User`s guide
technology—including application control, user awareness, secure VPNs, link optimization, and advanced malware protection—but is designed for
unsurpassed ease of use, and priced competitively. The Barracuda Cloud Control centralized management portal makes it easy and intuitive to
deploy, configure, and manage the Barracuda Firewall from any location, and is included at no extra cost.
Complete Next-Generation Network Security
With integrated application and user visibility, along with support for multiple authentication methods and an optional local user database, the
Barracuda Firewall enables highly granular policies defined by port, protocol, application, user, and time/date. For example, you might allow
Skype chat at all times for everybody, but only allow Skype video at a certain time or for a certain user group. In addition, all models of the
Barracuda Firewall protect unlimited IP addresses, and include an advanced intrusion prevention engine (IPS), as well as unlimited
site-to-site and client-to-site secure VPN licenses.
Web Security in the Cloud
By moving CPU-intensive malware scanning and URL filtering tasks to the Barracuda Web Security cloud infrastructure, the Barracuda Firewall
extends the capacity of on-premises computer resources. In addition, cloud integration ensures that signature libraries and threat definitions are
always up-to-date. Even as whole new threat categories emerge, your protection continues without interruption — unlike that provided by legacy
UTMs, which must be replaced each time they need to defend against a new kind of threat.
Link Optimization Technology
The Barracuda Firewall includes advanced link balancing and traffic shaping capabilities to optimize business continuity and to prioritize
business-critical applications while throttling or blocking unproductive ones. Automatic link failover ensures uninterrupted connectivity even
when a primary link fails—and with the optional Barracuda UMTS 3G modem, you’ll stay connected even if a disaster cuts all the landlines.
Future-Proof Investment Protection
By leveraging effectively limitless cloud resources for content filtering and malware protection, even smaller Barracuda Firewall units are able to
scale easily as traffic and user numbers increase. The Energize Updates subscription service ensures that definitions and signature libraries are
always up to date, and cloud-delivered firmware updates deliver new capabilities as required to address a constantly evolving threat
landscape—no matter when you purchase your Barracuda Firewall, you’ll always have the latest version.
Simple Pricing with No Surprises
Every Barracuda Firewall unit is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection in the
cloud is offered as an affordable per-box subscription. Neither the Barracuda Firewall nor the Web Security Service have any associated per-user
license fees—once you purchase the box and the service, you can scale up to the appliance’s maximum capacity at no further cost. And the
simple, intuitive Barracuda Cloud Control management portal is included free of charge.
ADVANCED NETWORK SECURITY
In today’s world of omnipresent botnets and other advanced threats, one of the main tasks of perimeter protection is to ensure ongoing availability
of the network for legitimate requests and to filter out malicious denial of service (DoS) attacks. Barracuda Firewall achieves this via a series of
advanced techniques:
Barracuda Firewall DoS protection uses generic TCP proxy forwarding so that only legitimate TCP traffic gets into the network.
Rate limits are applied to limit the number of sessions per source handled by the firewall. Packets arriving too quickly will simply be
dropped.
To prevent IP spoofing, the reverse routing path (RRP) to the packet’s source IP address is checked. If the check uncovers a mismatch
between incoming and reply interface, the packet is dropped.
APPLICATION CONTROL
Barracuda Firewall can identify and enforce policy on sophisticated applications that hide their traffic inside otherwise “safe” port/protocols such as
HTTP or HTTPS.
For example, Skype and peer-to-peer (P2P) applications are particularly evasive, requiring advanced application control for policy enforcement.
Barracuda Firewall enforces policies based on application, user, location, and time/date. Actions include blocking, allowing, throttling, or even
enabling or disabling specific application features.
Application control is built into the kernel of the Barracuda Firewall, using a combination of deep packet inspection and behavioral analysis to
reliably detect more than 900 applications.
IDENTITY AWARENESS