The world is changing. Not so long ago firewalls were just firewalls. You could open, close and forward ports, create VPN connections and that was about it. Fast forward to the present and you can see how technology has advanced. Barracuda is one of the first vendors to offer next-generation firewalls to the masses with affordable prices.
The last time I got in touch Barracuda products was like ages ago. At that time, I didn’t care so much about Barracuda products. I guess they didn’t offer any advantages. But how was I surprised about the current product lineup. They have unified GUI to have a similar look across its products. Oh, and the GUI is very modern and is very easy to work with. It seems Baracuda has been working hard on usability in the recent years.
What about the hardware and technology? That is something that surprised me even more. I had a chance to test their Email Spam filtering solution and after using it for one year, I can only say that it works like a charm. It’s working so well, that I replaced our aging Mail Marshall with a solution from Baracuda. Interested in their next generation firewall, I decided to write a NGFW review.
Barracuda NG firewall review
If you have used MS TMG for example for a browser proxy, you will be glad that Baracuda firewall works great for website filtering as well. In addition, files which are download are being checked in real-time for virus or malware infection. We have used TMG for increased protection against viruses with subscription and GFI add-on as well. If you still have a similar solution, you can switch to Barracuda easily now.
Baracuda firewall works great for website filtering. Where it really shines is traffic live feed and monitoring of live traffic in real-time. There is always current state on the display and when we click on the type of the traffic we get exact information.For example, if you want to see everything related to Youtube, we can select filter Youtube and we get information who, when and what has been watching on Youtube with connections to youtube videos. For every application, we can define a schedule when users can use it. For example, we can set a policy that Facebook is only available during the launch time. We can create QOS per application, meaning that we can change a priority for bandwidth. I think this feature is simply amazing as you can limit Youtube bandwidth. Many users listen to music by playing Youtube. If one user is playing a video that is fine. But when every second user is doing that, Youtube could quickly have the impact on the bandwidth. Youtube automatically detects your screen size, and can easily serve HD version of the song, affecting the bandwidth even further. By using QOS we can fix that.
We can also filter all reports and show them on the screen, but we can also export and view them in Excel.
I would like to mention that GUI is very easy to understand. And so is navigating and looking at what’s happening on the network. Dashboard will show you essential information, and from here you can move quickly to URL filtering for example.
Sometimes, we tend to forget about business continuity. Barracuda NGFW can work with multiple internet providers at the same time. That functionality is built in the core and is easy to configure. Feature wise it’s ready for the most demanding environments. It will intelligently move the session from between internet providers. If we have configured BGP, we can enable remote VPN connection without interruptions.
Configuration
You can use Baracuda NGFW as a default gateway, transparent proxy or as a standard firewall perimeter. You can configure an appliance from the console via a cable. You can also use SSH protocol for connecting through the network. Baracuda provides one of the best-looking configuration GUI’s called Baracuda NextGen Admin (also referred to as NG Admin) for graphical configuration.
You can use NG Admin to configure one device or you can use it to connect to the controlling unit. We can then manipulate other connected units.
If we have firewalls across the globe, we can use a program called NG Earth. We can see literally where on the Earth our firewalls are connected and what is the state of devices. If they are having problems we can spot problematic devices as they are shown in different colors. We can also see their connections in real time.
Centralized management of multiple units supports simultaneous configuration on various firewalls. We can save templates for the exact segment and use templates on a complete network. We can then segment firewall configuration. One of the usability advantages of Barracuda is Undo function. When we configure a firewall, we always have an option – Discard. We can undo our last configuration. Only when we save configuration it becomes active.
Baracuda can work as a classic NAT but it can work as a transparent proxy (that works only for physical appliance – you can not use a virtual appliance).
Creating objects which are later used in the rules is simple. We can block entire internet traffic or just a specific protocol. With just a couple of clicks, Barracuda NGFW also has a list of Countries built in. By having countries in the policy, it means that we have another option which we can use to secure our perimeter. Countries can be easily used in policies. For example, we can block all traffic coming in our out of the China. Using the countries in the policies can decrease attacks on our IP, but it doesn’t mean it will prevent all of them. Attackers are using cheap VPS servers which are available in all countries, including Europe and USA.
Most of a configuration works in a way that first rules allows the policy. The last are the one that block. If you remember, MS TMG works in a similar way so migration will be easy. We can segment the users based on groups, we can use Active directory integration, or we can use a local database if the environment is too small. We can use external Radius server for authentication. It has support for x.509 certificates. It also has support for SMS Passcode authentication . We can use it as a classic NAT or it can work as a transparent proxy.
For VPN authentication Barracuda supports SMS Passcode, making login process very secure.
Barracuda supports site to site VPN connection, SSL VPN (connecting to VPN through the browser), it supports all major protocols like IPSec, L2TP, PPTP. We can import a certificate from a certificate authority or we can generate one. Connections can be encrypted with AES 128/256, Blowfish, 3DES and with CAST crypto algorithms.
Mobile VPN application is available for devices with IOS and Android OS. VPN client is available in the app store of respective mobile OS.
Security
Barracuda NGFW protection is two-fold. First, it scans the packets for anomalies. With updates, it gets information about the latest vulnerabilities in programs and type of patterns which it finds in the traffic and protects internal systems from zero-day attacks. Definition Updates are automatic and work similar to anti-virus updates. It can protect against DOS and DDOS attacks.
Files which are being downloaded are checked in real-time for virus and malware infection.
Barracuda NGFW can also handle encrypted SSL connections. Once this option is enabled, firewall intercepts communication between the client and destination and can easily see if the traffic is against the policy we have set. By using Barracuda NGFW we can control applications which connect to the internet and can block them if required.
Summary
Baracuda has many models, therefore is suitable for SMBs and big companies. Functionalities that it offers are above most of the firewalls currently in use in the companies. They offer better protection which leads to increased productivity. In the past prices for such devices were very expensive, but now, we can get the entry model for the price of a good laptop.
Barracuda covers a complete range of next generation firewalls, from entry level to the enterprise solutions. You can choose a hardware or virtual appliance. Starter model comes equipped with Atom CPU, an SSD drive and a reasonable price. If you a looking for a Firewall replacement, I recommend that you get in touch with Barracuda representative. I hear they have great promotions and also offer a trial on your premises.
Leave a Reply