Barracuda CloudGen Firewall F280
Next-Generation Firewalls for Distributed Enterprises with Advanced Threat Detection
List Price:
Our Price: $741.00
Click here to jump to more pricing!
Barracuda CloudGen Firewall F-Series:
As you integrate a growing number of public-cloud platforms and environments into your network, your firewalls have to do more than just secure your perimeter. They also have to serve as the linchpin of your IT communications flow, ensuring highly reliable and cost-effective connections. Barracuda CloudGen Firewall was designed to optimize performance, security, and availability of today's dispersed enterprise SD-WANs.
The Barracuda Advantage:
- Simple pricing with no per-application or per-user/group licensing fees
- Unlimited site-to-site and client-to-site VPN included
- Deploy the way you want: hardware, virtual, or cloud
- Configuration and lifecycle management via one graphical user interface without the need for a command-line interface
Product Spotlight:
- Full user/group awareness
- Full application visibility and granular access control
- Advanced Threat Protection (incl. sandboxing)
- Built-in web security and IDS/IPS
- Full SD-WAN capabilities included
- Cloud-ready application-based provider selection
Full Next-Generation SecurityBarracuda CloudGen Firewall is designed and built from the ground up to provide comprehensive, next-generation firewall protection. Firewalling, IPS, URL filtering, dual antivirus and application control take place directly in the data path. More resource-intensive tasks like sandboxing — required for protecting against ransomware—are seamlessly integrated in the cloud. All CloudGen Firewall platforms and models provide the same level of security, maintaining maximum security from branch offices to headquarters. |
|
Full SD-WAN CapabilityIn the cloud era, you need to connect branch offices with the cloud in a direct and secure way. Backhauling traffic to the central Internet gateway using MPLS can be very costintensive. Barracuda CloudGen Firewalls let you replace costly MPLS connections with cost-efficient broadband connections. You can utilize up to 24 broadband connections per VPN tunnel for increased bandwidth at lower cost. |
|
Connecting The DotsBarracuda CloudGen Firewall combines next-generation security and SD-WAN capabilities in one product that that you can manage centrally using an intuitive, singlepane-of-glass solution. This lets you access the benefits of the cloud safely, and to optimize cloud access from anywhere in the network. Low line costs and efficient administration help to reduce operating costs significantly.
|
Benefits:
Intrusion Detection and Prevention
|
Advanced Threat Protection
|
|
|
Traffic Intelligence & SD-WAN
|
|
Features:
Advanced Threat Detection
While traditional solutions usually detect network threats after they have breached the network, by sending log notifications to the administrator, the Barracuda Advanced Threat Detection (ATD) implements full system emulation, which provides deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.
The Barracuda ATD offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization's network.
The Barracuda Advanced Threat Detection is an optional subscription.
Application Control 2.0
The Barracuda CloudGen Firewall provides a powerful and extremely reliable detection and classification of more than 1,200 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:
- Block unwanted applications for certain users or groups
- Control and throttle acceptable traffic
- Preserve bandwidth and speed-up business-critical applications to ensure business continuity
- Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube Postings, or MSN file transfers)
- Intercept SSL-encrypted application traffic
The Barracuda CloudGen Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.
For rich reporting and drill-down capabilities, the Barracuda CloudGen Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial for QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.
Deep Application Context
The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.
Personalized Application Control
On top of the 1,400+ applications that are delivered out of the box and constantly updated, the Barracuda CloudGen Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization's specific needs.
User Identity Awareness
Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to. Barracuda CloudGen Firewalls are fully user-identity aware by linking a user to one or several IP addresses. Any role assignments that result from identity and device posture checks communicated to the firewall by our health agents can be used within the firewall to facilitate role-based access control (RBAC). Barracuda CloudGen Firewalls support authentication of users and enforcement of user-aware firewall rules, web filter settings, and Application Control 2.0 using Active Directory, NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.
Reporting
The Barracuda NG Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda CloudGen Firewall units and to create easy-to-read reports in pdf format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email. Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.
For auditing reasons IP addresses can be anonymized.
Intrusion Detection and Prevention
The Barracuda CloudGen Firewall Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:
- SQL injections and arbitrary code executions
- Access control attempts and privilege escalations
- Cross-Site Scripting and buffer overflows
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
- Directory traversal and probing and scanning attempts
- Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda CloudGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.
As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda CloudGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NG Control Center.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection
In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda CloudGen Firewall effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network. Additionally, the Barracuda CloudGen Firewall allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda CloudGen Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.
Web Filtering
The Barracuda Web Filter enables highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.
Malware Protection
Barracuda Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.
Application-Based Link Selection
The combination of next-generation security and adaptive WAN routing allows the Barracuda CloudGen Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.
Traffic Shaping and Quality of Service
Limited network resources make bandwidth prioritization a necessity. The Barracuda CloudGen Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. The Barracuda CloudGen Firewall provides a large set of QoS techniques, such as traffic shaping, traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.
Failover and Link Balancing
To ensure the best and most cost-efficient connectivity, the Barracuda CloudGen Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.
WAN Optimization
The Barracuda CloudGen Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of business-critical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of the Barracuda CloudGen Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprise-grade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, the Barracuda CloudGen Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications - at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.
Microsoft Azure
Besides VMware, KVM, and XenServer, the Barracuda CloudGen Firewall is fully compatible for use in Windows Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer.
As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances to help organizations.
Barracuda CloudGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring, and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualized environments.
Amazon EC2
Besides VMware, KVM, and XenServer, the Barracuda CloudGen Firewall is fully compatible for use in Amazon Elastic Compute Cloud (EC2).
As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances.
Barracuda CloudGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda Networks virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualization environments.
BYOD (Bring Your Own Device)
The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The Barracuda CloudGen Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.
Secure Remote Access
The Barracuda CloudGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every Barracuda CloudGen Firewall unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.
Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.
Network Access Control
The optional Barracuda CloudGen Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.
The Barracuda Network Access Client, when used with the Barracuda CloudGen Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda CloudGen Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda CloudGen Firewall units acting as policy servers can be administered, monitored, and reviewed from a single Barracuda NG Control Center.
Scalable Deployment
Managing the security issues in a widely distributed enterprise network can be painful and extremely time-consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With the Barracuda NG Control Center, managing mulitple Barracuda CloudGen Firewalls takes the same amount of time as managing one.
- Create pre-configured templates for easy-rollout.
- Have all information about the enterprise security deployment available in real time.
- Create reports of either one or all Barracuda CloudGen Firewalls.
Lifecycle Management
Scalable Barracuda CloudGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.
Revision Control System, Audit, and Reporting
The integrated revision control system increases auditing ease for the infrastructure and cuts overhead.
Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements.
Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable, and easy to read.
Mobile Portal
Gain easy access to your organization’s applications via SSL VPN connections. Barracuda‘s Mobile Portal enables you to set up shortcuts on the home screen of devices such as smartphones or tablets. When accessing the portal via the web browser on a mobile device, users can browse apps, network folders and files as if they were connected to the office network.
The Mobile Portal supports most commonly used devices, e.g., Apple iOS, Android, and Blackberry devices.
Barracuda’s Mobile Portal is an optional feature included with an “SSL VPN and NAC” subscription.
Specifications:
Front View
Rear View
Barracuda CloudGen Firewall F280 | |
---|---|
Performance | |
Firewall throughput 1 | 3.7 Gbps |
VPN throughput2 | 780 Mbps |
IPS throughput 3 | 1.0 Gbps |
NGFW throughput [Mbps] 4 | 1.0 Gbps |
Concurrent sessions | 250,000 |
New sessions/s | 10,000 |
Memory | |
RAM | 2 GB |
Mass Storage | |
Type | SSD |
Size | 80 GB |
SSD MTBF | N/A |
Dimensions | |
Weight appliance | 4.9 lbs / 2.1 kg |
Appliance size: width x depth x height | 14.9 x 6.4 x 1.7 inch |
Form factor | Desktop |
Environmental | |
Operating temperature | 32 to 95 °F |
Operating humidity | 5% to 95% non-condensing |
Interface | |
Copper Ethernet NICs | 6x1 GbE |
USB 2.0 | 4 |
Integrated DSL Modem (incl. WAN) | Annex A, 1xRJ11 + 1x1 GbE SFP |
VGA | Yes |
Certifications & Compliance | |
CE emissions | Yes |
CE electrical safety | Yes |
FCC emissions | Yes |
ROHS compliant | Yes |
Packaging Content | |
Appliance | Yes |
Serial cable | Yes |
Straight network cable | Yes |
External power brick & cables | Yes |
USB flash drive for recovery & installation | Yes |
Quick start guide | Yes |
2x Barracuda wall mount bracket | Yes |
1 Firewall throughput measured with large packets (MTU1500) UDP packets, bi-directional across multiple ports.
2 VPN performance is based on Barracuda TINA VPN protocol, 1415 Byte UDP packets using AES128 NOHASH, bidirectional using BreakingPoint traffic generator.
3 IPS throughput is measured using large packets (MTU1500) UDP traffic and across multiple ports.
4 NGFW throughput is measured with IPS, application control, and web filter enabled, based on BreakingPoint Realworld-IPS-Enterprise-Traffic-Mix, bidirectional across multiple ports.
5 For more detailed information on sizing, please use the free sizing application "Barracuda NextGenBlueprint" for iOS - available for iPhones and iPads.
Model Comparison:
With hardware models available for small branch offices as well as large headquarters and data centers, and a corresponding offering of virtual appliances, the Barracuda CloudGen Firewall F-Series is designed for deployment across the entire enterprise.
Model: | F18 | F80 | F82 | F18x | F18xR | F280 |
---|---|---|---|---|---|---|
Performance1 | ||||||
Firewall throughput | 1.0 Gbps | 1.35 Gbps | 1.35 Gbps | 1.65 Gbps | 1.65 Gbps | 3.0 Gbps |
VPN throughput | 190 Mbps | 240 Mbps | 240 Mbps | 300 Mbps | 300 Mbps | 1.0 Gbps |
IPS throughput | 400 Mbps | 500 Mbps | 500 Mbps | 600 Mbps | 600 Mbps | 1.0 Gbps |
Concurrent sessions | 80,000 | 80,000 | 80,000 | 100,000 | 100,000 | 250,000 |
New Session/sec | 8,000 | 8,000 | 8,000 | 9,000 | 9,000 | 10,000 |
NGFW Throughput | 300 Mbps | 400 Mbps | 400 Mbps | 550 Mbps | 550 Mbps | 800 Mbps |
Firewall Users (recommended) | No limit (25-75) |
No limit (50-100) |
No limit (50-100) |
No limit (75-100) |
No limit (75-100) |
No limit (150-300) |
Site-to-Site VPN Tunnels | No limit | No limit | No limit | No limit | No limit | No limit |
Barracuda VPN Clients (recommended)2 | No limit (25) |
No limit (25) |
No limit (25) |
No limit (50) |
No limit (50) |
No limit (50) |
Hardware | ||||||
Form factor | Desktop | Desktop | Desktop | Desktop | Compact, DIN rail mount | Desktop |
Dimensions (in) | 10.8 x 6.4 x 1.7 | 10.8 x 6.4 x 1.7 | 14.8 x 6.3 x 1.7 | 14.9 x 6.4 x 1.7 | 3,07 x 5,75 x 5 | 14.9 x 6.4 x 1.7 |
Weight (lbs) | 3.1 | 3.1 | 4.9 | 4.9 | 2.2 | 4.9 |
1 GbE Copper Ethernet NICs | 4x1GbE | 4x1GbE | 4x1GbE | 6x1GbE | 5x1 GbE RJ45 | 6x1GbE |
1 GbE Fiber NICs (SFP) | - | - | - | - | - | - |
10 GbE Fiber NICs (SFP+) | - | - | - | - | - | - |
Max Storage | 30 GB | 30 GB | 50 GB | 80 GB | 100 GB or better | 80 GB |
Power Supply | Single, External | Single, External | Single, External | Single, Internal | Dual, external | Single (External) |
Integrated Switch | - | - | - | 8-port | - | 8-port |
Integrated DSL Modem (incl. WAN) | - | - | Annex B, 1xRJ45 + 1x1 GbE SFP | - | - | - |
Integrated Wi-Fi Access Point | - | - | ||||
Features | ||||||
Firewall | ||||||
Application Control | ||||||
IPS | ||||||
Dynamic Routing | ||||||
App-Based Provider Selection | ||||||
Client-to-Site and Site-to-Site VPN (unlimited) | ||||||
SD-WAN | ||||||
Web Filter | ||||||
Email Security | ||||||
Zero-Touch Deployment | Optional | |||||
Available Software/Feature Subscriptions | ||||||
Energize Updates | Optional | Optional | Optional | Optional | Optional | Optional |
Malware Protection | Optional | Optional | Optional | Optional | Optional | Optional |
Advanced Threat Protection | Optional | Optional | Optional | Optional | Optional | Optional |
Advanced Remote Access | Optional | Optional | Optional | Optional | Optional | Optional |
Total Protect | Optional | Optional | Optional | Optional | Optional | Optional |
Total Protect PLUS | Optional | Optional | Optional | Optional | Optional | Optional |
Available Hardware/Support Subscriptions | ||||||
Warranty Extension | Optional | Optional | Optional | Optional | Optional | Optional |
Instant Replacement | Optional | Optional | Optional | Optional | Optional | Optional |
Premium Support | depends on product mix and size of deployment | |||||
Model: | F380 | F400 | F600 | F800 | F900 | F1000 |
Performance1 | ||||||
Firewall throughput | 3.8 Gbps | 5.5 Gbps | 16.3 Gbps | 30.0 Gbps | 35 Gbps | 40 Gbps |
VPN throughput | 1.2 Gbps | 1.2 Gbps | 2.3 Gbps | 7.5 Gbps | 9.3 Gbps | 10 Gbps |
IPS throughput | 1.4 Gbps | 2.0 Gbps | 5.0 Gbps | 8.3 Gbps | 11.3 Gbps | 13 Gbps |
Concurrent sessions | 400,000 | 500,000 | 2,100,000 | 2,500,000 | 4,000,000 | 10,000,000 |
New Session/sec | 15,000 | 20,000 | 115,000 | 180,000 | 190,000 | 250,000 |
NGFW Throughput | 1.0 Gbps | 1.2 Gbps | 4.6 Gbps | 7.0 Gbps | 8.0 Gbps | 10.2 Gbps |
Firewall Users (recommended) | No limit (200-500) |
No limit (300-1,000) |
No limit (1,000-4,000) |
No limit (4,000-6,000) |
No limit (6,000-9,000) |
No limit (7,000-15,000) |
Site-to-Site VPN Tunnels | No limit | No limit | No limit | No limit | No limit | No limit |
Barracuda VPN Clients (recommended)2 | No limit (50) |
No limit (50) |
No limit (100) |
No limit (500) |
No limit (1,000) |
No limit (2,000) |
Hardware | ||||||
Form factor | 1U Rackmount | 1U Rackmount | 1U Rackmount | 1U Rackmount | 1U Rackmount | 2U Rackmount |
Dimensions (in) | 16.9 x 13.0 x 1.7 | 16.9 x 17.7 x 1.7 | 16.8 x 17.7 x 1.7 | 17.4 x 22.4 x 1.7 | 17.4 x 22.4 x 1.7 | 17.0 x 24.6 x 3.5 |
Weight (lbs) | 13.0 | 16.5 | 17.6 | 26.0 | 26.0 | 44.1 |
1 GbE Copper Ethernet NICs | 8x1 GbE | 8x1 GbE (STD , F20 sub-model) |
12x1 GbE (C10, C20 sub-models) or 8x1 GbE (F10, F20, E20 sub-models) |
24x1 GbE (CCC sub-model) or 16x1 GbE (CCF, CCE sub-models) |
32x1 (CCC sub-model) or 16x1 GbE (CCE sub-model) or 8x1 GbE (CFE sub-model) |
16x1 GbE (CE0, CFE sub-models) or 32x1 GbE (CE2 sub-model) |
1 GbE Fiber NICs (SFP) | - | 4x1 GbE (F20 sub-model) |
4x1 GbE (F10, F20 sub-models) |
8x1 GbE (CCF sub-model) |
8x1 GbE (CFE sub-model) |
16x1 GbE (CFE sub-model) |
10 GbE Fiber NICs (SFP+) | - | - | 2x10 GbE (E20 sub-model) |
4x10 GbE (CCE sub-model) |
4x10 GbE (CCE, CFE sub-models) |
4x10 GbE (CE0 sub-model) or 8x10 GbE (CE2, CFE sub-models) |
Max Storage | 80 GB or better | 80 GB or better | 180 GB or better | 430 GB or better | 430 GB or better | 550 GB or better |
Power Supply | Single | Single | Dual | Dual | Dual | Dual |
Integrated Switch | - | - | - | - | - | - |
Integrated DSL Modem (incl. WAN) | - | - | - | - | - | - |
Integrated Wi-Fi Access Point | - | - | - | - | - | - |
Features | ||||||
Firewall | ||||||
Application Control | ||||||
IPS | ||||||
Dynamic Routing | ||||||
App-Based Provider Selection | ||||||
Client-to-Site and Site-to-Site VPN (unlimited) | ||||||
SD-WAN | ||||||
Web Filter | ||||||
Email Security | ||||||
Zero-Touch Deployment | ||||||
Available Software/Feature Subscriptions | ||||||
Energize Updates | Optional | Optional | Optional | Optional | Optional | Optional |
Malware Protection | Optional | Optional | Optional | Optional | Optional | Optional |
Advanced Threat Protection | Optional | Optional | Optional | Optional | Optional | Optional |
Advanced Remote Access | Optional | Optional | Optional | Optional | Optional | Optional |
Total Protect | Optional | Optional | Optional | Optional | Optional | Optional |
Total Protect PLUS | Optional | Optional | Optional | Optional | Optional | Optional |
Available Hardware/Support Subscriptions | ||||||
Warranty Extension | Optional | Optional | Optional | Optional | Optional | Optional |
Instant Replacement | Optional | Optional | Optional | Optional | Optional | Optional |
Premium Support | depends on product mix and size of deployment | Optional | Optional | Optional | Optional |
1 For detailed information on how throughput numbers are measured, please refer to the detailed hardware specifications on page 21ff.
2 Basically, the number of Barracuda VPN Clients connecting is unlimited.
3 Model F82 and its submodels DSLA and DLSB) are only available for EMEA region.
4 F18x consists of models F180 and F183
5 F18xR consists of models F180R, F183R, and F184R
Technical Specs
Firewall
- Stateful packet inspection and forwarding
- Full user-identity awareness
- Intrusion Detection and Prevention System (IDS/IPS)
- Application control and granular application enforcement
- Interception and decryption of SSL/ TLS encrypted applications
- Antivirus and web filtering in single pass mode
- • Email security
- SafeSearch enforcement
- Google Accounts Enforcement
- Denial of Service protection (DoS/DDoS)
- Spoofing and flooding protection
- ARP spoofing and trashing protection
- DNS reputation filtering
- NAT (SNAT, DNAT), PAT
- Dynamic rules / timer triggers
- Single object-oriented rule set for routing, bridging, and routed bridging
- Virtual rule test environment
Protocol Support
- IPv4, IPv6, ARP
- BGP/OSPF/RIP
- VoIP (H.323, SIP, SCCP [skinny])
- RPC protocols (ONC-RPC, DCE-RPC)
- 802.1q VLAN
Intrusion Detection & Prevention
- Protection against exploits, threats, and vulnerabilities
- Packet anomaly and fragmentation protection
- Advanced anti-evasion and obfuscation techniques
- Automatic signature updates
Advanced Threat Detection
- Dynamic, on-demand analysis of malware programs (sandboxing)
- Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
- Detailed forensic analysis
- Botnet and spyware protection
- TypoSquatting and link protection for email
Central Management Options via Barracuda NextGen Control Center
- Unlimited firewalls
- Support for multi-tenancy
- Multi-administrator support & RCS
- Zero-Touch Deployment
- Pool license management
- Template & repository-based management
- REST API
High Availability
- Active-active or active-passive
- Transparent failover without session loss
- Encrypted HA communication
Traffic Intelligence & SD-WAN
- Simultaneous use of multiple uplinks (transports) per VPN tunnel
- FIPS 140-2 certified cryptography
- Auto-VPN tunnel creation between remote spoke locations based on application type
- Dynamic bandwidth detection
- Performance-based transport selection
- Application-aware traffic routing
- Adaptive session balancing across multiple uplinks
- Traffic Replication (forward error correction)
- Application-based provider selection
- Application-aware traffic routing (VPN)
- Traffic shaping and QoS
- Built-in data deduplication
VPN
- Drag & drop VPN tunnel configuration
- VPNC certified (basic interoperability)
- Network Access Control
- iOS and Android mobile device VPN support
- Multi-factor authentication for SSL VPN and CudaLaunch
Infrastructure Services
- DHCP server, relay
- SIP, HTTP, SSH, FTP proxies
- SNMP and IPFIX support
- DNS Cache
- Wi-Fi (802.11n) access point on selected models
Support Options
Barracuda Energize Updates
- Standard technical support
- Firmware updates
- IPS signature updates
- Application control definition updates
- Web filter updates
Instant Replacement Service
- Replacement unit shipped next business day
- 24x7 technical support
- Hardware refresh every four years
Available Bundles
- Advanced Threat and Malware Protection combines gateway-based protection against malware, viruses with Advanced Threat Protection's sandboxing to protect against network breaches, zero-day malware exploits and other advanced malware like ransomware.
- Total Protect bundles the hardware unit with Energize Updates, Application Control, IPS, Web Filter, Malware Protection, Email Security, Warranty Extension, and 8x5 basic support.
- Total Protect PLUS bundles the hardware unit with Energize Updates, Application Control, IPS, Web Filter, Email Security, Advanced Threat and Malware Protection, Advanced Remote Access, and 24x7 support.
CloudGen Firewall Technology:
The first Cloud-Generation Firewall
More and more companies all over the world adopt and integrate public cloud offerings into their network. But “before you can work in the cloud, you have to get to cloud” has never been more true than today. Shifting workloads to cloud based services, regardless if Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a service (IaaS) exposed a different set of requirements WAN Edge and network security devices today need to address: Optimizing connectivity for business critical applications, enforcing higher security levels than ever and reducing cost by moving away from expensive MPLS lines. Because traditional WAN edge and security products did not adapt to these new challenges, a new set of solutions enabling cost efficient connectivity across the cloud-enabled WAN has emerged: SD-WAN. However, SD-WAN typically does not adress security-related aspects. It is considered more like a connectivity solution that works besides the security solution - at best. Just like different species.
Barracuda CloudGen Firewalls F are the first to combine full NextGen Security with the Connectivity optimization and cost savings potentials of a full SD-WAN solution onto one single easy to manage hardware, virtual or cloud based appliance. The F-Series’ cloud-ready firewalls improve site-to-site connectivity and enable uninterrupted access to applications hosted in the cloud all while simplifying the administration of network operations for enterprises and managed services providers.
The Barracuda CloudGen Firewall F-Series achieves this by tightly integrating a comprehensive set of nextgeneration firewall technologies, including Layer 7 application profiling, intrusion prevention, web filtering, advanced threat and malware protection, spam protection and network access control. Yet on top of these cutting-edge next-generation firewall capabilities, the F-Series’ highly resilient VPN technology combined with intelligent traffic management and WAN Compression capabilities allow customers to save line costs and increase overall network availability.
All pieces of the solution are centrally manageble across all platforms and release versions, reducing ongoing adminitrative overhead and ensuring policy compliance and enforcement across the wide area network.
- Consolidated Security without Compromise: All F-Series Firewalls provide comprehensive next-generation firewalling including Application Control and User Awareness, full Mail & Web Security Gateway functionality, Malware Protection, Botnet and Spyware detection, TypoSquatting & Link Protection, Sandboxing (Advanced Threat Protection), URL Filter, and file type policy enforcement. All this combined with unbeatable Network Security and packed into a single, powerful appliance. The tight integration of web security and network security features enables advanced functionalities, such as prioritizing certain application traffic based on user/group info and time information, and allowing certain applications to go out via predefined uplinks only
- Cloud Ready: The ongoing shift of IT workloads to cloud services in order to increase flexibility and reduce costs requires a reliable, cost-effective extension of the company WAN to the cloud. This applies to headquarters as well as direct Internet breakouts at every branch location. Barracuda CloudGen Firewall F-Series models come fully featured for all common cloud IaaS providers, as virtual appliances, and in a variety of hardware appliances for even small offices. Hybrid WAN and cloud-only networks can thereby also benefit from the F-Series.
- Secure SD-WAN Capabilities: Significantly increase uplink and WAN network reliability and performance by using and aggregating up to 24 active, load-sharing connections of any type (broadband, 4G, MPLS between locations). WAN optimization functionality including data deduplication and caching, traffic compression and application acceleration increase available bandwidth far beyond the sum of all available physical uplinks combined. Dynamic, on-the-fly adjustments of QoS and application usage policies depending on dynamic bandwidth measurement make sure there will always be enough bandwidth for business-critical applications. And with Zero Touch Deployment even the largest rollouts are easy to execute.
- Unified Remote Access: Access to applications - regardless if hosted in the cloud or on premises - is commonly expected not only from within the company network but from any remote location or mobile device. Barracuda CloudGen Firewalls include zero-touch for remote access, unified remote-access clients for macOS, Windows, iOS, and Android devices to make sure employees enjoy fast and reliable access to corporate applications from inside the network – and anywhere else, too.
- Once Only Central Management: The entire Barracuda CloudGen Firewall F-Series infrastructure, regardless if only a few devices or a couple thousand distributed across thousands of locations and multiple deployment types, can be deployed, managed and monitored from a single pane of glass through the Barracuda NextGen Control Center. Managing several hundreds of firewalls requires the same effort as managing one firewall.
- Unparalleled Cost Savings: Barracuda CloudGen Firewalls consolidate security, SD-WAN, link balancing, and WAN compression disciplines into a single appliance that provides significant cost savings due to the reduction or elimination of expensive leased lines and consolidation of security devices. Even for small rollouts of only a few devices, customers achieve a return of investment after just a few months, while thousands of dollars can be saved over the course of the next few years.
Next Generation Firewall Functionality: Application and User Identity Awareness
Full Application Awareness
Mobile devices, online applications, social networks, and streaming media have caused an enormous increase in non-business network data traffic, pushing bandwidth capacities to their limits and causing degradation in performance of business-critical applications.
Application Control built into every Barracuda CloudGen Firewall allows admins to accurately identify and control thousands of protocols and applications (like software updates, BitTorrent, Skype, instant messaging etc.) crossing the network and not visible with regular port-based firewalls. The Barracuda CloudGen Firewall F-Series gives administrators granular control over applications. They can define rules for forwarding application traffic using the most suitable uplink based on type of application, user, content, time of day, and even geographical location. Unsanctioned applications can be reliably blocked or bandwidth throttled to an acceptable level.
Deep Application Context
Deep application context analysis enables deeper inspection of the application data stream by continually evaluating the actual intentions of applications and the respective users. For example, if a user attempts to use an application like “hidemyass” to bypass traditional web filtering, Barracuda CloudGen Firewalls cannot only block the application itself, but also report the website the user originally attempted to connect to.
Custom Application Definitions
On top of thousands of applications that are delivered out of the box and constantly updated, Barracuda CloudGen Firewalls provide an easy way to create userdefined application definitions. For example, admins can allow just a very limited set of Facebook apps while blocking all others, or assign more bandwidth to homegrown or legacy business systems.
Application-Based Routing
A unique combination of next-generation security and adaptive WAN routing technology allows the Barracuda CloudGen Firewall F-Series to dynamically assign available bandwidth, uplink, and routing information based not only on protocol, user, location, and content, but also on applications, application categories, and even web content categories. This keeps expensive, highly available lines free for business- and missioncritical applications, while significantly reducing response times and freeing up additional bandwidth.
Block unwanted applications, control acceptable traffic, and ensure business continuity
Real-Time Application Reporting and Manipulation
For on-the-fly reporting and drill-down capabilities, Barracuda CloudGen Firewalls come with real-time and historical application visibility that show live and recent application traffic on the corporate network that can be interactively filtered and drilled down. This helps admins to decide which application connections should be given bandwidth prioritization and who is currently violating acceptable use policies.
Application Risk and Usage Report
The Application Usage and Risk Report is one of many predefined reports in the free Barracuda Report Creator tool that provides automated reports and risk analysis based on the network traffic traversing the network. It gives an overview of how effective the currently deployed policies are in detecting and enforcing corporate application usage policies and even provides recommendations of what actions should be taken to improve these policies.
Barracuda CloudGen Firewalls can easily be deployed risk free into existing networks to collect data required for generating such reports by using either a Layer 2 network bridge or SPAN Port / Port Mirroring deployment. No matter what method is used, collecting the traffic has no impact on the firewall performance at all.
Creating reports can be started manually (on-demand) or scheduled (including automated email distribution). And - of course - reports are fully customizable to comply with possible branding requirements.
Full User Identity Awareness
Barracuda CloudGen Firewalls combine application control with seamless support for all commonly used authentication schemes such as Active Directory, RADIUS, and LDAP/S. That means reporting can be done based on user and group membership (instead of source IP addresses), and firewall and application policy rules can easily be created for individual users and groups.
Web Security Gateway
Advanced Threat Protection
Barracuda’s Advanced Threat Protection (ATP) uses nextgeneration sandbox technology including full-system emulation to catch advanced persistent threats, zeroday malware, and all advanced malware designed specifically to evade detection. Advanced Threat Protection on Barracuda CloudGen Firewalls ensures flexible and simple deployment into existing networks because no additional hardware is required. Resourceintensive sandboxing is offloaded to the Barracuda Advanced Threat Protection Cloud with its multiple datacenters in the Americas, mainland Europe, and the UK. A hash fingerprint of each file and the good/bad classification of all sandboxed files are stored and cached for future use, effectively speeding up processing and guaranteeing near instantaneous results. Over 95% of all files checked by the ATP service have typically been seen before and only very few files need processing.
Since the Barracuda Advanced Threat Protection cloud database cache is continuously updated by tens of thousands of Barracuda NextGen Firewalls, Email Security Gateways, Web Security Gateways and Barracuda Essentials, the Barracuda ATP service provides a true worldwide early detection grid for newly emerging malware.
With Advanced Threat Protection on Barracuda NextGen Firewalls, the firewall administrator has full policy control over how PDF documents, Microsoft Office Files, EXEs/MSIs/DLLs, Android APKs, compressed files, and archives are emulated and delivered to the client. Based on identified malware activity, infected users can be automatically quarantined, thereby preventing the malware from spreading within the network. Customizable, on-demand analysis reports for any emulated file provide full insight and details on malicious activities, file behavior, system-registry entries, and evasion and obfuscation techniques. This also enables network activities such as establishing encrypted connections to botnet command and control centers for increased security posture to evade scaled botnet attacks.
Botnet and Spyware Protection
In combination with the Advanced Threat Protection cloud database, all Barracuda Next Gen Firewall F-Series provide protection against botnet infections. The F-Series detects potentially infected clients based on DNS requests. Once an infected client is detected, it can be isolated automatically, and an alert can be created or reported with the Barracuda Report Creator.
TypoSquatting & Link Protection for Email
This important feature of ATP adds protection for two rising threats: uncovering misleading and misspelled links. The link protection component automatically rewrites deceptive URLs in email messages to a Barracuda-validated URL and informs the requesting user on this change via a warning page displaying all the details about the blocked URL. TypoSquatting is a common trick to fool users into clicking on a link to a known source although the link is misspelled (e.g., examlpe.com), comes with a different top-level domain (e.g., example. org), or contains special characters (e.g., greek character rho for “p” - examρle.com), etc.
Web Filtering
Web filtering on the Barracuda CloudGen Firewall F-Series is included with the Energize Updates subscription and enables highly granular, real-time visibility into online activity, broken down by individual users and applications, thereby letting administrators create and enforce effective Internet content and access policies. Web filter functionality with the Barracuda NextGen Firewall F-Series protects user productivity, blocks malware downloads and other web-based threats, enables compliance by blocking access to inappropriate websites and servers, and provides an additional layer of security alongside application control.
Safe Search Enforcement
Many search engines have a safe search setting that filters out adult search results such as inappropriate images and videos in search query return traffic. On Barracuda CloudGen Firewalls customers can easily activate Safe Search Enforcement so that the firewall will enforce safe search settings for all common search providers such as Google, Yahoo, and Bing, and even within YouTube. Search engines not supported can easily be blocked. This functionality is even effective within SSL-encrypted search engines like google.com if SSL Inspection (included with all Barracuda CloudGen Firewall F-Series) is activated.
Google Apps Accounts Enforcement
In some cases, users with their own Google Apps account may be able to circumvent Safe Search enforcement settings by logging in from their workstation with their own Google Apps account. To prevent this, all Barracuda CloudGen Firewalls enforce and limit Google Apps Accounts logins only for a list of predefined Apps accounts easily created the administrator.
Mail Security Gateway
Mail is still one of the most common ways of spreading malware. Barracuda CloudGen Firewalls include all necessary means to prevent incoming email to the corporate mail server from being infected.
Barracuda CloudGen Firewall mail security includes malware scanning, Advanced Threat Protection, and basic spam filtering via DNS blacklisting of known mail senders and malware domains.
Malware Protection
The optional Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as heuristics to detect malware or other potentially unwanted programs even before signatures are available. The malware protection covers viruses, worms, Trojans, malicious Java applets, and programs using known exploits on PDF, pictures and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.
File Content Enforcement
The Barracuda CloudGen Firewall F-Series includes true file type detection and enforcement capabilities based not only on extension and MIME type, but also on sophisticated true file type detection algorithms. Bypassing executable files by renaming or compressing is detected and blocked. Besides blocking / allowing connections, the CloudGen Firewall F-Series also lets admins change download priorities . For example, if an ISO image started downloading with normal web traffic priority, the admin can increase or decrease the assigned bandwidth for the download, even though the user started downloading via a regular web- browsing session.
Network Security
Intrusion Detection and Prevention
Every Barracuda Next Generation firewall includes a built-in Intrusion Detection and Prevention System (IDS/IPS) that provides complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases, thereby preventing network attacks such as:
- SQL injections and arbitrary code executions
- Access control attempts and privilege escalations
- Cross-site scripting and buffer overflows
- DoS and DDoS attacks
- Directory traversal and probing and scanning attempts
- Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda CloudGen Firewalls can identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems. As part of Barracuda’s Energize Updates subscription automatic IPS signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda CloudGen Firewalls are constantly up-to-date.
Dos/DDos Attack protection
Every Barracuda CloudGen Firewall F-Series comes with a host of built-in network protection functionalities beyond firewalling and IPS to protect networks and resources against malicious over-exhaustion. TCP SYN flooding attacks are automatically prevented by predefined connection attempt limits that are configurable separately for outbound and inbound accept policies.
To further guard against regular DoS/DDoS attacks, the maximum number of new sessions and the allowed total number of sessions from a single source can be specified. This protects against resource exhaustion of your firewalls as well as the servers and networks behind them. These settings are configurable on a perrule basis, thereby ensuring that protected servers with higher loads like web servers may be fully utilized.
Cloud Enablement
The exponential growth in cloud computing offerings has driven more and more organizations to consider adopting a hybrid network WAN with new workloads being deployed predominantly to the cloud. Potential cost savings and the ability to scale up and down are attractive cloud propositions, but the real reason companies move to the cloud is the ability to push products to the market much more quickly.
To fully experience cloud computing benefits, Barracuda CloudGen Firewalls help organizations apply the same levels of security and connectivity as if the new network were in the local, on-premises datacenter.
Secure Connectivity to the Cloud
Barracuda CloudGen Firewalls are designed from the ground up to enable access to cloud applications by utilizing a unique combination of link bonding, dynamic application prioritization, application-based uplink selection and WAN Optimization techniques to improve the WAN network performance to the cloud, regardless of office type or remote mobile locations.
Deploying Multi-Tier Architectures
Segmenting cloud networks into multiple tiers provides security, visibility, and compliance for on-premises applications. Additionally, this can be leveraged when the applications are deployed in public cloud environments through the Barracuda CloudGen Firewall F-Series. The Barracuda CloudGen Firewall F secures, restricts, and monitors the communications between these tiers, and limits the potential damage to an organization in the event of an attack. By filling the functional gaps between cloud infrastructure security and a defense-indepth strategy, the Barracuda CloudGen Firewall provides protection between the application and data layers, rather than solely where the cloud network starts.
This architecture provides:
- Comprehensive security enforcement inside the cloud
- Threat detection and traffic monitoring between cloud application components
- Secure integration with on-premises resources
- Restricted and encrypted role-based administrative access to application infrastructure
- A mix of cloud hosted network tiers and on-premises tiers if required by compliance regulations
Enhancing ExpressRoute Security
Azure ExpressRoute allows organizations to establish high-performance private connections between Azure datacenters and on-premises infrastructure and provides low latencies, failure-resilient connectivity and consistent predictable performance. The Barracuda CloudGen Firewall F-Series enhances ExpressRoute security and boosts reliability and performance of Azure session connections:
Security
- Encrypt traffic across ExpressRoute
- Check traffic for network threats and malware
- Prevent unwanted traffic from entering or leaving the cloud
Reliability & Performance
- Provide transparent fallback to Internet VPN in case of MPLS uplink failure while preserving all running sessions
- Bond ExpressRoute with up to 24 Internet uplinks using Barracuda TINA VPN technology for significantly enhanced cloud connection
Intelligence
- Log all traffic for troubleshooting and reporting purposes
- Enforce priorities for protocols and applications utilizing ExpressRoute
- Enforce security policies based on user identity
SD-WAN & Performance
With the increasing adoption of virtualization, softwaredefined networks (a.k.a. SD-WAN) and cloud-native applications in today’s business environment, the role of the firewall has evolved from a gateway-based, securityonly device to a set of distributed solutions that make sure the WAN network is available any time for any type of endpoint. Regardless if the WAN endpoint is a headquarters, a remote office, a network in the IaaS cloud, or a mobile endpoint, CloudGen Firewalls are expected to enable impeccable WAN performance.
CloudGen Firewall units deployed to multiple physical and cloud locations allow an organization to create a fault-tolerant, high-performance WAN network on top of low-cost broadband lines by combining full next-gen deep security inspection, smart policy-based adaptive traffic management, and WAN optimization technology into a single centrally manageable solution. Besides improved fault tolerance against outages and better WAN performance, the solution enables cost optimization strategies when multiple carriers/ISPs are combined to get the required bandwidth at an optimum price. This section highlights of Barracuda CloudGen Firewalls’ WAN reliability and performance technologies.
WAN Compression
All Barracuda CloudGen Firewalls include data deduplication, and traffic compression. With built-in WAN compression, Barracuda NextGen Firewalls significantly improve site-to-site WAN network throughput and accelerate the delivery of business applications - at no extra charge. WAN compression is even included with Barracuda CloudGen Firewall F-Series virtual and cloud-based deployment options, effectively enabling secure, high-performance direct Internet breakouts to cloudhosted networks for every remote location.
Failover and Link Balancing
Barracuda CloudGen Firewalls provide a wide range of built-in uplink options such as leased lines, broadband (DHCP, DSL/cable, PPPoA, PPPoE, PPTP), and 3G/4G/UMTS. Up to 24 uplinks can be combined in load sharing or failover mode, eliminating the need to purchase additional devices for link balancing. F-Series’ unique combination of application awareness and traffic intelligence mechanisms automatically prioritizes business-critical applications, networks, and even distinct endpoints in case overall remaining bandwidth is degraded.
Unlike typical firewall solutions, all uplinks can be utilized to distribute VPN traffic, effectively enabling extremely reliable site-to-site VPN connectivity with only inexpensive broadband or even 4G uplinks.
Dynamic Bandwidth Detection and Performance-based Transport Selection
In order to achieve the highest possible quality of service, all Barracuda CloudGen Firewall F-Series models pro-actively measure the available VPN bandwidths and - automatically - select the best uplink for a VPN connection based on bandwidth, latency, or combined quality metrics.
Adaptive Bandwidth Reservation
If a measured bandwidth is not sufficient for businesscritical traffic (e.g., VoIP), the F-Series can automatically adjust the allocated bandwidths for non-businesscritical traffic to free up bandwidth for redistribution.
Adaptive Session Balancing
Using multiple transports simultaneously might end up in some clogged transports and some hardly used ones. To avoid this inconvenience, the Barracuda CloudGen Firewalls can dynamically balance not only newly created sessions but also already existing ones across the available uplinks.
Traffic Replication
Especially for VoIP traffic it is highly sensitive to paket loss. Barracuda CloudGen Firewall F-Series mirrors VoIP/ Video packets and sends these across multiple uplinks smiltaneously. At the destination, the packets are then again combined to provide best voice and video quality
On-Demand Dynamic Mesh VPN
Barracuda CloudGen Firewall F-Series deployments in a centrally managed WAN network create VPN tunnels dynamically based on remote peer and application. The typical use case for this technology is on-demand VPN tunnels between two branch offices for a VoIP telephone call, thereby improving call quality. For hybrid networks hosted in public cloud infrastructures like Microsoft Azure or Amazon AWS, this technology can easily be used to enable on-the-fly and direct access to cloud applications from remote offices that otherwise do not need a permanent connection to the cloud
Unified Remote Access
The Barracuda CloudGen Firewall F-Series incorporates advanced client-to-site VPN capabilities, using SSL, IPsec, and TINA protocols to ensure remote users can easily and securely access network resources without timeconsuming client configuration and management. The communication protocols used with our clients are optimized to be fully roaming-capable by quickly reconnecting upon loss of communication. Smart pathfinder technology determines the nearest point of entry to the corporate network. By using different ports encapsulated in either TCP or UDP, the advanced NAT traversal technology can easily pass through web proxies.
The influx of private computing devices, be they smartphones, laptops, or tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD (Bring Your Own Device) adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The F-Series provides strong capabilities that give users the full advantage of their devices while reducing possible risks to their business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.
Browser Remote Access (SSL VPN)
Barracuda’s responsive SSL VPN portal enables you to provide simple browser-based remote access on desktop or mobile devices. When accessing the portal via the web browser on a desktop or mobile device, users can browse apps, network folders, and files as if they were connected to the office network. The responsive portal supports most commonly used devices (Apple iOS, Android, Blackberry, etc.) and is part of the Advanced Remote Access subscription.
CudaLaunch
CudaLaunch is a simple-to-use remote connectivity application specifically designed to securely extend the company network to BYOD and mobile devices. The app is available for Windows, macOS, iOS, and Android, can be downloaded from the App Stores. End users can install the app without elevated privileges on the device. CudaLaunch looks and feels the same on every platform and provides fast, Java-independent access to commonly used applications in the company network, regardless if hosted on-premises or in the cloud. CudaLaunch’s Zero Touch administration features drastically reduce support and administration costs for rapidly changing mobile and BYOD devices.
VPN Clients (Barracuda Network Access Client)
Every Barracuda CloudGen Firewall supports an unlimited number of VPN clients at no extra cost. The Barracuda Network Access VPN Client provides a sophisticated VPN client for Windows, macOS, and Linux that provides richer performance and functionality than standard IPsec client software. Benefits include quick restoration of VPN tunnels, “Always On” VPN connections for PCs, redundant VPN gateway support, selective routing of network traffic through the VPN tunnel, and optimal VPNGateway detection based on location. The Barracuda Network Access Client, when used with a Barracuda CloudGen Firewall F, provides centrally managed Network Access Control (NAC) and an advanced Personal Firewall. This enforces client health and security policies for remote users connecting to the corporate network.
Barracuda VPN Client for Mac OS
Barracuda VPN Client for Windows 7
Once-Only Central Management
To centralize management across many different firewalls and remote access users, the Barracuda NextGen Control Center enables administrators to manage and configure security, content, traffic management, and network access policies from a single interface. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.
The Barracuda NextGen Control Center helps significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateway. Software patches and version upgrades are centrally controlled from within the management console and deployment can be applied to all managed devices.
Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.
Barracuda NextGen Control Center’s Status Map displays a drill down status overview of all centrally managed Barracuda CloudGen Firewall F-Series deployments.
Scalable Deployment
Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With Barracuda NextGen Control Center, managing multiple F-Series deployments takes the same amount of time as managing one.
Lifecycle Management
Scalable Barracuda CloudGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.
Zero Touch Deployment
Especially for large rollouts without having IT personnel on the floor at the remote locations, the NextGen Firewall F-Series in conjunction with NextGen Control Center support Zero Touch Deployment. This feature allows to send appliances to location without having to pre-setup them beforehand. After unpacking the appliance and powering it up, the appliance automatically connects to the Barracuda Cloud Control where it receives are very basic set of information. This Information is just enough to create a high-secure TINA VPN connection to the NextGen Control Center the appliance shall be assigned to. The full configuration is sent to the appliance via the VPN tunnel and the appliance is part of the security infrastructure without the need of dedicated and trained IT security administrators at the location.
Additional Hardware Options:
F18 | F80 | F82 | F18x | F18xR | F280 | F380 | F400 | F600 | F800 | F900 | F1000 | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Built-in WiFi option | ||||||||||||
Spare power supply unit for submodels with dual power supply | ||||||||||||
Maintenance kit (two fans & one power supply unit) | ||||||||||||
Wall mount bracket (2x) | ||||||||||||
L-shape rack mount bracket (2x) | ||||||||||||
Rail kit | ||||||||||||
DINrail mount | ||||||||||||
USB Modem |
Included
Optional
Built-in Wi-Fi Option
The Barracuda CloudGen Firewall appliances F80, F82 DSLA, F82 DLSB, F180, and F280 offer built-in Wi-Fi.
Item | Specification |
---|---|
Standards | 802.11b/g/n |
Operating Frequency | 802.11b/g/n ISM Band: 2.412 ~ 2.4835 GHz |
Modulation | 802.11b: DSSS (DBPSK, DQPSK, CCK) 802.11g: OFDM (BPSK, QPSK, 16-QAM, 64-QAM) 802.11n: OFDM (BPSK, QPSK, 16-QAM, 64-QAM) |
Output Power | 802.11b: 17dBm ± 2dBm 802.11g: 16dBm ± 2dBm 802.11gn HT20: 15dBm ± 2dBm@MCS7 802.11gn HT40: 14dBm ± 2dBm@MCS7 |
Receive Sensitivity | 802.11b: ≤ -85dBm@11Mbps 802.11g: ≤ -76dBm@54Mbps 802.11gn HT20: ≤ -75dBm@MCS7 802.11gn HT40: ≤ -72dBm@MCS7 |
Wireless security | 64/128-bits WEP WPA WPA2 |
Supported Barracuda Network Module Combinations (firmware release 6.1.x and newer)
Barracuda Network Module M801
Optional network module providing 8x1 GbE RJ45 copper ports.
Available for Barracuda CloudGen Firewall models F800 and F900.
Barracuda Network Module M802
Optional network module providing 4x1 GbE fiber slots for standard SFP type transceivers
(compatible with SR and LR transceivers).
Available for Barracuda CloudGen Firewall models F800 for self-installed field upgrades.
Barracuda Network Module M804
Optional network module providing 8x1 GbE fiber ports for standard SFP type transceivers
(compatible with SR and LR transceivers).
Available for Barracuda CloudGen Firewall model F900.
Optional network module providing 4x10 GbE fiber ports for standard SFP+ type transceivers (compatible with SR and LR transceivers).
Available for Barracuda CloudGen Firewall models F800 and F900.
Barracuda Network Module M1001
Optional network module providing 16x1 GbE RJ45 copper
ports.
Available for Barracuda CloudGen Firewall model F1000.
Barracuda Network Module M1002
Optional network module providing 16x1 GbE fiber ports for
standard SFP type transceivers (compatible with SR and LR
transceivers).
Available for Barracuda CloudGen Firewall model F1000.
Barracuda Network Module M1003
Optional network module providing 4x10 GbE fiber ports for
standard SFP+ type transceivers (compatible with SR and LR
transceivers).
Available for Barracuda CloudGen Firewall model F1000.
Barracuda Wall Mount Bracket
The Barracuda wall mount bracket allows mounting Barracuda CloudGen Firewalls F18, F80, F180, and F280 to be mounted on a wall or similar.
Barracuda L-shape Rack Mount bracket
The L-shape rack mount bracket enables Barracuda Firewall F280 to be mounted in a
1U Standard 19" Rack slot.
Barracuda CloudGen Firewall FAQ:
What is a Next Generation Firewall?
Next generation firewalls are the successors of traditional firewall and unified threat management (UTM) devices. Traditional firewalls generally perform packet forwarding and blocking functions and often incorporate packet inspection techniques. UTM devices usually add content security functions but typically fail to tightly integrate those functions tightly with network management, network access and WAN connectivity capabilities of enterprise-class firewalls.
To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application profiling and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).
Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda CloudGen Firewall is the most advanced next generation firewall on the market today.
What is a Network Security Gateway?
Why do I need a Next Generation Firewall?Network security gateways are the successors of traditional firewalls, unified threat management (UTM) devices, and the latest cycle of "next-generation" firewalls. Traditional firewalls forward packets and block functions often employing packet inspection. UTM devices usually add content security functions. Next-generation firewalls add detection and control of social media and Web 2.0 applications, but typically fail to integrate these functions tightly with link management, WAN management, and SSL VPN remote connectivity.
In comparison, the Barracuda CloudGen Firewall, the first true network security gateway, starts by integrating an advanced network firewall with Layer 7 application recognition and user awareness, content security, malware protection, plus IPS in a suite of security technologies. It tightly integrates these features with intelligent network link aggregation and traffic management, VPN WAN management, and optimization for seamless remote office integration and SSL VPN for remote client security. As a network security gateway, the Barracuda CloudGen Firewall weaves a seamless fabric of security, performance optimization, high-availability, and centralized management into network infrastructures while simplifying network architecture.
What are the major capabilities of the Barracuda CloudGen Firewall?As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda CloudGen Firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.
The Barracuda CloudGen Firewall is a next generation firewall and VPN that provides:
- Integrated content security and network access control
- Optimization of intelligent traffic flow across the WAN
- Industry-leading centralized management capabilities
What are the differences among the F-Series, S Series and X-Series firewalls?
The Barracuda CloudGen Firewall F-Series is designed for network engineers who manage distributed enterprise environments. It provides all the security functionality one expects from an enterprise next-generation firewall, including application detection and prioritization, IPS, malware protection, URL filter and even DDoS protection. Furthermore, its powerful traffic optimization features, extremely resilient site-to-site connectivity capabilities, and extensive logging and auditing tools make the F-series an ideal fit for organizations that need to efficiently manage and scale massive firewall deployments.
The Barracuda CloudGen Firewall S-Series provides remote connectivity in an affordable and easy to deploy solution. It is designed from the ground up to support Internet of Things initiatives where thousands of remote devices need to be connected to a headquarters or data center. The SC appliances are managed via a NextGen Control Center, and security features like IPS, application detection etc. are provided at the Secure Access Concentrator where the VPN for each SC appliance terminates.
The Barracuda CloudGen Firewall X-Series is ideal for small to medium-sized organizations looking for a simple, yet powerful next-generation firewall that provides IPS, application detection, URL filter, malware protection and some basic email security. Designed for the resource-constrained IT professional, the X-Series’ intuitive web interface has a low learning curve while providing and easy-to-use management interface.
How do I know if I should get the X-Series, F-Series or S-Series?
If you only have a few locations to manage (e.g., between one and three) and are looking for a firewall that is application aware and easy to use with a Web UI, then the X-Series firewall is ideal for you.
If you have a lot of remote locations to manage, secure and connect (e.g., more than three) and need a solution to seamlessly manage, protect and optimize your network, the F-Series firewall is right for you.
If you have to securely connect large numbers of devices to backhaul traffic to your HQ or data center, want to centrally administer the deployment and stay scalable, then the S-Series is the perfect choice for you.
Can I centrally manage multiple firewalls from one place?
Yes, all the Barracuda CloudGen Firewall Series—X, F, and S—can be centrally managed from a single pane of glass. The F and S-Series utilize the Barracuda NextGen Control Center to manage massive firewall deployments. The NextGen Control Center is available in physical, virtual and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, which is the same web-based portal that IT administrators use to control their other Barracuda products.
What is the difference in terms of deployment between the F, S and X-Series firewalls?
The Barracuda CloudGen Firewall F-Series can easily be deployed as "standalone" and provides great value this way, but its full potential and cost savings is unleashed when it’s centrally managed using a NextGen Control Center.
The S-Series firewall cannot be deployed as standalone, but needs one or multiple Secure Access Concentrators for VPN tunnel termination and a NextGen Control Center for central management. The Web UI on the SC appliances is only intended for initial setup.
The Barracuda CloudGen Firewall X-Series is designed to be used as standalone, and can optionally (at no extra charge) be connected to the Barracuda Cloud Control portal for convenient remote management.
What level of support can I expect to receive from Barracuda?
Regardless of whether you’re using the X-Series, F-Series or S-Series firewalls, you can expect the same level of award-winning support from Barracuda’s expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you will always speak to an in-region technician who is ready to help.
Integrated content security and network access control:
Barracuda CloudGen Firewall integrates a comprehensive set of next generation firewall technologies, including Web Filtering, malware protection, intrusion prevention, anti-spam protection and Layer 7 application profiling.
Barracuda CloudGen Firewalls include licenses for an unlimited number of IPSec site-to-site connections and IPSec clients through the Barracuda NG VPN Client. The Barracuda CloudGen Firewall SSL VPN and NAC option adds a customizable and easy-to-use Web portal-based SSL VPN as well as sophisticated network access control (NAC) functionality. NAC allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of anti-virus and/or anti-spyware and user ID. The Barracuda NG Network Access Client also adds support for 802.1x port based security for 802.1x enabled routers and switches.
Optimization of intelligent traffic flow across the WAN:
The Barracuda CloudGen Firewall provides application-aware traffic management and prioritization across the WAN, featuring adaptive routing based on network traffic conditions and link status. In addition, through Barracuda NG Control Center, administrators can efficiently monitor VPN tunnels and firewall status.
Industry Leading Centralized Management Capabilities:
What are the differences in levels between the Barracuda NG Control Center editions?To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.
The Barracuda NG Control Center supports multiple administrators simultaneously - even within the same configuration tree. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.
What application proxies are included?The Barracuda NG Control Center is offered at three levels - Standard Edition, Enterprise Edition and Global Edition. All Barracuda NG Control Center levels enable administration of an unlimited number of Barracuda CloudGen Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or “range.” The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each “range.”
What is Layer 7 application profiling?Barracuda CloudGen Firewalls include application layer proxies for HTTP, HTTPS (optional), FTP, SSH, as well as a generic TCP and SOCKS proxy.
What user authentication methods are supported?Application identification techniques in traditional firewalls typically rely on Layer 3 (destination IP address) or Layer 4 (TCP port / protocol) definitions.
Next-generation firewalls utilizing Layer 7 Application Control can identify and enforce policy on more sophisticated applications that may hide their traffic inside otherwise "safe" port/protocols such as HTTP. Skype and peer-to-peer (P2P) applications are particularly notorious for requiring Layer 7 Application Control for policy enforcement.
The Barracuda CloudGen Firewall integrates Layer 7 Application Control into its core firewall functions, enabling enforcement of policy based on user ID, security policy, location, and time of day. Policy actions can include blocking, allowing, throttling, or even enabling or disabling of specific application features.
Does the Barracuda CloudGen Firewall help my organization troubleshoot network problems?The Barracuda CloudGen Firewall can authenticate users and enforce user-aware policy using Active Directory, NTLM, MC CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, built-in local authentication, as well as x.509 certificates.
What if I am not looking to replace my entire firewall infrastructure?All Barracuda NG Control Center and Barracuda CloudGen Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.
What appliance models are recommended for my organization?In addition to the Barracuda CloudGen Firewall, Barracuda Networks offers a set of best-of-breed point solutions to address your needs if you are not looking yet to replace your entire firewall infrastructure. Relevant point solutions include:
- Email security: Barracuda Spam & Virus Firewall
- Web filtering: Barracuda Web Filter or Barracuda Purewire Web Security Service
- Layer 7 application profiling: Barracuda Web Filter
- SSL VPN: Barracuda SSL VPN
- Site-to-site IPSec VPN: Barracuda Link Balancer
- Link load balancing: Barracuda Link Balancer
Does the Barracuda CloudGen Firewall involve per user fees for VPN client or SSL VPN client usage?The Barracuda CloudGen Firewall is a family of hardware and virtual appliances designed to service next generation firewall capabilities to all office locations of enterprise networks. This includes very small remote locations, home offices, branch offices, headquarters and data centers. Typically, Barracuda CloudGen Firewall models are sized based on firewall throughput, VPN throughput, concurrent connections, and the features selected. For more information, please contact your Barracuda Networks systems engineer.
What is included in the Energize Updates subscription for the Barracuda CloudGen Firewall?No. The Barracuda CloudGen Firewall models include a license to an unlimited number of Barracuda NG VPN clients. With the purchase of the Barracuda SSL VPN and NAC option, there is no licensed limit to the number of Barracuda NG Network Access clients or Barracuda NG SSL VPN users.
What if I have more questions about the Barracuda CloudGen Firewall?Energize Updates from Barracuda Central deliver updates on the extensive library of definitions for intrusion prevention and Layer 7 application profiling. In addition, Energize Updates subscriptions also provide access to Basic Support, Firmware Maintenance and optional participation in the Barracuda Early Release Firmware program.
For additional assistance or for a product demonstration of the Barracuda CloudGen Firewall, please contact us.
Documentation:
Download the Barracuda Networks CloudGen Firewall F-Series Data Sheet (PDF)
Pricing Notes:
- Please Note: Energize Updates and Instant Replacement Subscriptions need to be maintained for every Barracuda Product. All subscriptions are continuous and must start from the date of activation. Renewals purchases are continuous and start from the date of expiration of your current subscriptions. No exceptions.
- Benefitis of Energize Updates:
- Basic Support, which includes email support 24x7 and phone support between the hours of 9 a.m. and 5 p.m. Monday through Friday in the US (Pacific Time), Japan, China, Austria and the United Kingdom time zones.
- Firmware Maintenance which includes new firmware updates with feature enhancements and bug fixes.
- Security Updates to patch or repair any security vulnerabilities.
- Optional participation in the Barracuda Early Release Firmware program.
- Benefits of Instant Replacement:
- Enhanced Support which provides phone and email support 24x7.
- Data migration service for Barracuda Spam & Virus Firewalls. Barracuda Networks will assist movement of data and configuration from the old product to the new product if the old data is accessible.
- Data recovery service for Barracuda Backup Servers. In the event of a disaster and upon request, Barracuda Networks will preload the most recent data and configuration stored by Barracuda Networks to the new product (note this may take additional time).
- Hard Disk replacement on Barracuda Networks models that have swappable raid drives. Barracuda Networks will ship via standard shipping a hard disk replacement. Customer must return the failed hard disk to Barracuda Networks.
List Price:
Our Price: $741.00
List Price:
Our Price: $741.00
List Price:
Our Price: $604.20
List Price:
Our Price: $741.00
List Price:
Our Price: $820.80
List Price:
Our Price: $889.20
List Price:
Our Price: $410.40
List Price:
Our Price: $45.60
List Price:
Our Price: $82.08
List Price:
Our Price: $820.80
List Price:
Our Price: $741.00
List Price:
Our Price: $277.02
List Price:
Our Price: $604.20
List Price:
Our Price: $889.20
List Price:
Our Price: $741.00
List Price:
Our Price: $1,520.00
List Price:
Our Price: $19.38
List Price:
Our Price: $14.82
List Price:
Our Price: $14.82
List Price:
Our Price: $14.82
List Price:
Our Price: $17.10
List Price:
Our Price: $12.54
List Price:
Our Price: $12.54
List Price:
Our Price: $12.54
List Price:
Our Price: $13.68
List Price:
Our Price: $11.40
List Price:
Our Price: $11.40
List Price:
Our Price: $7.98
List Price:
Our Price: $11.40
List Price:
Our Price: $9.12
List Price:
Our Price: $9.12
List Price:
Our Price: $9.12
List Price:
Our Price: $10.26
List Price:
Our Price: $7.98
List Price:
Our Price: $7.98
List Price:
Our Price: $7.98
List Price:
Our Price: $9.12
List Price:
Our Price: $7.98
List Price:
Our Price: $7.98
List Price:
Our Price: $7.98
List Price:
Our Price: $55.10
List Price:
Our Price: $56.05