Call a Specialist Today! 020 3958 0665 Free Shipping! Free Shipping!

Barracuda CloudGen Firewall X300
Simple Cloud-Based Network Management for Small to Midsized Businesses


Barracuda CloudGen Firewall X300

Sorry, this product is no longer available, please contact us for a replacement.

Click here for a Barracuda LIVE DEMO!Barracuda Firewall X300 Overview:

The X-series firewall enables small and medium size companies to securely adopt cloud applications, virtualization and mobility within IT constrained environments. Barracuda CloudGen Firewalls are a cornerstone of our Total Threat Protection framework, which integrates purpose-built, best-of-breed, highly scalable security solutions to protect users, networks, and data center applications. Components like web and email security, web application security, and secure remote access integrate with the firewall.

Administration is easy with an intuitive web interface and free, cloud-based central management. Consistent user interfaces and common administrative workflows, provides traffic optimization, security and connectivity in a simple and affordable, cloud-managed solution.

Offload resource-intensive content security to the cloud

Offload resource-intensive content security to the cloud


Easy to deploy, easy to use, and affordable

Next-generation visibility and control for today's modern networks - the Barracuda CloudGen Firewall X-Series provide full application control, user awareness, and content security that's so easy to use, it's even manageable from the cloud.

The Barracuda Advantage

  • Easy-to-use, web-based administration
  • Affordable, all-inclusive pricing
  • Unlimited users and protected IPs per firewall
  • Unlimited remote connectivity VPN clients included
  • Cloud-based centralized management
  • Flexible web filtering options (on-box, cloud, Barracuda Web Filter integration)

Product Spotlight

  • Granular control over thousands of applications
  • Full user-awareness
  • Stateful firewall and IPS network perimeter protection
  • Optimized Internet connectivity via multiple providers
  • True application-based provider selection
  • Application control and content security inspection on encrypted web traffic

Next-Generation Capabilities

Next-Generation Firewall

The Barracuda CloudGen Firewall X-Series uses application visibility and user-identity awareness to enable enforcement of granular access policies. Define policies based on any combination of application, user or group ID, time, and other criteria. Policies can even respond to specific application behaviors or features - for example, allowing all employees to use Skype voice, but allowing only executives to use Skype video, except after business hours.

Content Security

Content Security

With the Barracuda CloudGen Firewall X-Series, the content security functionality is not simply bolted on top of the network stack, it's deeply integrated into the firewall engine. As an option, antivirus and web filtering may even be offloaded to the Barracuda Web Security Service cloud, freeing further CPU cycles for network scalability. With the optionally available Advanced Threat Detection the X-Series also offers protection against advanced malware and zero day exploits that routinely bypass traditional signature-based IPS and antivirus engines.

Affordable and Easy to Use

Affordable and Easy to Use

The Barracuda CloudGen Firewall X-Series is the first next-generation firewall to combine application control, user awareness, network firewall, and content security with the elasticity of the cloud. Unmatched ease of use means there's no need for additional IT staff or special training, and with the Barracuda CloudGen Firewall X affordable, all-inclusive pricing, you can rest assured that there won't be any surprise costs down the road.

Benefits:

Simplified Network Traffic Intelligence

Includes a powerful layer-7 engine that can be used to optimize network traffic and guarantee a high level of service for business critical applications.

Powerful features like time and user-based Quality of Service, Application-based Uplink Selection, and Link Redundancy help you ensure availability and productivity for the rest of the organization.

Powerful application traffic management technologies combined with simple, easy to use policy controls allows you to easily and inexpensively implement real-time traffic intelligence at the network perimeter.

Key Features: Application Visibility and Control, Link Optimization and Failover, Quality of Service (QoS) and Traffic Prioritization, Application-Based Provider Selection

Comprehensive Network Security

A complete network security solution including firewall policies, IDS/IPS, and multiple options for web content security. This is provided through integrated URL filtering, by transparently redirecting web traffic to the cloud-based Barracuda Web Security Service or in conjunction with a Barracuda Web Filter appliance.

Keep users, data, and resources safe while opening the network to cloud-based business applications.

Key Features: One Stop for Firewall Rules, Powerful Object-Oriented Design, Cloud-Based Central Management

Remote Connectivity

Provides a range of VPN options for both client-to-site and site-to-site connectivity at no additional cost.

Easily provide network access to remote users with the SSL VPN capabilities of the X-Series which does not require installation of any client software at the endpoint.

Includes the Barracuda Network Access VPN Client for full access to network resources.

For establishing site-to-site connectivity, IPsec VPN tunnels can ensure secure connectivity between central and remote offices.

Key Features: SSL VPN, Client-to-Site VPN, Site-to-Site Connectivity


Reduce Management Overhead

Centrally manage the X-Series firewall through the cloud-based Barracuda Control Center.

The intuitive interface provides a low learning curve, as a single configuration encompass every component of a firewall rule.

The X-Series' powerful object-oriented design also allows firewall rules to dynamically track network changes.

Key Features: One Stop for Firewall Rules, Powerful Object-Oriented Design, Cloud-Based Central Management



Straightforward, Transparent Pricing

Pricing is structured for growing organizations - Like most of the Barracuda products, there are no per-user fees associated with the X-Series firewall.

Integrated URL filtering, VPN access, intrusion detection/prevention, and malware protection are all offered at no additional cost.

Features:

Application Visibility and Control

The Barracuda CloudGen Firewall X-Series analyzes network traffic up to Layer-7, leveraging advanced fingerprints to identify applications and content traffic. Based on the fingerprints, a flexible set of actions, including allowing, blocking, resetting, and redirecting connection attempts and traffic can be defined. A library of hundreds of applications is currently fingerprinted. Furthermore, granular policies can be set for specific application features (e.g., limiting audio calls on Skype). These fingerprints are dynamically updated so that security policies and signatures remain up-to-date.

Active Connections and Real-Time Control

An insightful dashboard interface provides an overview of the active connections for a network. With this interface, real-time actions can also be taken. When resource-intensive applications are preventing business-critical activities like VoIP conference calls, administrators can take immediate action to either end a connection or regulate its bandwidth.

Intrusion Detection and Prevention (IPS)

The Barracuda CloudGen Firewall X-Series Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against thousands of network based threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases to prevent network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

The Barracuda CloudGen Firewall X-Series provides advanced attack and threat protection features such as:

  • Stream segmentation and packet anomaly protection
  • TCP split handshake protection
  • IP and RPC defragmentation
  • FTP evasion protection
  • URL and HTML decoding

The Barracuda CloudGen Firewall X-Series is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems. The IPS can also be used in combination with SSL Inspection.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda CloudGen Firewall X-Series is constantly up-to-date.

Quality of Service (QoS) and Traffic Prioritization

Granular QoS settings enable an organization to set bandwidth policies for applications, services, and users. In addition, traffic prioritization can be set to ensure that latency-sensitive or business-critical applications are always given priority. Pre-built policies enable organizations to immediately begin implementing one of eight pre-defined bandwidth policies. Pre-defined policies can easily be customized to individual customer needs.

Application-Based Provider Selection

The combination of next-generation security and adaptive WAN routing allows the Barracuda CloudGen Firewall X-Series to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications and application categories. This keeps expensive, highly-available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

Real-Time Updates

Barracuda’s 24x7 threat operations center analyzes the latest emerging web-based malware and provides real-time updates. This provides zero-hour response time to fast moving, aggressive web threats with no need to maintain up-to-date signature databases on-premises.

High-Performance Malware and Virus Scanning

Malware scanning is a CPU-intensive operation with a significant performance impact when paired with network packet processing operations on the firewall. By leveraging the cloud for the heavy lifting, the Barracuda CloudGen Firewall X-Series maintains high throughput levels when forwarding packets, handling VPN connections, regulating application traffic, and preventing network intrusions. Even the smaller Barracuda CloudGen Firewall X-Series units for branch offices benefit from the full power of the cloud and are able to scale easily with increasing traffic volumes.

Full User Identity Awareness

The Barracuda CloudGen Firewall X-Series authenticates users with Active Directory, NTLM, LDAP/LDAPS, RADIUS, and x.509 digital certificates. User and group-specific policies, including time-based access controls, are integrated into the firewall rules, making it easy for administrators to customize network access, application usage, and bandwidth allocation for specific users and groups.

User Identity Awareness includes connections via Microsoft Terminal Servers.

Integrates with Barracuda Web Security

Barracuda CloudGen Firewall X-Series can be easily configured to transparently redirect web traffic to any Barracuda Web Security solution (Barracuda Web Filter or Barracuda Web Security Service) without breaking inline connections. Administrators can use a central management portal to configure user-based content filtering rules across 96 content categories. Administrators can block, accept, warn, or log access to domains along with advanced policies such as remote filtering for off-network users, safe search enforcement on search engines, YouTube for Schools integration, SSL inspection, granular web application monitoring, and domain whitelisting/blacklisting. In addition, Barracuda Web Security products provide more than 70 reports for complete visibility into internet browsing activities.

Safe Search Enforcement

Enforce Safe Search mode on major search engines like Google, Yahoo, and Bing to ensure users cannot access inappropriate image and video content. Most search engines offer a safe portal where search results are pre-determined to be appropriate for users of all ages. This is commonly utilized in educational organizations to protect students and maintain compliance. The Barracuda CloudGen Firewall X-Series can automatically re-route all search entries to the safe portal of a search engine to prevent students from viewing obscene or offensive multimedia content.

YouTube for Schools Support

The Barracuda CloudGen Firewall X-Series integrates with YouTube for Schools to protect and empower educational organizations that leverage streaming video in the classroom. YouTube for Schools offers thousands of free educational videos in a controlled environment, allowing teachers to customizable the classroom content that can be accessed on the network, while preventing access to inappropriate videos. The Barracuda CloudGen Firewall X-Series can redirect all YouTube requests to the YouTube for Schools portal instead.

Cloud-Based Central Management

Barracuda CloudGen Firewall X-Series are integrated with Barracuda Cloud Control (BCC) - a web-based management portal, which leverages Barracuda’s global cloud infrastructure to enable organizations to centrally manage all their devices through a “single pane of glass” interface. Administrators have a global view of all their devices, as well as the ability to centrally manage policies and configuration. The intuitive interface makes it easy for small and medium-sized organizations to implement and manage their firewalls with minimal IT overhead.

One Stop for Firewall Rules

The intuitive interface is designed so that a single configuration encompasses every component of a firewall rule. This includes link balancing and QoS configurations necessary to ensure uptime and full control of network traffic. A drag-and-drop interface enables quick-and-easy prioritization of rules.

Powerful Object-Oriented Design

The Barracuda CloudGen Firewall X-Series provides organizations with the ability to aggregate devices, services, and users into management objects. These objects can contain references to other objects, creating a cascading and instantaneous impact across the network when network requirements change.

The power of objects is available to an organization the moment a Barracuda CloudGen Firewall X-Series is deployed. A library of network, device, and user objects are pre-packaged for immediate use, or objects can be created to aggregate the ones that are already predefined on the unit.

Server Load Balancing

Barracuda CloudGen Firewall X-Series can be easily configured to provide out-of-box load balancing or fallback functionality. This helps organizations improve the overall availability and performance of their server infrastructure. Administrators have two options in implementing server load balancing on the Barracuda CloudGen Firewall X-Series:

Cycle- The destination IP addresses are used sequentially based on the source IP address of the connection.

Fallback - All traffic is forwarded to the first IP address in the list. If the first IP address becomes unavailable, the second IP address in the list is used, etc.

Link Optimization and Failover

To ensure the best and most cost-efficient connectivity, the Barracuda CloudGen Firewall X-Series provides a wide range of built-in uplink options including unlimited leased lines, up to six DHCP, four xDSL, up to two ISDN and a UMTS lines. Administrators can bond multiple low-cost WAN links such as DSL lines to increase bandwidth at reduced costs. Further, by eliminating the need to purchase additional devices for uplink balancing, security-conscious customers will have access to a WAN connection; even if one or two of the existing WAN uplinks are severed.

Inbound Link Balancing

The Barracuda CloudGen Firewall X-Series performs inbound link balancing by distributing inbound traffic across multiple links, leveraging its authoritative DNS services. This ensures that the Authoritative DNS server always provides the IP address of the best link when responding to DNS queries.

3G Connectivity

The Barracuda 3G/UMTS Modem provides support for wireless third-generation broadband communication using 3G technologies. This is ideal for remote sites that need a cost-effective, rapidly deployable, and ultra-reliable WAN backup solution to protect it from outages caused by cable or fiber link outages.

It can also serve as a high-quality and cost-effective alternative to traditional uplinks such as DSL, ISDN, and cable lines. The Barracuda 3G/UMTS Modem is suitable as a primary link for temporary sites, in-vehicle deployments, or for businesses requiring connectivity in areas with weak infrastructure such as construction sites, remote areas, mobile businesses, or trade shows.

Guest Networking

Barracuda CloudGen Firewall X-Series provides two options to set up guest access to the internet. Both options are available for locally attached networks as well as for Wi-Fi networks on the Barracuda CloudGen Firewall X-Series X101 and X201 appliances.

  • Confirmation Page: The confirmation page option prompts guests to agree to a configurable Terms of Service page before they can access the network. Guests are subsequently tracked with the assigned IP address since no user information is available.
  • Guest Ticketing: The guest ticketing option will display a customizable logon page asking for user and passcode as generated on an admin website served by the Barracuda CloudGen Firewall X-Series. Guests are subsequently tracked with their assigned username.

SSL VPN

Barracuda CloudGen Firewall X-Series X200 and higher provide VPN capabilities that can be used from within a web browser. Unlike traditional client-to-site VPNs, SSL VPN does not require the installation of client software on the end user's computer. Use SSL VPN to grant remote users access to web applications, client and server applications, as well as internal network resources like Outlook Web Access, SMB, RDP, Telnet, SSH, SMTP, POP3, VNC, IMAP4, webDAV, and HTTP and HTTPS web forwards.

SSL VPN is available at no additional cost for an unlimited amount of users for Barracuda CloudGen Firewall X-Series X200 and higher.

Client-to-Site VPN

The Barracuda CloudGen Firewall X-Series provides support for a suite of protocols to connect remote employees. The appliance supports IPsec-based VPN, PPTP, and the Barracuda Network Access VPN client. The VPN tunnel can be authenticated using a comprehensive set of mechanisms including NTLM, RADIUS, LDAP/LDAPS, Active Directory, and Local Authentication. Barracuda Networks provides VPN clients for Windows, Mac OS X, Linux, and Debian--downloadable right from the user interface.

Site-to-Site Connectivity

IPsec VPNs ensure secure connectivity to other remote sites or a centralized office. Barracuda includes unlimited site-to-site licenses to connect as many sites as needed to the Barracuda CloudGen Firewall X-Series.

Simple Pricing

The Barracuda CloudGen Firewall X-Series is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection is offered as an all-inclusive subscription without any per-user fees. The Barracuda Cloud Control management portal is included free of charge.

High Availability and Failover

Two Barracuda CloudGen Firewall X-Series units of the same model can easily be joined to act as a high availability setup in Active/Passive configuration. The active device continuously synchronizes its configuration and session information with the passive device. A heartbeat connection between the two identically configured devices ensures seamless failover in case the active device goes down.

SSL Inspection

All Barracuda CloudGen Firewall X-Series models can apply IPS, Virus Protection, Application Control and URL Filter to SSL encrypted web traffic using the standard ' trusted man-in-the-middle' approach. SSL Inspection can be fine-tuned to exempt local networks, users/groups, URL Filter categories or custom defined domains from SSL Inspection.

Virus Protection

Barracuda CloudGen Firewall X-Series's Virus Protection shields the internal network from malicious content via a fully integrated antivirus engine. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda CloudGen Firewall X-Series's Virus Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation. The Virus Protection can be run either in the Barracuda Cloud infrastructure or on-box.

Specifications:

Front View
Front View


Rear View

Barracuda CloudGen Firewall X300
Interface
Copper Ethernet NICs 6x1 GbE
USB 2.0 2
Serial / console 1 [RJ45]
VGA interface 1
Performance (as of firmware release 6.8.x)
Firewall throughput Maximum 1 2,100 Mbps
Firewall throughput with Application Detection (AppDetect) 2 1,000 Mbps
Firewall throughput with AppDetect & IPS 2 650 Mbps
Firewall throughput with AppDetect & IPS & URL Filtering 2 330 Mbps
Firewall throughput with AppDetect & IPS & URL Filtering & Virus
Protection 2
280 Mbps
Firewall throughput with AppDetect & IPS & URL Filtering & Virus
Protection & SSL Inspection 3
150 Mbps
VPN throughput 4 300 Mbps
Max. concurrent sessions 120,000
Max. new sessions/s 12,000
Memory
RAM 2,048 MB
Mass Storage
Type SSD
Size 40 GB
SSD MTBF 1,200,000 hours
Dimensions
Weight appliance 2.1 kg
Weight carton with appliance 4.5 kg
Appliance size: width x depth x height 378 x 162 x 44 mm
Carton size: width x depth x height 786 x 495 x 471 mm
Weight appliance 4.9 lbs.
Weight carton with appliance 9.8 lbs.
Appliance size: width x depth x height 14.9 x 6.4 x 1.7 in
Carton size: width x depth x height 30.9 x 19.5 x 18.5 in
Form factor Compact
Hardware
Cooling Fan
Power supply Single, internal
Environmental
Noise emission N/A
Operating temperature 0 to +40 °C
Storage temperature -20 to +70 °C
Operating humidity 5% to 95% non-condensing
MTBF [System]
MTBF > 5 years
Certifications & Compliance
CE emissions Yes
CE electrical safety Yes
UL compliant Yes
FCC emissions Yes
ROHS compliant Yes
Power & Efficiency
Power supply type Internal
Power type [AC/DC] AC
Input rating 100 - 240 Volts
Input frequency 50 - 60 Hz
Auto sense Yes
Wattage / max. power draw 60 W
Max. power draw 1.6 Amps.
Max. heat dissipation 60 W
Max. heat dissipation 205 BTU
Energy efficiency [average] > 83%
Packaging Content
Appliance Yes
Straight network cable Yes
External power brick & cables Yes
Quick start guide Yes
Rackmount bracket Yes

1 Measured with UDP, large packets.
2 Measured with real world Internet traffic found at the gateway.
3 Measured with real world Internet traffic and 50% HTTPS traffic.
4 Measured with AES-128 encryption.

Model Comparison:

Five Models to Choose From

There are five hardware models of the Barracuda Firewall that can handle up to 6,000 Mbps of firewall throughput.

Models: X50 X100 X200 X300 X400 X600
Capacity
Maximum Firewall Throughput 1 800 Mbps 1,000 Mbps 1,900 Mbps 2,100 Mbps 4,000 Mbps 6,000 Mbps
VPN Throughput 2 50 Mbps 100 Mbps 200 Mbps 300 Mbps 600 Mbps 800 Mbps
IPS & Application Control Throughput 100 Mpbs 300 Mbps 400 Mbps 650 Mbps 2,000 Mbps 3,000 Mbps
Maximum Concurrent Sessions 8,000 8,000 60,000 120,000 300,000 500,000
Maximum New Sessions 2,000 2,000 8,000 12,000 15,000 20,000
AppDetect Users 50 100 200 300 500 1,000
AppDetect and IPS Users 25 50 100 150 250 500
AppDetect, IPS, and Web Security Users 15 25 50 100 200 400
Hardware
Form Factor Desktop Desktop Desktop 1U Rack Mount 1U Rack Mount 1U Rack Mount
Dimensions (in.) 10.8 x 6.4 x 1.8 10.8 x 6.4 x 1.8 10.8 x 6.4 x 1.8 14.9 x 6.4 x 1.8 16.8 x 15.9 x 1.7 16.8 x 15.9 x 1.7
Weight (lbs.) 2.9 2.9 2.9 4.4 11.3 11.3
Ports 4x1 GbE copper 4x1 GbE copper 4x1 GbE copper 6x1 GbE copper 8x1 GbE copper 8x1 GbE copper
Power Supply Single external Single external Single external Single internal Single internal Single internal
Integrated Wi-Fi Access Point X51 X101 X201 - - -
Features
Firewall
IPsec VPN (Client-to-Site & Site-to-Site)
Application Control & Monitoring
Intrusion Prevention (IPS)
High Availability
SSL Interception 3, 4
DHCP Server
DNS Cache
Authoritative DNS
SIP Proxy
Automatic Uplink Failover & Uplink Balancing
Application-based Provider Selection
Traffic Management & Optimization
SafeSearch Enforcement
SSL VPN    
Web Security (URL filtering, antivirus) Optional Optional Optional Optional Optional Optional
Advanced Threat Detection Optional Optional Optional Optional Optional Optional
Centrally Manageable Cloud-based Cloud-based Cloud-based Cloud-based Cloud-based Cloud-based

1 Measured with UDP; large packets
2 Measured with AES; MD5
3 SSL Interception including IPS requires an active Barracuda Energize Updates subscription
4 SSL Interception including virus protection requires an active Web Security subscription.

Technical Specs

Firewall
Firewall

  • Stateful packet forwarding
  • Full user-identity awareness
  • Intrusion Prevention (IPS)
  • Application Control and enforcement
    (including subtypes)
  • SafeSearch Enforcement
  • YouTube for Schools enforcement
  • DoS/DDoS denial of service protection
  • Transparent DNAT forward
  • NAT, PAT
  • Object-oriented rule sets
  • Dynamic rules/timer triggers
  • User/group based firewall rules
  • High Availability
  • ARP security
  • Bridging
  • Jumbo frame support

User Identity Awareness
User Identity Awareness

  • Terminal Server Agent
  • Domain Controller Agent
  • Full user and group membership awareness
  • Authentication via captive portal
  • Authentication - supports NTLM, RADIUS,
    LDAP/ LDAPS, Active Directory, local authentication
  • Authentication browser for AD and LDAP servers

Infrastructure Services
Infrastructure Services

  • DHCP server
  • HTTP proxy
  • SIP proxy
  • DNS cache
  • Authoritative DNS
  • SNMP support

Traffic Optimization
Traffic Optimization

  • Uplink monitoring and aggregation
  • Policy routing
  • Application-based provider selection
  • Traffic shaping and QoS
  • 7 predefined shaping bands
  • Health checks for static links / routes via ICMP

VPN
VPN

  • Unlimited site-to-site VPN licensing
  • Unlimited client-to-site VPN licensing
  • Unlimited SSL VPN
  • VPNC certified (basic interoperability)
  • Supports IPsec, PPTP
  • Supports AES-128/256, 3DES, DES, null ciphers
  • VPN clients available for Windows, Mac, Linux
  • iOS and Android mobile device VPN support

 

Wi-Fi
Wi-Fi
(on selected models)

  • Wi-Fi (802.11n) access point on selected models
  • Up to three independent wireless networks
  • Click-through Wi-Fi portal web page for guest access


Advanced Threat Detection

  • Dynamic, on-demand analysis of malware programs (sandboxing)
  • Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
  • Detailed forensics for both, malware binaries and web threats (exploits)
  • Support for multiple operating systems (Windows, Android, etc.)
  • Flexible malware analysis in the cloud

Support Options

Barracuda Energize Updates
Barracuda Energize Updates

  • Firmware updates
  • IPS signature updates
  • Application control updates
  • Standard technical support

Instant Replacement Service
Instant Replacement Service

  • Replacement unit shipped next business day
  • 24x7 technical support
  • Hardware refresh every four years

Security Options

  • “Web Security” provides categorybased web filtering (both online or on-box) and virus protection (online or on-box)
  • “Advanced Threat Detection” provides file-type-based protection against advanced malware and cloud-based sandboxing

Deployment:

"Eco System" of the Barracuda Firewall

The Barracuda Firewall easily integrates into your local network as it comes with all tools needed to integrate into external authentication services as well as remote access clients for Windows, Mac OS X, and Linux. The Barracuda Firewall provides remote access for Android- and iOS-based mobile devices via their built-in VPN functionality. The Barracuda Firewall X200 and higher even provide clientless SSL VPN capabilities at no extra charge.

For management purposes, the Barracuda Firewall can be accessed directly via the web-based interface locally or remotely via Barracuda Cloud Control.

"Eco System" of the Barracuda Firewall Deployment
"Eco System" of the Barracuda Firewall Deployment

VPN

VPNs are a secure, efficient, and economical alternative to dedicated lines or dial-up RAS. With the Barracuda Firewall, you can configure the following types of VPNs:

  • Site-to-Site VPN - Securely and transparently connects remote locations with your network.
  • Client-to-Site VPN - Lets remote users access the corporate network with VPN clients and mobile devices.
  • SSL VPN - Lets remote users access corporate resources over a secure and configurable web interface without the need to install or configure a VPN client.

VPN Deployment

Client-to-Site VPN

Client-to-site VPNs connect remote users to the corporate network.

Client-to-Site VPN

There are three types of IPsec VPNs available:

  • Shared Key - No external CA is required. A passphrase (shared key) is entered on the server and the client. This passphrase is used to authenticate the connection.
  • Client Certificate - X.509 certificates are generated by an external CA. These certificates are used to authenticate the client. This method is more secure.
  • Shared Key and Client Certificate - Client and server require both a shared key and valid client certificate to authenticate the remote device.

Additionally, every user must authenticate using a username and password. Usernames and passwords can be stored in external authentication services like Microsoft Active Directory, LDAP, or RADIUS.

Site-to-Site VPN

Site-to-site VPNs let offices in multiple locations establish secure connections with each other over a public network such as the Internet. A site-to-site VPN extends the company's network, making resources available to remote employees. The Barracuda Firewall establishes strongly encrypted IPsec VPN tunnels, using DES, 3DES, AES-128, AES-256, etc. It supports active and passive tunnel initiation and provides maximum flexibility.

Site-to-Site VPN

SSL VPN for the Barracuda Firewall

The SSL VPN service on the Barracuda Firewall grants users access to internal corporate resources and applications through the secure desktop and mobile portals.

  • Desktop Portal Client Requirements
  • Mobile Portal
  • Configuring SSL VPNs

SSL VPN for the Barracuda Firewall

Cloud Features

Barracuda offers two cloud services to centrally manage multiple Barracuda Firewalls and offload processor-intensive tasks:

  • Barracuda Cloud Control - Barracuda Cloud Control is a comprehensive cloud-based service that lets you monitor and configure multiple Barracuda products from a single console. When your Barracuda Firewall is linked to Barracuda Cloud Control, it continuously synchronizes its configuration settings with the service.
  • Barracuda Web Security Service - Barracuda Web Security Service is a cloud-based web filtering and security service. It helps conserve bandwidth by enforcing web policies in the cloud before forwarding traffic to the Barracuda Firewall.

Cloud Features

Firewall Technology:

The Barracuda Firewall is an application-aware network firewall appliance that leverages cloud resources to extend next-generation security and networking beyond the capabilities of legacy UTM products. Barracuda Firewall offers enterprise-grade security technology-including application control, user awareness, secure VPNs, link optimization, and advanced malware protection-but is designed for unsurpassed ease of use, and priced competitively. The Barracuda Cloud Control centralized management portal makes it easy and intuitive to deploy, configure, and manage the Barracuda Firewall from any location, and is included at no extra cost.

Complete Next-Generation Network Security

With integrated application and user visibility, along with support for multiple authentication methods and an optional local user database, the Barracuda Firewall enables highly granular policies defined by port, protocol, application, user, and time/date. For example, you might allow Skype chat at all times for everybody, but only allow Skype video at a certain time or for a certain user group. In addition, all models of the Barracuda Firewall include an advanced intrusion prevention engine (IPS), as well as unlimited site-to-site and client-to-site secure VPN licenses.

Typical Deployment

Firewall ScreenshotLink Optimization Technology

The Barracuda Firewall includes advanced link balancing and traffic shaping capabilities that optimize business continuity and prioritize business-critical applications while throttling or blocking unproductive ones. Automatic link failover ensures uninterrupted connectivity even when a primary link fails-and with the optional Barracuda UMTS 3G modem, you'll stay connected even if a disaster cuts all the landlines.

Future-Proof Investment Protection

By leveraging cloud resources for content filtering and malware protection, all smaller Barracuda Firewall units are able to scale as traffic and user numbers increase. The Energize Updates subscription service ensures that definitions and signature libraries are always up to date, and cloud-delivered firmware updates deliver new capabilities to address a constantly evolving threat landscape-no matter when you purchase your Barracuda Firewall, you'll always have the latest version.

Simple Pricing with No Surprises

Every Barracuda Firewall unit is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection in the cloud is offered as a subscription-based service. Neither the Barracuda Firewall nor the Web Security Service have any associated per-user license fees-once you purchase the box and the service, you can scale up to the appliance's maximum capacity at no further cost. Cloud-based centralized management through the Barracuda Cloud Control management portal is included free of charge.

Deployments

Advanced Network Security:
In today's world of botnets and advanced threats, one of the main tasks of perimeter protection is to ensure the availability of the network to filter out malicious denial of service (DoS) attacks. The Barracuda Firewall achieves this via a series of advanced techniques:

  • Barracuda Firewall DoS protection uses generic TCP proxy forwarding that allows only legitimate TCP traffic into the network.
  • Rate Limiting reduces the number of sessions per source handled by the firewall. Packets arriving too quickly are dropped.
  • To prevent IP spoofing, the reverse routing path (RRP) to the packet's source IP address is checked. If the check uncovers a mismatch between incoming and reply interface, the packet is dropped.

Advanced Network Security

Application Control:
The Barracuda Firewall can identify and enforce policy on sophisticated applications that hide their traffic inside otherwise "safe" port/protocols such as HTTP or HTTPS.

For example, Skype and peer-to-peer (P2P) applications are particularly evasive, requiring advanced application control for policy enforcement. The Barracuda Firewall enforces policies based on application, user, location, and time/date. Actions include blocking, allowing, throttling, or even enabling or disabling specific application features.

Application control is built into the kernel of the Barracuda Firewall, using a combination of deep packet inspection and behavioral analysis to reliably detect more than 900 applications.

Application Control

User-Based Policies



User-Based Policies:

Different individuals or groups require access to different resources and applications. For example, marketers may require access to Facebook for business use, while others use it for recreational purposes. The Barracuda Firewall enforces user-based policies by identifying users based on IP address mapping. Role assignments based on identity and device posture checks can be used to facilitate Role-Based Access Control (RBAC). The Barracuda Firewall supports Active Directory, NTLM, MS-CHAP, RADIUS, SecureID, LDAP, and TACACS for user-authentication and application control.

Intrusion Prevention System (IPS)
Intrusion Prevention System (IPS):

The Barracuda Firewall IPS is tightly integrated in the firewall architecture. It enhances network security by providing comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures. Security features that protect against spyware and worms prevent fraud and help maintain privacy.

When an attack is detected, the Barracuda Firewall either drops the offending packets and sessions (while still allowing all other traffic to pass) or logs the intrusion attempt. As part of the Energize Updates subscription, signature updates are delivered in real time as new exploits are identified, to ensure the Barracuda Firewall is constantly updated with of the latest threats and vulnerabilities.

Barracuda Web Security Service

Barracuda Web Security Service:

By moving CPU-intensive malware scanning and URL filtering tasks to the Barracuda Web Security cloud infrastructure, the Barracuda Firewall extends the capacity of onpremises compute resources. With virtually unlimited cloud resources, the Barracuda Firewall has the elasticity to scale dynamically as security needs change. Reporting is also handled in the cloud, further improving resource efficiency.

Firewall cloud integration ensures that signature libraries and threat definitions are always up to date-even as new threat categories emerge, your protection continues without interruption.

Link Optimization TechnologyLink Optimization Technology:
To ensure the most cost efficient connectivity, the Barracuda Firewall provides a wide range of built-in uplink options. Unlimited leased lines, up to six DHCP addresses, up to four xDSL lines, two ISDN, and support for UMTS.

By eliminating the need to purchase additional devices for link balancing, customers have access to a redundant WAN connection.

Automatic failover ensures the best uplink is activated on the fly, and all traffic is rerouted to make full use of the remaining links. Predefined load balancing policies make it easy to share the bandwidth of multiple connections while prioritizing specific application traffic.

Centralized Management via the CloudCentralized Management via the Cloud:
Every Barracuda Firewall intergrates with Barracuda Cloud Control (BCC). BCC allows organizations to manage their Barracuda Firewalls through a single, interface. This gives administrators a global view of their devices and ensures they are provisioned with the latest firmware, definitions, and security policies.

Combined with the configuration of Barracuda Web Security settings and reporting, BCC allows security settings to be centrally managed through a single web-based interface. BCC is free with every Barracuda Firewall unit.

Underlying Technology

Firewall AppliancesHardened Operating System
Network perimeter security devices need to be invulnerable to attacks. The Barracuda Firewall is built on a hardened Linux operating system developed and optimized over the course of more than ten years.

A customized infrastructure layer provides the basic gateway properties and routing capabilities already in the Linux kernel. The system is protected against attacks on the system itself as well as all application functions hosted by the system via the integration of a separate Barracuda Firewall-based host firewall.

Next-Generation Platform
Unlike other firewall products that simply enhance or augment standard Linux firewall packages, the core of every Barracuda Firewall is a specially developed application-controlled packet-forwarding platform called the Phion Core. The Phion Core is based on a combination of stateful packet forwarding, TCP stream forwarding, and application-layer gateways. Custom application plug-ins handle complex protocols and dynamic address/port negotiations.

The phion core technology delivers a best-of-both-worlds hybrid technology firewall that uses stateful packet forwarding. Transparent circuit-level application proxying provides content scanning, bandwidth management, and VPN tunneling.

Next-Generation Platform

Frequently Asked Questions:

Why do I need a Barracuda CloudGen Firewall?

As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda CloudGen Firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.

What is the difference between Barracuda CloudGen Firewalls and other firewalls?

Unlike other firewalls in the industry, Barracuda's CloudGen Firewalls were designed with the modern network in mind. As organizations grew in the number of remote offices and employees, secure remote access (both site-to-site and client-to-site) became critical. Our proprietary TINA protocol allows us to provide powerful capabilities such as traffic shaping within VPN tunnels, tunnel encapsulation, traffic compression, NAT reversal, and more.

We also knew early on that a firewall's core job was not only to protect the network, but also to optimize traffic delivery. This is even more important as organization use more cloud-based applications such as Salesforce and Office 365 and business-critical traffic moves to the WAN side of the network. Barracuda CloudGen Firewalls provide a set of powerful capabilities (dynamic link balancing, application-based link selection, quality-of-service, enterprise WAN optimization) to ensure the highest availability for critical applications.

Why do I need a Next Generation Firewall?

As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda CloudGen Firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.

What are the major capabilities of the Barracuda CloudGen Firewall?

The Barracuda CloudGen Firewall is a next generation firewall and VPN that provides:

  • Integrated content security and network access control
  • Optimization of intelligent traffic flow across the WAN
  • Industry-leading centralized management capabilities

What are the differences among the F-Series, S Series and X-Series firewalls?

The Barracuda CloudGen Firewall F-Series is designed for network engineers who manage distributed enterprise environments. It provides all the security functionality one expects from an enterprise next-generation firewall, including application detection and prioritization, IPS, malware protection, URL filter and even DDoS protection. Furthermore, its powerful traffic optimization features, extremely resilient site-to-site connectivity capabilities, and extensive logging and auditing tools make the F-series an ideal fit for organizations that need to efficiently manage and scale massive firewall deployments.

The Barracuda CloudGen Firewall S-Series provides remote connectivity in an affordable and easy to deploy solution. It is designed from the ground up to support Internet of Things initiatives where thousands of remote devices need to be connected to a headquarters or data center. The SC appliances are managed via a NextGen Control Center, and security features like IPS, application detection etc. are provided at the Secure Access Concentrator where the VPN for each SC appliance terminates.

The Barracuda CloudGen Firewall X-Series is ideal for small to medium-sized organizations looking for a simple, yet powerful next-generation firewall that provides IPS, application detection, URL filter, malware protection and some basic email security. Designed for the resource-constrained IT professional, the X-Series' intuitive web interface has a low learning curve while providing and easy-to-use management interface.

How do I know if I should get the X-Series, F-Series or S-Series?

If you only have a few locations to manage (e.g., between one and three) and are looking for a firewall that is application aware and easy to use with a Web UI, then the X-Series firewall is ideal for you.

If you have a lot of remote locations to manage, secure and connect (e.g., more than three) and need a solution to seamlessly manage, protect and optimize your network, the F-Series firewall is right for you.

If you have to securely connect large numbers of devices to backhaul traffic to your HQ or data center, want to centrally administer the deployment and stay scalable, then the S-Series is the perfect choice for you.

Can I centrally manage multiple firewalls from one place?

Yes, all the Barracuda CloudGen Firewall Series-X, F, and S-can be centrally managed from a single pane of glass. The F and S-Series utilize the Barracuda NextGen Control Center to manage massive firewall deployments. The NextGen Control Center is available in physical, virtual and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, which is the same web-based portal that IT administrators use to control their other Barracuda products.

What is the difference in terms of deployment between the F, S and X-Series firewalls?

The Barracuda CloudGen Firewall F-Series can easily be deployed as "standalone" and provides great value this way, but its full potential and cost savings is unleashed when it's centrally managed using a NextGen Control Center.

The S-Series firewall cannot be deployed as standalone, but needs one or multiple Secure Access Concentrators for VPN tunnel termination and a NextGen Control Center for central management. The Web UI on the SC appliances is only intended for initial setup.

The Barracuda CloudGen Firewall X-Series is designed to be used as standalone, and can optionally (at no extra charge) be connected to the Barracuda Cloud Control portal for convenient remote management.

What level of support can I expect to receive from Barracuda?

Regardless of whether you're using the X-Series, F-Series or S-Series firewalls, you can expect the same level of award-winning support from Barracuda's expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you will always speak to an in-region technician who is ready to help.

Can I centrally manage multiple firewalls from one place?

Yes, both the Barracuda NextGen X-Series and F-Series firewalls can be centrally managed from a single pane-of-glass. The F-Series utilizes the Barracuda NextGen Control Center to manage massive firewall deployments. The Control Center is available in physical, virtual, and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, the same web-based portal that IT administrators use to control their other Barracuda products.

What level of support can I expect to receive from Barracuda?

Regardless of whether you're using the X-Series or F-Series firewalls, you can expect the same level of award-winning support from Barracuda's expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you'll always speak to an in-region technician ready to help.

What if I have more questions about the Barracuda CloudGen Firewall?

For additional assistance or for a product demonstration of the Barracuda Firewall, please contact us!

Documentation:

Download the Barracuda CloudGen Firewall X Datasheet (.PDF)