Barracuda CloudGen Firewall X200
Simple Cloud-Based Network Management for Small to Midsized Businesses
Sorry, this product is no longer available, please contact us for a replacement.
Accessories are still available below
Barracuda Firewall X200 Overview:
The X-series firewall enables small and medium size companies to securely adopt cloud applications, virtualization and mobility within IT constrained environments. Barracuda CloudGen Firewalls are a cornerstone of our Total Threat Protection framework, which integrates purpose-built, best-of-breed, highly scalable security solutions to protect users, networks, and data center applications. Components like web and email security, web application security, and secure remote access integrate with the firewall.
Administration is easy with an intuitive web interface and free, cloud-based central management. Consistent user interfaces and common administrative workflows, provides traffic optimization, security and connectivity in a simple and affordable, cloud-managed solution.
Offload resource-intensive content security to the cloud
Easy to deploy, easy to use, and affordable
Next-generation visibility and control for today's modern networks - the Barracuda CloudGen Firewall X-Series provide full application control, user awareness, and content security that's so easy to use, it's even manageable from the cloud.
The Barracuda Advantage
- Easy-to-use, web-based administration
- Affordable, all-inclusive pricing
- Unlimited users and protected IPs per firewall
- Unlimited remote connectivity VPN clients included
- Cloud-based centralized management
- Flexible web filtering options (on-box, cloud, Barracuda Web Filter integration)
Product Spotlight
- Granular control over thousands of applications
- Full user-awareness
- Stateful firewall and IPS network perimeter protection
- Optimized Internet connectivity via multiple providers
- True application-based provider selection
- Application control and content security inspection on encrypted web traffic
Next-Generation FirewallThe Barracuda CloudGen Firewall X-Series uses application visibility and user-identity awareness to enable enforcement of granular access policies. Define policies based on any combination of application, user or group ID, time, and other criteria. Policies can even respond to specific application behaviors or features - for example, allowing all employees to use Skype voice, but allowing only executives to use Skype video, except after business hours. |
|
Content SecurityWith the Barracuda CloudGen Firewall X-Series, the content security functionality is not simply bolted on top of the network stack, it’s deeply integrated into the firewall engine. As an option, antivirus and web filtering may even be offloaded to the Barracuda Web Security Service cloud, freeing further CPU cycles for network scalability. With the optionally available Advanced Threat Detection the X-Series also offers protection against advanced malware and zero day exploits that routinely bypass traditional signature-based IPS and antivirus engines. |
|
Affordable and Easy to UseThe Barracuda CloudGen Firewall X-Series is the first next-generation firewall to combine application control, user awareness, network firewall, and content security with the elasticity of the cloud. Unmatched ease of use means there’s no need for additional IT staff or special training, and with the Barracuda CloudGen Firewall X affordable, all-inclusive pricing, you can rest assured that there won’t be any surprise costs down the road. |
Benefits:
Simplified Network Traffic IntelligenceIncludes a powerful layer-7 engine that can be used to optimize network traffic and guarantee a high level of service for business critical applications. Powerful features like time and user-based Quality of Service, Application-based Uplink Selection, and Link Redundancy help you ensure availability and productivity for the rest of the organization. Powerful application traffic management technologies combined with simple, easy to use policy controls allows you to easily and inexpensively implement real-time traffic intelligence at the network perimeter. Key Features: Application Visibility and Control, Link Optimization and Failover, Quality of Service (QoS) and Traffic Prioritization, Application-Based Provider Selection |
Comprehensive Network SecurityA complete network security solution including firewall policies, IDS/IPS, and multiple options for web content security. This is provided through integrated URL filtering, by transparently redirecting web traffic to the cloud-based Barracuda Web Security Service or in conjunction with a Barracuda Web Filter appliance. Keep users, data, and resources safe while opening the network to cloud-based business applications. Key Features: One Stop for Firewall Rules, Powerful Object-Oriented Design, Cloud-Based Central Management |
Remote ConnectivityProvides a range of VPN options for both client-to-site and site-to-site connectivity at no additional cost. Easily provide network access to remote users with the SSL VPN capabilities of the X-Series which does not require installation of any client software at the endpoint. Includes the Barracuda Network Access VPN Client for full access to network resources. For establishing site-to-site connectivity, IPsec VPN tunnels can ensure secure connectivity between central and remote offices. Key Features: SSL VPN, Client-to-Site VPN, Site-to-Site Connectivity |
|
|
Features:
Application Visibility and Control
The Barracuda CloudGen Firewall X-Series analyzes network traffic up to Layer-7, leveraging advanced fingerprints to identify applications and content traffic. Based on the fingerprints, a flexible set of actions, including allowing, blocking, resetting, and redirecting connection attempts and traffic can be defined. A library of hundreds of applications is currently fingerprinted. Furthermore, granular policies can be set for specific application features (e.g., limiting audio calls on Skype). These fingerprints are dynamically updated so that security policies and signatures remain up-to-date.
Active Connections and Real-Time Control
An insightful dashboard interface provides an overview of the active connections for a network. With this interface, real-time actions can also be taken. When resource-intensive applications are preventing business-critical activities like VoIP conference calls, administrators can take immediate action to either end a connection or regulate its bandwidth.
Intrusion Detection and Prevention (IPS)
The Barracuda CloudGen Firewall X-Series Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against thousands of network based threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases to prevent network attacks such as:
- SQL injections and arbitrary code executions
- Access control attempts and privilege escalations
- Cross-Site Scripting and buffer overflows
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
- Directory traversal and probing and scanning attempts
- Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
The Barracuda CloudGen Firewall X-Series provides advanced attack and threat protection features such as:
- Stream segmentation and packet anomaly protection
- TCP split handshake protection
- IP and RPC defragmentation
- FTP evasion protection
- URL and HTML decoding
The Barracuda CloudGen Firewall X-Series is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems. The IPS can also be used in combination with SSL Inspection.
As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda CloudGen Firewall X-Series is constantly up-to-date.
Quality of Service (QoS) and Traffic Prioritization
Granular QoS settings enable an organization to set bandwidth policies for applications, services, and users. In addition, traffic prioritization can be set to ensure that latency-sensitive or business-critical applications are always given priority. Pre-built policies enable organizations to immediately begin implementing one of eight pre-defined bandwidth policies. Pre-defined policies can easily be customized to individual customer needs.
Application-Based Provider Selection
The combination of next-generation security and adaptive WAN routing allows the Barracuda CloudGen Firewall X-Series to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications and application categories. This keeps expensive, highly-available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.
Real-Time Updates
Barracuda’s 24x7 threat operations center analyzes the latest emerging web-based malware and provides real-time updates. This provides zero-hour response time to fast moving, aggressive web threats with no need to maintain up-to-date signature databases on-premises.
High-Performance Malware and Virus Scanning
Malware scanning is a CPU-intensive operation with a significant performance impact when paired with network packet processing operations on the firewall. By leveraging the cloud for the heavy lifting, the Barracuda CloudGen Firewall X-Series maintains high throughput levels when forwarding packets, handling VPN connections, regulating application traffic, and preventing network intrusions. Even the smaller Barracuda CloudGen Firewall X-Series units for branch offices benefit from the full power of the cloud and are able to scale easily with increasing traffic volumes.
Full User Identity Awareness
The Barracuda CloudGen Firewall X-Series authenticates users with Active Directory, NTLM, LDAP/LDAPS, RADIUS, and x.509 digital certificates. User and group-specific policies, including time-based access controls, are integrated into the firewall rules, making it easy for administrators to customize network access, application usage, and bandwidth allocation for specific users and groups.
User Identity Awareness includes connections via Microsoft Terminal Servers.
Integrates with Barracuda Web Security
Barracuda CloudGen Firewall X-Series can be easily configured to transparently redirect web traffic to any Barracuda Web Security solution (Barracuda Web Filter or Barracuda Web Security Service) without breaking inline connections. Administrators can use a central management portal to configure user-based content filtering rules across 96 content categories. Administrators can block, accept, warn, or log access to domains along with advanced policies such as remote filtering for off-network users, safe search enforcement on search engines, YouTube for Schools integration, SSL inspection, granular web application monitoring, and domain whitelisting/blacklisting. In addition, Barracuda Web Security products provide more than 70 reports for complete visibility into internet browsing activities.
Safe Search Enforcement
Enforce Safe Search mode on major search engines like Google, Yahoo, and Bing to ensure users cannot access inappropriate image and video content. Most search engines offer a safe portal where search results are pre-determined to be appropriate for users of all ages. This is commonly utilized in educational organizations to protect students and maintain compliance. The Barracuda CloudGen Firewall X-Series can automatically re-route all search entries to the safe portal of a search engine to prevent students from viewing obscene or offensive multimedia content.
YouTube for Schools Support
The Barracuda CloudGen Firewall X-Series integrates with YouTube for Schools to protect and empower educational organizations that leverage streaming video in the classroom. YouTube for Schools offers thousands of free educational videos in a controlled environment, allowing teachers to customizable the classroom content that can be accessed on the network, while preventing access to inappropriate videos. The Barracuda CloudGen Firewall X-Series can redirect all YouTube requests to the YouTube for Schools portal instead.
Cloud-Based Central Management
Barracuda CloudGen Firewall X-Series are integrated with Barracuda Cloud Control (BCC) – a web-based management portal, which leverages Barracuda’s global cloud infrastructure to enable organizations to centrally manage all their devices through a “single pane of glass” interface. Administrators have a global view of all their devices, as well as the ability to centrally manage policies and configuration. The intuitive interface makes it easy for small and medium-sized organizations to implement and manage their firewalls with minimal IT overhead.
One Stop for Firewall Rules
The intuitive interface is designed so that a single configuration encompasses every component of a firewall rule. This includes link balancing and QoS configurations necessary to ensure uptime and full control of network traffic. A drag-and-drop interface enables quick-and-easy prioritization of rules.
Powerful Object-Oriented Design
The Barracuda CloudGen Firewall X-Series provides organizations with the ability to aggregate devices, services, and users into management objects. These objects can contain references to other objects, creating a cascading and instantaneous impact across the network when network requirements change.
The power of objects is available to an organization the moment a Barracuda CloudGen Firewall X-Series is deployed. A library of network, device, and user objects are pre-packaged for immediate use, or objects can be created to aggregate the ones that are already predefined on the unit.
Server Load Balancing
Barracuda CloudGen Firewall X-Series can be easily configured to provide out-of-box load balancing or fallback functionality. This helps organizations improve the overall availability and performance of their server infrastructure. Administrators have two options in implementing server load balancing on the Barracuda CloudGen Firewall X-Series:
Cycle— The destination IP addresses are used sequentially based on the source IP address of the connection.
Fallback — All traffic is forwarded to the first IP address in the list. If the first IP address becomes unavailable, the second IP address in the list is used, etc.
Link Optimization and Failover
To ensure the best and most cost-efficient connectivity, the Barracuda CloudGen Firewall X-Series provides a wide range of built-in uplink options including unlimited leased lines, up to six DHCP, four xDSL, up to two ISDN and a UMTS lines. Administrators can bond multiple low-cost WAN links such as DSL lines to increase bandwidth at reduced costs. Further, by eliminating the need to purchase additional devices for uplink balancing, security-conscious customers will have access to a WAN connection; even if one or two of the existing WAN uplinks are severed.
Inbound Link Balancing
The Barracuda CloudGen Firewall X-Series performs inbound link balancing by distributing inbound traffic across multiple links, leveraging its authoritative DNS services. This ensures that the Authoritative DNS server always provides the IP address of the best link when responding to DNS queries.
3G Connectivity
The Barracuda 3G/UMTS Modem provides support for wireless third-generation broadband communication using 3G technologies. This is ideal for remote sites that need a cost-effective, rapidly deployable, and ultra-reliable WAN backup solution to protect it from outages caused by cable or fiber link outages.
It can also serve as a high-quality and cost-effective alternative to traditional uplinks such as DSL, ISDN, and cable lines. The Barracuda 3G/UMTS Modem is suitable as a primary link for temporary sites, in-vehicle deployments, or for businesses requiring connectivity in areas with weak infrastructure such as construction sites, remote areas, mobile businesses, or trade shows.
Guest Networking
Barracuda CloudGen Firewall X-Series provides two options to set up guest access to the internet. Both options are available for locally attached networks as well as for Wi-Fi networks on the Barracuda CloudGen Firewall X-Series X101 and X201 appliances.
- Confirmation Page: The confirmation page option prompts guests to agree to a configurable Terms of Service page before they can access the network. Guests are subsequently tracked with the assigned IP address since no user information is available.
- Guest Ticketing: The guest ticketing option will display a customizable logon page asking for user and passcode as generated on an admin website served by the Barracuda CloudGen Firewall X-Series. Guests are subsequently tracked with their assigned username.
SSL VPN
Barracuda CloudGen Firewall X-Series X200 and higher provide VPN capabilities that can be used from within a web browser. Unlike traditional client-to-site VPNs, SSL VPN does not require the installation of client software on the end user's computer. Use SSL VPN to grant remote users access to web applications, client and server applications, as well as internal network resources like Outlook Web Access, SMB, RDP, Telnet, SSH, SMTP, POP3, VNC, IMAP4, webDAV, and HTTP and HTTPS web forwards.
SSL VPN is available at no additional cost for an unlimited amount of users for Barracuda CloudGen Firewall X-Series X200 and higher.
Client-to-Site VPN
The Barracuda CloudGen Firewall X-Series provides support for a suite of protocols to connect remote employees. The appliance supports IPsec-based VPN, PPTP, and the Barracuda Network Access VPN client. The VPN tunnel can be authenticated using a comprehensive set of mechanisms including NTLM, RADIUS, LDAP/LDAPS, Active Directory, and Local Authentication. Barracuda Networks provides VPN clients for Windows, Mac OS X, Linux, and Debian--downloadable right from the user interface.
Site-to-Site Connectivity
IPsec VPNs ensure secure connectivity to other remote sites or a centralized office. Barracuda includes unlimited site-to-site licenses to connect as many sites as needed to the Barracuda CloudGen Firewall X-Series.
Simple Pricing
The Barracuda CloudGen Firewall X-Series is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection is offered as an all-inclusive subscription without any per-user fees. The Barracuda Cloud Control management portal is included free of charge.
High Availability and Failover
Two Barracuda CloudGen Firewall X-Series units of the same model can easily be joined to act as a high availability setup in Active/Passive configuration. The active device continuously synchronizes its configuration and session information with the passive device. A heartbeat connection between the two identically configured devices ensures seamless failover in case the active device goes down.
SSL Inspection
All Barracuda CloudGen Firewall X-Series models can apply IPS, Virus Protection, Application Control and URL Filter to SSL encrypted web traffic using the standard ' trusted man-in-the-middle' approach. SSL Inspection can be fine-tuned to exempt local networks, users/groups, URL Filter categories or custom defined domains from SSL Inspection.
Virus Protection
Barracuda CloudGen Firewall X-Series's Virus Protection shields the internal network from malicious content via a fully integrated antivirus engine. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda CloudGen Firewall X-Series's Virus Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation. The Virus Protection can be run either in the Barracuda Cloud infrastructure or on-box.
Specifications:
Front View
Rear View
Barracuda CloudGen Firewall X200 / X201 | |
---|---|
Interface | |
Copper Ethernet NICs | 4x1 GbE |
USB 2.0 | 2 |
Serial / console | 1 [RJ45] |
VGA interface | 1 |
Performance (as of firmware release 6.8.x) | |
Firewall throughput Maximum 1 | 1,900 Mbps |
Firewall throughput with Application Detection (AppDetect) 2 | 800 Mbps |
Firewall throughput with AppDetect & IPS 2 | 400 Mbps |
Firewall throughput with AppDetect & IPS & URL Filtering 2 | 290 Mbps |
Firewall throughput with AppDetect & IPS & URL Filtering & Virus Protection 2 |
240 Mbps |
Firewall throughput with AppDetect & IPS & URL Filtering & Virus Protection & SSL Inspection 3 |
110 Mbps |
VPN throughput 4 | 200 Mbps |
Max. concurrent sessions | 60,000 |
Max. new sessions/s | 8,000 |
Memory | |
RAM | 2,048 MB |
Mass Storage | |
Type | SSD |
Size | 40 GB |
SSD MTBF | 1,200,000 hours |
Dimensions | |
Weight appliance | 1.3 kg |
Weight carton with appliance | 3.2 kg |
Appliance size: width x depth x height | 274 x 162 x 44 mm |
Carton size: width x depth x height | 650 x 394 x 487 mm |
Weight appliance | 3.1 lbs. |
Weight carton with appliance | 7.0 lbs. |
Appliance size: width x depth x height | 10.8 x 6.4 x 1.7 in |
Carton size: width x depth x height | 25.6 x 15.5 x 19.2 in |
Form factor | Compact |
Hardware | |
Cooling | Low-noise fan |
Power supply | Single, external |
Environmental | |
Noise emission | < 47 db/A |
Operating temperature | 0 to +40 °C |
Storage temperature | -20 to +70 °C |
Operating humidity | 5% to 95% non-condensing |
MTBF [System] | |
MTBF | > 5 years |
Certifications & Compliance | |
CE emissions | Yes |
CE electrical safety | Yes |
UL compliant | Yes |
FCC emissions | Yes |
ROHS compliant | Yes |
Power & Efficiency | |
Power supply type | External brick |
Power type [AC/DC] | AC |
Input rating | 100 - 240 Volts |
Input frequency | 50 - 63 Hz |
Auto sense | Yes |
Wattage / max. power draw | 45 W |
Max. power draw | 1.6 Amps. |
Max. heat dissipation | 36 W |
Max. heat dissipation | 123 BTU |
Energy efficiency [average] | > 80% |
Packaging Content | |
Appliance | Yes |
Straight network cable | Yes |
External power brick & cables | Yes |
Quick start guide | Yes |
Wireless antenna | Yes, for X201 only |
Wallmount kit | Yes |
1 Measured with UDP, large packets.
2 Measured with real world Internet traffic found at the gateway.
3 Measured with real world Internet traffic and 50% HTTPS traffic.
4 Measured with AES-128 encryption.
Model Comparison:
Five Models to Choose From
There are five hardware models of the Barracuda Firewall that can handle up to 6,000 Mbps of firewall throughput.
Models: | X50 | X100 | X200 | X300 | X400 | X600 |
---|---|---|---|---|---|---|
Capacity | ||||||
Maximum Firewall Throughput 1 | 800 Mbps | 1,000 Mbps | 1,900 Mbps | 2,100 Mbps | 4,000 Mbps | 6,000 Mbps |
VPN Throughput 2 | 50 Mbps | 100 Mbps | 200 Mbps | 300 Mbps | 600 Mbps | 800 Mbps |
IPS & Application Control Throughput | 100 Mpbs | 300 Mbps | 400 Mbps | 650 Mbps | 2,000 Mbps | 3,000 Mbps |
Maximum Concurrent Sessions | 8,000 | 8,000 | 60,000 | 120,000 | 300,000 | 500,000 |
Maximum New Sessions | 2,000 | 2,000 | 8,000 | 12,000 | 15,000 | 20,000 |
AppDetect Users | 50 | 100 | 200 | 300 | 500 | 1,000 |
AppDetect and IPS Users | 25 | 50 | 100 | 150 | 250 | 500 |
AppDetect, IPS, and Web Security Users | 15 | 25 | 50 | 100 | 200 | 400 |
Hardware | ||||||
Form Factor | Desktop | Desktop | Desktop | 1U Rack Mount | 1U Rack Mount | 1U Rack Mount |
Dimensions (in.) | 10.8 x 6.4 x 1.8 | 10.8 x 6.4 x 1.8 | 10.8 x 6.4 x 1.8 | 14.9 x 6.4 x 1.8 | 16.8 x 15.9 x 1.7 | 16.8 x 15.9 x 1.7 |
Weight (lbs.) | 2.9 | 2.9 | 2.9 | 4.4 | 11.3 | 11.3 |
Ports | 4x1 GbE copper | 4x1 GbE copper | 4x1 GbE copper | 6x1 GbE copper | 8x1 GbE copper | 8x1 GbE copper |
Power Supply | Single external | Single external | Single external | Single internal | Single internal | Single internal |
Integrated Wi-Fi Access Point | X51 | X101 | X201 | - | - | - |
Features | ||||||
Firewall | ||||||
IPsec VPN (Client-to-Site & Site-to-Site) | ||||||
Application Control & Monitoring | ||||||
Intrusion Prevention (IPS) | ||||||
High Availability | ||||||
SSL Interception 3, 4 | ||||||
DHCP Server | ||||||
DNS Cache | ||||||
Authoritative DNS | ||||||
SIP Proxy | ||||||
Automatic Uplink Failover & Uplink Balancing | ||||||
Application-based Provider Selection | ||||||
Traffic Management & Optimization | ||||||
SafeSearch Enforcement | ||||||
SSL VPN | ||||||
Web Security (URL filtering, antivirus) | Optional | Optional | Optional | Optional | Optional | Optional |
Advanced Threat Detection | Optional | Optional | Optional | Optional | Optional | Optional |
Centrally Manageable | Cloud-based | Cloud-based | Cloud-based | Cloud-based | Cloud-based | Cloud-based |
1 Measured with UDP; large packets
2 Measured with AES; MD5
3 SSL Interception including IPS requires an active Barracuda Energize Updates subscription
4 SSL Interception including virus protection requires an active Web Security subscription.
Technical Specs
Firewall
- Stateful packet forwarding
- Full user-identity awareness
- Intrusion Prevention (IPS)
- Application Control and enforcement
(including subtypes) - SafeSearch Enforcement
- YouTube for Schools enforcement
- DoS/DDoS denial of service protection
- Transparent DNAT forward
- NAT, PAT
- Object-oriented rule sets
- Dynamic rules/timer triggers
- User/group based firewall rules
- High Availability
- ARP security
- Bridging
- Jumbo frame support
User Identity Awareness
- Terminal Server Agent
- Domain Controller Agent
- Full user and group membership awareness
- Authentication via captive portal
- Authentication – supports NTLM, RADIUS,
LDAP/ LDAPS, Active Directory, local authentication - Authentication browser for AD and LDAP servers
Infrastructure Services
- DHCP server
- HTTP proxy
- SIP proxy
- DNS cache
- Authoritative DNS
- SNMP support
Traffic Optimization
- Uplink monitoring and aggregation
- Policy routing
- Application-based provider selection
- Traffic shaping and QoS
- 7 predefined shaping bands
- Health checks for static links / routes via ICMP
VPN
- Unlimited site-to-site VPN licensing
- Unlimited client-to-site VPN licensing
- Unlimited SSL VPN
- VPNC certified (basic interoperability)
- Supports IPsec, PPTP
- Supports AES-128/256, 3DES, DES, null ciphers
- VPN clients available for Windows, Mac, Linux
- iOS and Android mobile device VPN support
Wi-Fi (on selected models)
- Wi-Fi (802.11n) access point on selected models
- Up to three independent wireless networks
- Click-through Wi-Fi portal web page for guest access
Advanced Threat Detection
- Dynamic, on-demand analysis of malware programs (sandboxing)
- Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
- Detailed forensics for both, malware binaries and web threats (exploits)
- Support for multiple operating systems (Windows, Android, etc.)
- Flexible malware analysis in the cloud
Support Options
Barracuda Energize Updates
- Firmware updates
- IPS signature updates
- Application control updates
- Standard technical support
Instant Replacement Service
- Replacement unit shipped next business day
- 24x7 technical support
- Hardware refresh every four years
Security Options
- “Web Security” provides categorybased web filtering (both online or on-box) and virus protection (online or on-box)
- “Advanced Threat Detection” provides file-type-based protection against advanced malware and cloud-based sandboxing
Deployment:
"Eco System" of the Barracuda Firewall
The Barracuda Firewall easily integrates into your local network as it comes with all tools needed to integrate into external authentication services as well as remote access clients for Windows, Mac OS X, and Linux. The Barracuda Firewall provides remote access for Android- and iOS-based mobile devices via their built-in VPN functionality. The Barracuda CloudGen Firewall X200 and higher even provide clientless SSL VPN capabilities at no extra charge.
For management purposes, the Barracuda Firewall can be accessed directly via the web-based interface locally or remotely via Barracuda Cloud Control.
VPN
VPNs are a secure, efficient, and economical alternative to dedicated lines or dial-up RAS. With the Barracuda Firewall, you can configure the following types of VPNs:
- Site-to-Site VPN – Securely and transparently connects remote locations with your network.
- Client-to-Site VPN – Lets remote users access the corporate network with VPN clients and mobile devices.
- SSL VPN – Lets remote users access corporate resources over a secure and configurable web interface without the need to install or configure a VPN client.
Client-to-Site VPN
Client-to-site VPNs connect remote users to the corporate network.
There are three types of IPsec VPNs available:
- Shared Key – No external CA is required. A passphrase (shared key) is entered on the server and the client. This passphrase is used to authenticate the connection.
- Client Certificate – X.509 certificates are generated by an external CA. These certificates are used to authenticate the client. This method is more secure.
- Shared Key and Client Certificate – Client and server require both a shared key and valid client certificate to authenticate the remote device.
Additionally, every user must authenticate using a username and password. Usernames and passwords can be stored in external authentication services like Microsoft Active Directory, LDAP, or RADIUS.
Site-to-Site VPN
Site-to-site VPNs let offices in multiple locations establish secure connections with each other over a public network such as the Internet. A site-to-site VPN extends the company´s network, making resources available to remote employees. The Barracuda Firewall establishes strongly encrypted IPsec VPN tunnels, using DES, 3DES, AES-128, AES-256, etc. It supports active and passive tunnel initiation and provides maximum flexibility.
SSL VPN for the Barracuda Firewall
The SSL VPN service on the Barracuda Firewall grants users access to internal corporate resources and applications through the secure desktop and mobile portals.
- Desktop Portal Client Requirements
- Mobile Portal
- Configuring SSL VPNs
Cloud Features
Barracuda offers two cloud services to centrally manage multiple Barracuda Firewalls and offload processor-intensive tasks:
- Barracuda Cloud Control - Barracuda Cloud Control is a comprehensive cloud-based service that lets you monitor and configure multiple Barracuda products from a single console. When your Barracuda Firewall is linked to Barracuda Cloud Control, it continuously synchronizes its configuration settings with the service.
- Barracuda Web Security Service - Barracuda Web Security Service is a cloud-based web filtering and security service. It helps conserve bandwidth by enforcing web policies in the cloud before forwarding traffic to the Barracuda Firewall.
Firewall Technology:
The Barracuda Firewall is an application-aware network firewall appliance that leverages cloud resources to extend next-generation security and networking beyond the capabilities of legacy UTM products. Barracuda Firewall offers enterprise-grade security technology—including application control, user awareness, secure VPNs, link optimization, and advanced malware protection—but is designed for unsurpassed ease of use, and priced competitively. The Barracuda Cloud Control centralized management portal makes it easy and intuitive to deploy, configure, and manage the Barracuda Firewall from any location, and is included at no extra cost.
Complete Next-Generation Network Security
With integrated application and user visibility, along with support for multiple authentication methods and an optional local user database, the Barracuda Firewall enables highly granular policies defined by port, protocol, application, user, and time/date. For example, you might allow Skype chat at all times for everybody, but only allow Skype video at a certain time or for a certain user group. In addition, all models of the Barracuda Firewall include an advanced intrusion prevention engine (IPS), as well as unlimited site-to-site and client-to-site secure VPN licenses.
Link Optimization Technology
The Barracuda Firewall includes advanced link balancing and traffic shaping capabilities that optimize business continuity and prioritize business-critical applications while throttling or blocking unproductive ones. Automatic link failover ensures uninterrupted connectivity even when a primary link fails—and with the optional Barracuda UMTS 3G modem, you'll stay connected even if a disaster cuts all the landlines.
Future-Proof Investment Protection
By leveraging cloud resources for content filtering and malware protection, all smaller Barracuda Firewall units are able to scale as traffic and user numbers increase. The Energize Updates subscription service ensures that definitions and signature libraries are always up to date, and cloud-delivered firmware updates deliver new capabilities to address a constantly evolving threat landscape—no matter when you purchase your Barracuda Firewall, you'll always have the latest version.
Simple Pricing with No Surprises
Every Barracuda Firewall unit is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection in the cloud is offered as a subscription-based service. Neither the Barracuda Firewall nor the Web Security Service have any associated per-user license fees—once you purchase the box and the service, you can scale up to the appliance's maximum capacity at no further cost. Cloud-based centralized management through the Barracuda Cloud Control management portal is included free of charge.
Deployments
Advanced Network Security:
In today's world of botnets and advanced threats, one of the main tasks of perimeter protection is to ensure the availability of the network to filter out malicious denial of service (DoS) attacks. The Barracuda Firewall achieves this via a series of advanced techniques:
- Barracuda Firewall DoS protection uses generic TCP proxy forwarding that allows only legitimate TCP traffic into the network.
- Rate Limiting reduces the number of sessions per source handled by the firewall. Packets arriving too quickly are dropped.
- To prevent IP spoofing, the reverse routing path (RRP) to the packet's source IP address is checked. If the check uncovers a mismatch between incoming and reply interface, the packet is dropped.
Application Control:
The Barracuda Firewall can identify and enforce policy on sophisticated applications that hide their traffic inside otherwise "safe" port/protocols such as HTTP or HTTPS.
For example, Skype and peer-to-peer (P2P) applications are particularly evasive, requiring advanced application control for policy enforcement. The Barracuda Firewall enforces policies based on application, user, location, and time/date. Actions include blocking, allowing, throttling, or even enabling or disabling specific application features.
Application control is built into the kernel of the Barracuda Firewall, using a combination of deep packet inspection and behavioral analysis to reliably detect more than 900 applications.
User-Based Policies: Different individuals or groups require access to different resources and applications. For example, marketers may require access to Facebook for business use, while others use it for recreational purposes. The Barracuda Firewall enforces user-based policies by identifying users based on IP address mapping. Role assignments based on identity and device posture checks can be used to facilitate Role-Based Access Control (RBAC). The Barracuda Firewall supports Active Directory, NTLM, MS-CHAP, RADIUS, SecureID, LDAP, and TACACS for user-authentication and application control. |
When an attack is detected, the Barracuda Firewall either drops the offending packets and sessions (while still allowing all other traffic to pass) or logs the intrusion attempt. As part of the Energize Updates subscription, signature updates are delivered in real time as new exploits are identified, to ensure the Barracuda Firewall is constantly updated with of the latest threats and vulnerabilities. |
Firewall cloud integration ensures that signature libraries and threat definitions are always up to date—even as new threat categories emerge, your protection continues without interruption. |
Link Optimization Technology: By eliminating the need to purchase additional devices for link balancing, customers have access to a redundant WAN connection. Automatic failover ensures the best uplink is activated on the fly, and all traffic is rerouted to make full use of the remaining links. Predefined load balancing policies make it easy to share the bandwidth of multiple connections while prioritizing specific application traffic. |
Centralized Management via the Cloud: Combined with the configuration of Barracuda Web Security settings and reporting, BCC allows security settings to be centrally managed through a single web-based interface. BCC is free with every Barracuda Firewall unit. |
Underlying Technology
Hardened Operating System
Network perimeter security devices need to be invulnerable to attacks. The Barracuda Firewall is built on a hardened Linux operating system developed and optimized over the course of more than ten years.
A customized infrastructure layer provides the basic gateway properties and routing capabilities already in the Linux kernel. The system is protected against attacks on the system itself as well as all application functions hosted by the system via the integration of a separate Barracuda Firewall-based host firewall.
Next-Generation Platform
Unlike other firewall products that simply enhance or augment standard Linux firewall packages, the core of every Barracuda Firewall is a specially developed application-controlled packet-forwarding platform called the Phion Core. The Phion Core is based on a combination of stateful packet forwarding, TCP stream forwarding, and application-layer gateways. Custom application plug-ins handle complex protocols and dynamic address/port negotiations.
The phion core technology delivers a best-of-both-worlds hybrid technology firewall that uses stateful packet forwarding. Transparent circuit-level application proxying provides content scanning, bandwidth management, and VPN tunneling.
Frequently Asked Questions:
Why do I need a Barracuda CloudGen Firewall?
As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda CloudGen Firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.
What is the difference between Barracuda CloudGen Firewalls and other firewalls?
Unlike other firewalls in the industry, Barracuda’s CloudGen Firewalls were designed with the modern network in mind. As organizations grew in the number of remote offices and employees, secure remote access (both site-to-site and client-to-site) became critical. Our proprietary TINA protocol allows us to provide powerful capabilities such as traffic shaping within VPN tunnels, tunnel encapsulation, traffic compression, NAT reversal, and more.
We also knew early on that a firewall’s core job was not only to protect the network, but also to optimize traffic delivery. This is even more important as organization use more cloud-based applications such as Salesforce and Office 365 and business-critical traffic moves to the WAN side of the network. Barracuda CloudGen Firewalls provide a set of powerful capabilities (dynamic link balancing, application-based link selection, quality-of-service, enterprise WAN optimization) to ensure the highest availability for critical applications.
Why do I need a Next Generation Firewall?
What are the major capabilities of the Barracuda CloudGen Firewall?As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda CloudGen Firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.
The Barracuda CloudGen Firewall is a next generation firewall and VPN that provides:
- Integrated content security and network access control
- Optimization of intelligent traffic flow across the WAN
- Industry-leading centralized management capabilities
What are the differences among the F-Series, S Series and X-Series firewalls?
The Barracuda CloudGen Firewall F-Series is designed for network engineers who manage distributed enterprise environments. It provides all the security functionality one expects from an enterprise next-generation firewall, including application detection and prioritization, IPS, malware protection, URL filter and even DDoS protection. Furthermore, its powerful traffic optimization features, extremely resilient site-to-site connectivity capabilities, and extensive logging and auditing tools make the F-series an ideal fit for organizations that need to efficiently manage and scale massive firewall deployments.
The Barracuda CloudGen Firewall S-Series provides remote connectivity in an affordable and easy to deploy solution. It is designed from the ground up to support Internet of Things initiatives where thousands of remote devices need to be connected to a headquarters or data center. The SC appliances are managed via a NextGen Control Center, and security features like IPS, application detection etc. are provided at the Secure Access Concentrator where the VPN for each SC appliance terminates.
The Barracuda CloudGen Firewall X-Series is ideal for small to medium-sized organizations looking for a simple, yet powerful next-generation firewall that provides IPS, application detection, URL filter, malware protection and some basic email security. Designed for the resource-constrained IT professional, the X-Series’ intuitive web interface has a low learning curve while providing and easy-to-use management interface.
How do I know if I should get the X-Series, F-Series or S-Series?
If you only have a few locations to manage (e.g., between one and three) and are looking for a firewall that is application aware and easy to use with a Web UI, then the X-Series firewall is ideal for you.
If you have a lot of remote locations to manage, secure and connect (e.g., more than three) and need a solution to seamlessly manage, protect and optimize your network, the F-Series firewall is right for you.
If you have to securely connect large numbers of devices to backhaul traffic to your HQ or data center, want to centrally administer the deployment and stay scalable, then the S-Series is the perfect choice for you.
Can I centrally manage multiple firewalls from one place?
Yes, all the Barracuda CloudGen Firewall Series—X, F, and S—can be centrally managed from a single pane of glass. The F and S-Series utilize the Barracuda NextGen Control Center to manage massive firewall deployments. The NextGen Control Center is available in physical, virtual and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, which is the same web-based portal that IT administrators use to control their other Barracuda products.
What is the difference in terms of deployment between the F, S and X-Series firewalls?
The Barracuda CloudGen Firewall F-Series can easily be deployed as "standalone" and provides great value this way, but its full potential and cost savings is unleashed when it’s centrally managed using a NextGen Control Center.
The S-Series firewall cannot be deployed as standalone, but needs one or multiple Secure Access Concentrators for VPN tunnel termination and a NextGen Control Center for central management. The Web UI on the SC appliances is only intended for initial setup.
The Barracuda CloudGen Firewall X-Series is designed to be used as standalone, and can optionally (at no extra charge) be connected to the Barracuda Cloud Control portal for convenient remote management.
What level of support can I expect to receive from Barracuda?
Regardless of whether you’re using the X-Series, F-Series or S-Series firewalls, you can expect the same level of award-winning support from Barracuda’s expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you will always speak to an in-region technician who is ready to help.
Can I centrally manage multiple firewalls from one place?
Yes, both the Barracuda NextGen X-Series and F-Series firewalls can be centrally managed from a single pane-of-glass. The F-Series utilizes the Barracuda NextGen Control Center to manage massive firewall deployments. The Control Center is available in physical, virtual, and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, the same web-based portal that IT administrators use to control their other Barracuda products.
What level of support can I expect to receive from Barracuda?
Regardless of whether you’re using the X-Series or F-Series firewalls, you can expect the same level of award-winning support from Barracuda’s expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you’ll always speak to an in-region technician ready to help.
What if I have more questions about the Barracuda CloudGen Firewall?
For additional assistance or for a product demonstration of the Barracuda Firewall, please contact us!
Documentation:
Download the Barracuda CloudGen Firewall X Datasheet (.PDF)
Pricing Notes:
- Please Note: Energize Updates and Instant Replacement Subscriptions need to be maintained for every Barracuda Product. All subscriptions are continuous and must start from the date of activation. Renewals purchases are continuous and start from the date of expiration of your current subscriptions. No exceptions.
List Price:
Our Price: $144.00