included?
The Barracuda Networks NG Firewalls include application layer proxies for HTTP, HTTPS (optional), FTP, SSH as well as a generic TCP and SOCKS proxy.
What is Layer 7 application control?
Application identification techniques in traditional firewalls typically rely on layer 3 (destination IP address) or layer 4 (TCP port / protocol) definitions.
Next generation firewalls utilizing Layer 7 application control can identify and enforce policy on more sophisticated applications which may hide their traffic inside otherwise “safe” port/protocols such as HTTP. Skype and peer-to-peer (P2P) applications are particularly notorious for requiring Layer 7 application control for policy enforcement.
The Barracuda NG Firewall integrates Layer 7 application control into its core firewall functions, enabling enforcement of policy based on user ID, security policy, location, and time of day. Policy actions can include blocking, allowing, throttling, or even enabling or disabling of specific application features.
Does Barracuda NG Firewall provide VPN?
The Barracuda NG Firewall appliances offer unlimited site-to-site and client-to-site VPN functionality. With Barracuda NG Firewall, support of the standard IPsec protocol ensures interoperability to other standard VPN devices. Additionally, when connecting two Barracuda NG Firewalls, an enhanced IPSec Key exchange protocol may be used that is fundamentally based on IPsec but offers more throughput and superior tunnel resilience.
Site-to-site VPN Tunnels between Barracuda NG Firewall appliances solely depend on the number of peer appliances and not on the number of networks at each location, resulting in a multi-fold reduction of administrative overhead while usually attaining better tunnel performance when compared to traditional IPSec connectivity.
Example: WAN setup with one headquarters and 20 branch offices. The headquarters network is comprised of 10 networks; every branch office network utilizes three networks.
For a simple hub and spoke setup with Barracuda NG Firewall, the headquarters needs only 20 VPN tunnels and every branch office just one VPN tunnel.
For traditional Firewall/VPN products utilizing IPSec connectivity, every connected network needs a separate security association, resulting in a much higher number of needed VPN tunnels: For a simple hub & spoke setup in this case, the headquarters needs 3*10*20=600 VPN tunnels and every branch office needs 3*10=30 VPN tunnels.
This optimized scaling of tunnels between Barracuda NG Firewalls enables even small Barracuda NG Firewall appliances to support large WAN networks, where protocol inefficiencies of traditional IPsec based products typically require appliances with support for thousands of VPN tunnels.
What user authentication methods are supported?
The Barracuda NG Firewall can authenticate users and enforce user-aware policy using Active Directory, NTLM, MC CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, built in local authentication as well as x.509 certificates.
Does the Barracuda NG Firewall help my organization troubleshoot network problems?
All Barracuda NG Control Center and Barracuda NG Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.
What if I am not looking to replace my entire firewall infrastructure?
In addition to the Barracuda NG Firewall, Barracuda Networks offers a set of best-of-breed point solutions to address your needs if you are not looking yet to replace your entire firewall infrastructure. Relevant point solutions include:
- Email security: Barracuda Spam & Virus Firewall
- Web filtering: Barracuda Web Filter or Barracuda Web Filtering Service
- Layer 7 application control: Barracuda Web Filter
- SSL VPN: Barracuda SSL VPN
- Site-to-site IPSec VPN: Barracuda Link Balancer
- Link load balancing: Barracuda Link Balancer
Is web content filtering included with the Barracuda NG Firewall?
The Barracuda NG Firewall provides content filtering capabilities via an add-on subscription. For more comprehensive Web security, you can integrate the Barracuda NG Firewall with Barracuda Web Security Flex. Barracuda Web Security Flex is a cloud-based web filtering and security service providing policy and enforcement tools needed to protect users from Internet threats. The Barracuda NG Firewall seamlessly integrates with Barracuda Web Security Flex. It offloads resource-intensive Malware scanning and Web content filtering tasks by transparently forwarding Web traffic to the cloud service. In addition to the performance benefits of the cloud, Barracuda Web SecurityFlex provides an easy way to centrally manage Web access policies across multiple locations, aggregate monitoring and reporting and extend Web security to remote users.
What appliance models are recommended for my organization?
The Barracuda NG Firewall is a family of hardware and virtual appliances designed to service next generation firewall capabilities to all office locations of enterprise networks. This includes very small remote locations, home offices, branch offices, headquarters and data centers. Typically, Barracuda NG Firewall models are sized based on firewall throughput, VPN throughput, concurrent connections, and the features selected. For more information, please contact your Barracuda Networks systems engineer.
Does the Barracuda NG Firewall involve per user fees for VPN client or SSL VPN client usage?
No. The Barracuda NG Firewall models include a license to an unlimited number of Barracuda NG VPN clients. With the purchase of the Barracuda SSL VPN and NAC option, there is no licensed limit to the number of Barracuda NG Network Access clients or Barracuda NG SSL VPN users.
What is the pricing?
The Barracuda NG Firewall comes in seven base hardware configurations, ranging from very small office to data center locations. Entry level pricing for the Barracuda NG Firewall F10 starts at $599.
What is included in the Energize Updates subscription for the Barracuda NG Firewall?
Energize Updates from Barracuda Central deliver updates on the extensive library of definitions for intrusion prevention, Layer 7 application control and the included Barracuda Web Filter. In addition, Energize Updates subscriptions also provide access to Basic Support, Firmware Maintenance and optional participation in the Barracuda Early Release Firmware program.
Is there a warranty?
There is a one year warranty against manufacturing defects in the USA and Canada.
When will the Barracuda NG Firewall be available?
The Barracuda NG Firewall is available immediately for sale in North America with the ability to ship to remote customer locations across the world. Please contact your Barracuda Networks sales representative for more information.
What if I have more questions about the Barracuda NG Firewall?
For additional assistance or for a product demonstration of the Barracuda NG Firewall, please contact Barracuda Networks at 888-ANTI-SPAM or +1 408-342-5400
Related Information
Certifications
Customer Spotlight See more..
Customer Feedback See more..
Barracuda Networks is a highly reputable company throughout the world, known for its security expertise. We are convinced that with Barracuda Networks as the new company behind our firewall infrastructure, we will be well-served and supported for many years to come.
