Barracuda Web Application Firewall 360

Barracuda Networks Web Application Firewall 360 Overview:

The Barracuda Web Application Firewall is a complete and powerful security solution for Web applications and Web sites. The Barracuda Web Application Firewall provides award-winning protection against hackers leveraging protocol or application vulnerabilities to instigate data theft, denial of service or defacement of your Web site.

• Protection against common attacks
• Outbound data theft protection
• Web site cloaking
• Granular policies
• Secure HTTP traffic
• SSL Offloading
• SSL Acceleration
• Load Balancing

Powerful, Complete Solution:

The Barracuda Web Application Firewall protects Web applications and Web services from malicious attacks, and can also increase the performance and scalability of these applications. The Barracuda Web Application Firewall offers every capability needed to deliver, secure and manage enterprise Web applications from a single appliance through an intuitive, real-time user interface.

• Single point of protection for inbound and outbound traffic for all Web applications
• Protects Web sites and Web applications against application layer attacks
• Delivers best practices security right out of the box
• Monitors traffic and provides reports about attackers and attack attempts

Comprehensive Web Application Protection:

The Barracuda Web Application Firewall provides award-winning protection from all common attacks on Web applications, including SQL injections, cross-site scripting attacks, session tampering and buffer overflows.

Many applications are vulnerable to such attacks because application developers do not consistently employ secure coding practices. Barracuda Web Application Firewall is designed to combat all attack types that have been categorized as significant threats, including:

• Cross Site Scripting (XSS)
• SQL injection flaws
• OS command injections
• Site reconnaissance
• Session hijacking
• Application denial of service
• Malicious probes/crawlers
• Cookie/session tampering
• Path traversal
• Information leakage

A Single Solution to a Multifaceted Problem:

Online Web-based applications are increasingly at risk from professional hackers who target such applications in order to commit data theft or fraud. Being compromised can damage an enterprise’s reputation, result in loss of customers and impact the organization’s bottom line.

In addition, companies that transact online are faced with a host of growing industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all enterprise and Web applications handling credit card and account information must undergo an extensive and costly audit of custom application code. The alternative to satisfy PCI DSS compliance is simply installing a Web application firewall.

The combination of these factors along with banking industry PCI DSS compliance concerns, creates demand for a more technologically and cost-effective risk protection solution for online Web applications.

Backed by the worldwide leader in email and Web security appliances, the Barracuda Web Application Firewall will continue to dominate the market by breaking technology barriers.

Features:

Traditionally, system administrators lock down host computers through a network firewall in order to ensure network security. While a typical network firewall can help restrict traffic to HTTP and HTTPS, as this traffic can contain command exploits leveraging vulnerabilities in the Web application itself. These exploits can result in data leakage, site defacement and other attacks by hackers that compromise both the privacy and integrity of vital data. Businesses of all sizes that operate their own Web applications should ensure that their Web sites are protected against application vulnerabilities.

The Barracuda Web Application Firewall provides complete protection of Web applications and is designed to enforce policies for both internal and external data security standards, such as Payment Card Industry Data Security Standard (PCI DSS). At the same time the Barracuda Web Application Firewall 460 and higher models feature a comprehensive set of application delivery capabilities designed to improve the performance, scalability and manageability of today’s most demanding data center infrastructures.

Comprehensive Web Site Protection:

The Barracuda Web Application Firewall proxies all of your Web site traffic, providing complete protection in front of your Web sites. Capabilities include:

• HTTP, HTTPS and FTP protocol compliance. At a basic level, the Barracuda Web Application Firewall verifies all inbound requests that comply with the HTTP, HTTPS and FTP specification. For example, inbound requests with more than one content-length header are typically the basis of HTTP request smuggling attacks; therefore they are illegal according to the HTTP specification and are blocked automatically.
• Protection against common, high-visibility attacks. Hackers can take advantage of vulnerabilities in your online Web forms to attack your applications. The Barracuda Web Application Firewall protects your Web applications against SQL injections, OS command injections and cross-site scripting attacks.
• Protection against attacks based on session state. The Barracuda Web Application Firewall protects your Web applications against any attacks based on session state, such as forms tampering or cookie tampering.
• Outbound data theft protection. In addition to inspecting the request traffic, the Barracuda Web Application Firewall also inspects all outbound packets for any data pattern expressible as a UNIX-style regular expression. Built-in policies protect all major credit cards and U.S. Social Security number patterns and new data patterns can be added at any time. Inspection for outbound leakage of these patterns can be applied to security policy on-the-fly.
• Web site cloaking. To prevent hackers from doing reconnaissance on your Web infrastructure, the Barracuda Web Application Firewall automatically strips identifying banners of Web server software and version numbers out of all transactions.
• Anti-crawling. While some Web crawlers, such as search engines are often desirable, you may wish to prevent all other users from downloading your entire site. The Barracuda Web Application Firewall can easily identify and allow legitimate crawlers while blocking more malicious ones.
• Fine-grained control. The Barracuda Web Application Firewall features automatic fine-grain rules creation based on both HTTP requests and responses down to the level of individual HTML elements.
• Application denial of service (DoS) protection. The Barracuda Web Application Firewall controls the rate of allowed operations that use an intense amount of resources, thus protecting against application-layer denial of service attacks.
• Cookie tampering. The Barracuda Web Application Firewall fully terminates and proxies every connection to insulate each unique user session from exposure and can stamp or encrypt the session cookies. Also included to prevent cookie tampering is the ability to ensure that all hidden or read-only form fields are not changed by the user.
• XML Firewall. The Barracuda Web Application Firewall has an integrated XML firewall improve the security of the XML based Web applications and Web services. The XML firewall detects and prevents XML specific attacks such as extremely large messages, highly nested elements, recursive passing, schema and WSDL poisoning.
• Integrated Anti Virus. All file uploads to the Web application can be scanned for embedded viruses and malware using the integrated anti virus engine of the Barracuda Web Application Firewall.
• Rate Control. Peak traffic or Denial of Service (Dos) attacks can impose significant load on the application servers, causing servers to overload and create very high response times. With the rate control feature, the Barracuda Web Application Firewall controls the rate of requests that are delivered to an application. This is crucial to prevent application servers from being overloaded.

Application Access Control:

The Barracuda Web Application Firewall implements a single point for policy enforcement and control, which includes authentication to ensure that users are known, access control policy for resources and protection against data leakage. Capabilities include:

• LDAP and RADIUS integration. For authentication and authorization, the Barracuda Web Application Firewall integrates with common authentication services, including Active Directory and other LDAP-compatible directories as well as RADIUS servers.
• Simple single sign-on (SSO) portal. By combining built-in authentication and authorization capabilities with Web address translation and cookie session management features, administrators utilize the Barracuda Web Application Firewall to present a simple front-end portal to back-end applications without requiring changes to source code, IP addressing or the server infrastructure. Authentications are logged and user credentials are forwarded in the HTML header making integration with back-end applications simple and scalable.
• Client Certificate Authentication. To verify a user’s identity, the Barracuda Web Application Firewall authenticates and grants access to users with valid client certificates.

Application Delivery and Acceleration:

In addition to the comprehensive security benefits of the Barracuda Web Application Firewall, there are also additional operational capabilities available in the Barracuda Web Application Firewall. Capabilities include:

• Caching. The Barracuda Web Application Firewall can reduce load on back-end Web servers and increase performance by caching Web content and avoiding repeated requests to back-end Web servers.
• Compression. To reduce network traffic requirements, the Barracuda Web Application Firewall can automatically apply GZIP compression to renderable HTML content to be decompressed by the browser.
• Connection pooling. To reduce back-end server overhead for maintaining new TCP connections, the Barracuda Web Application Firewall can automatically pool multiple front-end connections into a single back-end connection. Connection pooling keeps the back-end servers focused on processing application logic rather than protocol termination.
• SSL offloading. The Barracuda Web Application Firewall includes SSL offloading, streamlining the encryption and decryption of SSL traffic to quickly process secure online transactions without additional burden on any servers.
• SSL acceleration. The Barracuda Web Application Firewall includes hardware-based SSL acceleration, offloading back-end servers from the computational burdens of encrypting and decrypting secure Web traffic.
• Load balancing. The Barracuda Web Application Firewall includes integrated load balancing capabilities to distribute traffic among multiple back-end servers. It supports both Layer 4 and Layer 7 cookie persistence and includes support for Layer 7 content switching based on URL pattern, parameter or HTTP header fields.
• High Availability. When inline in Bridge-path, the Ethernet Hard Bypass ensures reliable application delivery even with a single Barracuda Web Application Firewall. For Web applications with stringent security requirements, the Barracuda Web Application Firewall may be installed in a redundant pair configuration, providing real-time application state replication so that security and user sessions will not be compromised during a failover event.

Logging, Monitoring and Reporting:

The Barracuda Web Application Firewall features advanced capabilities to provide immediate feedback to the operations team that deploy, manage and secure mission critical applications. Capabilities include:

• Comprehensive logging. The Barracuda Web Application Firewall maintains a rich set of logs on the appliance, including system activity, Web Firewall activity, Web services activity, network firewall activity and traditional Web logs.
• PCI reports. The Barracuda Web Application Firewall provides an easy-to-read snapshot of common application attacks, critical for securing credit card information and providing compliance to PCI DSS requirements.
• Syslog support. The Barracuda Web Application Firewall forwards logs to a syslog server for centralized and persistent storage or analysis by a third party tool.

PCI DSS Compliance:

The Barracuda Web Application Firewall and Barracuda Web Application Controller assist organizations of all types that store, process and/or transmit credit card numbers, comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements. In response to increased identity theft incidents and security breaches, major credit card companies collaborated in Sept. 2006 to create the 12 procedural and system requirements, commonly known as PCI DSS version 1.1, to standardize how to store and access Primary Account Number (PAN) information.

Most immediate for today’s merchants and organizations is Section 6.6 of the PCI DSS compliance deadline on June 30, 2008, addressing the development and maintenance of secure systems and applications. Section 6.6 mandates all enterprise and Web applications handling credit card and account information must undergo an extensive audit of all custom application code that can be time consuming, labor intensive and a costly process to visit and revisit with each change to the application code. The alternative to satisfy PCI DSS Section 6.6 compliance is simply installing a Web application firewall.

Payment Card Industry Data Security Standard (PCI DSS) Requirements

The 12 PCI DSS requirements are organized into 6 main categories. To be fully compliant, an organization must satisfy all 12 requirements.

• Maintain a Secure Network: Requirements 1 and 2
  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
• Protect Cardholder Data: Requirements 3 and 4
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
• Maintain a Vulnerability Management Program: Requirements 5 and 6
  • Use and regularly update anti-virus software
  • Develop and maintain secure systems and applications
• Implement Strong Access Controls: Requirements 7, 8, and 9
  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
• Regularly Monitor and Test Networks: Requirements 10 and 11
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
• Maintain an Information Security Policy: Requirement 12
  • Maintain a policy that addresses information security

Source: PCI Security Standards version 1.1 - http://www.PCISecurityStandards.org.

Barracuda Networks Enables PCI DSS Compliance

The Barracuda Web Application Firewall and Barracuda Web Application Controller are designed as easy and cost-effective solutions to achieve PCI DSS compliance. In addition to satisfying the time-sensitive need to install a Web application firewall into your network for PCI DSS Section 6.6 compliance, the Barracuda Web Application Firewall further ensures PCI DSS compliance with a host of other advanced technologies.

The Barracuda Web Application Firewall enables PCI DSS compliance across major requirements:

Requirement	Barracuda Web Site Firewall
1 - Install a Firewall	Acts as a Web application firewall
3 - Protect data	Proxies Web traffic and insulates Web servers from direct access by attackers
4 - Encryption	Provides easy SSL encryption even if the application or server does not enable SSL
6 - Protect Against Vulnerabilities	Blocks known and zero-day attacks as well as the industry-accepted top 10 Web application vulnerabilities for custom development, legacy and third-party applications
7 - Restrict Access	Provides role-based administration to security policies
10 - Track and Monitor Access	Logs and reports application access and security violations

PCI DSS section 6.5 is perhaps the most significant set of detailed requirements as it addresses application vulnerability, including coding guidelines, such as those outlined by Open Web Application Security Project (OWASP). The Barracuda Web Application Firewall directly addresses each of the requirements in section 6.5.

Requirement	Barracuda Web Site Firewall
6.5.1 Unvalidated input (i.e., hidden field manipulation)	Validates incoming and outgoing session content against legitimate application behavior and usage
6.5.2 Broken access control (i.e., malicious use of user IDs)	Prevents cookie tampering and corruption of an application’s access control system
6.5.3 Broken authentication and session management (i.e. cookie tampering, session hijacking)	Automatically encrypts session cookies and assigns unique session-IDs to ensure secure user sessions
6.5.4 Cross-site scripting (XSS) attacks	Inspects and verifies user input and incoming requests for any malicious code before forwarding it to backend servers
6.5.5 Buffer overflows	Detects and prevents attempts via the header or input fields to exceed memory capacity
6.5.6 Injection flaws (i.e., SQL injection)	Validates legitimacy of all Web requests and code accessing backend systems
6.5.7 Improper error handling	Cloaks Web application infrastructure from hackers attempting to expose vulnerabilities in error response and other messages
6.5.8 Insecure storage	Filters and intercepts outbound traffic to prevent transmission of sensitive information, such as passwords, credit card numbers, account records or proprietary information
6.5.9 Application Denial of service (DoS)	Slows down access requests to the Web site if a violation is detected, preventing application DoS attacks
6.5.10 Insecure configuration management	Proxies all inbound and outbound Web traffic to neutralize any configuration vulnerabilities

Model Comparison:

There are three models of the Barracuda Web Application Firewall that handle up to 100 Mbps of throughput, while on the higher end of the product line, the Barracuda Web Application Controllers handle up to 1 Gbps. These specifications are not limits of each system, rather recommended capacity for a single unit.

Model Comparison	360	460	660	860	960
CAPACITY*
Backend Servers Supported	1-5	5-10	10-25	25-150	150-300
Inbound Web Traffic (Mbps)	25	50	100	600	900
HARDWARE
Rackmount Chassis	1U Mini	1U Mini	1U Full size	2U Full size	2U Full size
Dimensions (in.)	16.8x1.7x14	16.8x1.7x14	16.8 x 1.7 x 22.6	17.4 x 3.5 x 25.5	17.4 x 3.5 x 25.5
Dimensions (cm.)	42.7x4.3x35.6	42.7x4.3x35.6	42.7 x 4.3 x 57.4	44.2 x 8.9 x 64.8	44.2 x 8.9 x 64.8
Weight (lbs./kg.)	12 / 5.4	12 / 5.4	26 / 11.8	46 / 20.9	52 / 23.6
Front Ethernet Ports	2 x 10/100	2 x Gigabit	2 x Gigabit	2 x Gigabit	2 x Gigabit
Back Ethernet Ports	1 x 10/100	1 x 10/100	1 x Gigabit	1 x Gigabit	1 x Gigabit
AC Input Current (Amps)	1.2	1.4	1.8	4.1	5.4
ECC Memory
FEATURES
HTTP/HTTPS/FTP Protocol Validation
Protection Against Common Attacks
Form Field Meta Data Validation
Web Site Cloaking
Response Control
Outbound Data Theft Protection
Granular Policies to HTML Elements
Protocol Limit Checks
File Upload Control
Logging, Monitoring and Reporting
High Availability
SSL Offloading
Authentication & Authorization
LDAP/RADIUS Integration
Load Balancing
Content Routing
XML Firewall

*Capacity depends on environment and selected options.

Deployment and Administration:

Deployments:

Standard Deployment Configuration:

The Barracuda Web Application Firewall is designed to easily fit into any existing data center environment and to rapidly secure and accelerate new and existing Web applications. Barracuda Networks offers the most flexible array of Barracuda Web Application Firewall deployment options, including both Bridge-path and Route-path.

Bridge-path:

Bridge-path, the recommended mode of implementation for most customers with existing Web application traffic, enables simple and fast deployment without requiring any IP address changes on either the front- or back-end Web servers or network devices. The bridge is transparent, so no user traffic is disrupted.

Route-path:

Route-path provides the highest degree of protection for a Web application infrastructure by acting as a full reverse proxy for all Web application traffic. As a reverse proxy, Route-path allows only predefined traffic that adheres to security policies. Additionally, the reverse proxy controls the only route to the back-end network, so traffic cannot flow to any server unless specifically forwarded by the proxy. This is the most flexible deployment mode because it facilitates the content-based traffic management functions of the Barracuda Web Application Firewall.

One-Armed Proxy Deployment:

Deploying the Barracuda Web Application Firewall in the One-Armed Proxy configuration requires the unit to be set up off a switch only from the WAN port. This configuration creates an additional route for traffic to reach the servers without disturbing the natural flow through the network. Only the traffic that needs to be monitored or secured is routed via the Barracuda Web Application Firewall. One-Armed Proxy as a deployment option is utilized during the initial phases when the administrators want to validate the solution without having to change network settings. Another scenario to use the One-Armed Proxy deployment is to utilize the load balancing feature of the appliance for HTTP/HTTPS traffic, while letting SMTP and other traffic go directly to the server.

One-Armed Proxy Deployment

Deploying the Barracuda Web Application Firewall in the One-Armed Proxy configuration requires the unit to be set up off a switch only from the WAN port. This configuration creates an additional route for traffic to reach the servers without disturbing the natural flow through the network. Only the traffic that needs to be monitored or secured is routed via the Barracuda Web Application Firewall. One-Armed Proxy as a deployment option is utilized during the initial phases when the administrators want to validate the solution without having to change network settings. Another scenario to use the One-Armed Proxy deployment is to utilize the load balancing feature of the appliance for HTTP/HTTPS traffic, while letting SMTP and other traffic go directly to the server.

Fault Tolerant Barracuda Web Application Firewall Environment:

Some organizations may need only a single Barracuda Web Application Firewall. When inline in Bridge-path mode, the Barracuda Web Application Firewall’s Ethernet Hard Bypass ensures reliable application delivery. For Web applications with stringent security requirements, the Barracuda Web Application Firewall may be installed in a redundant pair configuration, providing real-time application state replication so that security and user sessions will not be compromised during a failover event.

Administration

Configuration and Policy Administration:

Configuration of the Barracuda Web Application Firewall is accomplished through a secure Web-based interface, featuring a comprehensive online help system.

Initial application definition is made simple through comprehensive default security policies that also allow the administrator to specify more fine-grain rules. Features such as automatic rule creation from log entries enable administrators to easily maintain security policies even as applications change.

Reporting

The Barracuda Web Application Firewall's administrative tools feature statistical reporting that allow you to visualize both overall Web traffic levels as well as the levels of traffic filtered for either policy or security reasons.

The Barracuda Web Application Firewall basic status page provides a quick snapshot of statistics on common attacks, subscription status, performance statistics, as well as hourly and daily attacks and bandwidth usage.

Screenshots:

The following screenshots illustrate the Web user interface of the Barracuda Web Application Firewall.

	Basic -> Status Displays the current status of the appliance, including the attack distribution and traffic statistics for the configured Web sites.		Security Policies -> URL Protection Sets policies for scanning URLs to enforce only valid traffic passes through to the Web servers.
	Basic -> Services Provides configuration of Web sites and enables default protection.		Security Policies -> Parameter Protection Sets acceptable parameters to ensure values are validated.
	Basic -> Default Security Enables the configuration of the default security policy.		Security Policies -> Cloaking Controls suppression of server banners and errors to ensure no sensitive information is available in response messages.
	Basic -> IP Configuration Controls the settings for WAN, LAN and Management IP configuration. Using this screen, the Barracuda Web Application Firewall can be configured in bridge or proxy mode.		Security Policies -> Data Theft Protection Protects sensitive information such as credit card numbers and social security numbers from information leakage.
	Basic -> Web Firewall Logs Tracks attacks against the Web sites and actions taken by the Barracuda Web Application Firewall.		Advanced -> Energize Updates Sets intervals to download attack and security definitions.
	Security Policies -> Cookie Security Enables policies to protects an application’s cookies from theft or tampering.

FAQ:

What does the Barracuda Web Application Firewall do?

The Barracuda Web Application Firewall protects your Web site from attackers leveraging protocol or application vulnerabilities to instigate unauthorized access, data theft, denial of service (DoS), or defacement of your Web site.

The Barracuda Web Application Firewall provides complete protection of Web applications and is designed to enforce policies for both internal and external data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS). At the same time, the Barracuda Web Application Firewall features a number of traffic management capabilities designed to improve the performance, scalability and manageability of today’s most demanding data center infrastructures.

Why do I need a Web Application firewall?

Businesses of all sizes that operate their own Web applications should deploy a powerful Web site firewall to protect their Web sites from application vulnerabilities.

Traditionally, security has been considered a network issue, where system administrators lock down host computers through a network firewall. While a typical network firewall can help restrict traffic to HTTP and HTTPS, this traffic can contain command exploits leveraging vulnerabilities in the Web application itself. Without the Barracuda Web Site Firewall acting as an application firewall, a hacker’s attack can result in unauthorized access, data leakage, site defacement and/or other attacks that compromise both the privacy and integrity of vital data.

What are the major capabilities and benefits of the Barracuda Web Application Firewall?

The major capabilities and benefits of the Barracuda Web Application Firewall include:

Comprehensive Web Site Protection: The Barracuda Web Application Firewall proxies all Web traffic, providing complete protection in front of your Web sites. Web site protection capabilities include: HTTP protocol compliance, protection against common/high-visibility attacks, protection against attacks based on session state, online form field validation, outbound data theft protection, Web site cloaking, anti-Web crawling and application denial of service (DoS) protection, as well as fine-grain controls.

Application Access Control: The Barracuda Web Application Firewall provides PKI support to provide certificate verification and prevents cookie tampering to ensure hidden or read-only form fields are not changed by the user.

Application Delivery and Acceleration: In addition to the security and access control benefits of Barracuda Web Application Firewall, there are also additional operational capabilities. Capabilities include SSL offloading, SSL acceleration, load balancing and high availability.

Logging, Monitoring and Reporting: The Barracuda Web Application Firewall features advanced capabilities to provide immediate feedback to operations teams that deploy, manage and secure mission critical applications. Besides a system log, Web firewall log, traditional Web log and audit log, the Barracuda Web Application Firewall also provides specific reports relevant to PCI compliance.

How does the Barracuda Web Application Firewall detect and mitigate threats?

The Barracuda Web Application Firewall provide award-winning protection from all common attacks on Web applications, including SQL injections, cross-site scripting attacks, session tampering and buffer overflows. As a full proxy, the Barracuda Web Application Firewall provides comprehensive inbound and outbound protection. By inspecting request traffic, the Barracuda Web Application Firewall can block inbound attacks and cloak Web sites from hackers, while response traffic inspection prevents sensitive data leakage, such as credit card or Social Security numbers.

In addition, the Barracuda Web Application Firewall secures applications from unauthorized user access a full PKI integration for use with client certificates.

Can the Barracuda Web Application Firewall help my company comply with the Payment Card Industry Data Security Standard (PCI DSS)?

Yes, the Barracuda Web Application Firewall assists organizations that store, process and/or transmit credit card numbers to comply with the Payment Card Industry - Data Security Standard (PCI DSS) requirements.

As major credit card companies are increasing pressure on merchants to comply with the PCI DSS, many e-commerce businesses are seeking solutions to meet requirement 6.6 of PCI DSS calling for either detailed custom application code reviews or installation of a Web Application Firewall by June 30, 2008. Failure to comply with these security standards may result in fines, restrictions or permanent expulsion from card acceptance programs. Through multiple advanced features, the Barracuda Web Application Firewall can help organizations easily become PCI DSS compliant. Click here for additional information.

What logging, monitoring and reporting features are available with the Barracuda Web Application Firewall?

Logging monitoring and reporting capabilities of Barracuda Web Application Firewall include:

Comprehensive logging. The Barracuda Web Application Firewall maintains a rich set of logs on the appliance, including system activity, Web Firewall activity, Web services activity, network firewall activity and traditional Web logs.

PCI reports. The Barracuda Web Application Firewall provides a quick snapshot of application attacks defined in the PCI DSS Section 6.5, including unvalidated input, broken access control, cross-site scripting and so on.

Syslog support. The Barracuda Web Site Firewall forwards logs to a syslog server for centralized and persistent storage or analysis by a third party tool.

Will the Barracuda Web Application Firewall fit into my existing network environment?

Yes, the Barracuda Web Application Firewall is designed to easily fit into any existing data center environment and to rapidly secure and accelerate new and existing Web applications. Barracuda Networks offers the most flexible array of Barracuda Web Application Firewall deployment options, including both Bridge-path and Route-path.

How do I know which Barracuda Web Application Firewall model is best suited to my needs?

 A regional Barracuda Networks sales representative can evaluate your network environment and Web usage needs to help determine which model(s) is the best fit for your company.

What if I have more questions or want to see an online demo of the Web Application Firewall?

For answers to additional questions, please contact us.

Documentation:

Download the Barracuda Web Site Firewall Data Sheet (.PDF)

Download the Barracuda Web Application Controller Datasheet (.PDF)