Call a Specialist Today! 800-878-6893

Barracuda NextGen Control Center C610
Central Management of the Entire Enterprise Security Infrastructure


Barracuda NextGen Control Center C610

Barracuda NextGen Control Center Series
Barracuda NextGen Control Center C610 - Enterprise Edition
Barracuda NextGen Control Center C610 - Enterprise Edition
Note: The purchase of Phone Installation or Onsite Installation and at least 1 Year of Energize Updates is required
#BNCC610a
Contact us for pricing!

Click here to jump to more pricing!

Click here for a Barracuda LIVE DEMO!Overview:

To centralize management across many different firewalls and remote access users, the Barracuda NextGen Control Center enables administrators to manage and configure security, content, traffic management, and network access policies from a single interface. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations. The Barracuda NextGen Control Center helps significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateway. Software patches and version upgrades are centrally controlled from within the management console and deployment can be applied to all managed devices. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

The Barracuda NextGen Control Center is offered at three levels - Standard Edition, Enterprise Edition, and Global Edition. All Barracuda NextGen Control Center levels enable administration of an unlimited number of Barracuda NextGen Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or "range." The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each tenant.

Central Management Across the Enterprise

With hardware models ranging from the micro branch office up to the large headquarters and datacenters, and a corresponding offering of virtual appliances, the Barracuda NextGen Firewall is designed for deployment across the entire enterprise. Through the Barracuda NextGen Control Center, administrators can manage security, content and traffic management policies from a single interface. Centralized management of security and content policy provides a number of benefits, including:

  • Consistent security posture and policy enforcement across the enterprise
  • Real-time accounting and reporting across multiple gateways
  • Comprehensive history and rollback of configuration and policy changes across the network
  • Centralized version control of anti-spam, anti-virus, Web filter and network access control updates

Barracuda NextGen Firewall Deployment Diagram

Scalable Security for the Enterprise

Security-conscious companies and managed security providers are confronted with an increasing number of gateways in their networks. Managing hundreds or thousands of systems can require a costly, time-intensive process by qualified staff. The Barracuda NextGen Control Center can significantly decrease administrative overhead.

The Barracuda Advantage

  • Increased security and reduced costs
  • Revision capabilities and easy restoration of proven configurations
  • Simple drag & drop configuration and visualization of VPN tunnels
  • Fully scalable to grow with organizational needs and requirements
  • Disaster recovery within a few minutes using only two configuration files
  • Hypervisor support for VMware, Hyper-V, KVM, and XenServer
  • Available for Amazon Web Services and Microsoft Azure

Product Spotlight

  • Powerful, scalable, industry-leading central management
  • Comprehensive revision control system
  • Consistent security posture and policy enforcement across the entire enterprise
  • Integrated Public Key Infrastructure (PKI)

Regaining Control of User Activity

Cost Efficiency

The Barracuda NextGen Control Center gives full control over system administration costs.

Lifecycle costs: Central update management drastically lowers the time spent deploying patches. Even Barracuda NextGen Firewalls, with different software versions can be centrally managed at the same time.
Deployment costs: Using the Barracuda NextGen Control Center, rollouts with hundreds of devices can be completed within a few weeks instead of months.
Operating costs: The Barracuda NG Control Center helps to significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateways.

True Enterprise Readiness

Security Management with Ease

Firewall rulesets and other security policies, as well as, software patches and version upgrades are centrally controlled from within the management console. Deployment can be scheduled and applied to all managed devices. Highly customizable administrative roles allow delegation of administrative capabilities for specific departments or locations. Administrators are kept informed at all times on the status of remote gateways and can implement centrally defined security rules at every location. Furthermore, the integrated revision control system provides easy audits and cuts overhead.

Monitor WAN activity in real time with Barracuda NG Earth
Monitor WAN activity in real time with Barracuda NG Earth

Benefits:


Controlling Application UsageControlling Application Usage

The Barracuda NextGen Firewall gives administrators granular control over applications, allowing them to define rules for forwarding data traffic using the best respective transmission channels based on type of application, user, content, time of day, and geographical location. Mobile devices, online applications, social networks, and streaming media have caused an enormous increase in non-business network data traffic, pushing bandwidth capacities to their limits and causing degradation in performance of business-critical applications. The Barracuda NextGen Firewall allows organizations to prioritize traffic by limiting or restricting access to non-business-related applications and network traffic, even when encrypted.

Key Features: Application-Based Link Selection, Application Control 2.0, Deep Application Context, Personalized Application Control, User Identity Awareness, Reporting

Secure Your Network's Perimeter
Secure Your Network's Perimeter

Secure your organization's data against hackers, malware, DoS attacks, and botnets with Advanced Threat Detection. Traditionally, these threats would routinely bypass signature-based IPS and antivirus engines. Advanced Threat Detection stops threats in their tracks. You gain granular control backed by real-time, zero-hour threat intelligence, all from one single pane of glass that is easy to use and manage for the most advanced, up-to-the-minute security.

Key Features: Advanced Threat Detection, Malware Protection, Intrusion Detection and Prevention, Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection, Web Filtering

Cloud Enablement and WAN VirtualizationCloud Enablement and WAN Virtualization

One way to greatly increase the capacity of site-to-site links is to simply pay more for extra bandwidth. A better way is to take advantage of the Barracuda NextGen Firewall's advanced WAN optimization and cloud-enablement capabilities.

Cloud offerings like Amazon EC2 and Windows Azure depend on highly secure environments within the cloud. The Barracuda NextGen Firewall is ideal for securing use of these cloud services – connecting on-premises networks to the cloud and connecting logically separated components within the cloud datacenters.

Key Features: Application-Based Link Selection, Traffic Shaping and Quality of Service, Failover and Link Balancing, WAN Optimization, Windows Azure, Amazon EC2

Secure Remote Access and Access Control

The Barracuda NextGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without time-consuming client configuration and management. The communication protocols used with our VPN clients has been optimized to be fully roaming-capable by quickly reconnecting upon loss of communication. Smart pathfinder technology determines the nearest point of entry to the corporate network. Advanced NAT traversal technology can use different encapsulation ports in either TCP or UDP and is able to mimic SSL to cut through intermittent proxies.

Key Features: BYOD (Bring Your Own Device), Secure Remote Access, Network Access Control, Mobile Portal

Secure Remote Access and Access Control

Operations Cost ControlOperations Cost Control

Maintaining and trouble-shooting security devices within enterprise networks can take a lot of time and IT resources. To mitigate operational costs, the Barracuda NextGen Firewall provides advanced trouble-shooting and analysis through the intuitive web interface so that information such as activity history, complete logs, and graphical accounting can be obtained from powerful drill down views with just one click. Problem resolution times can be reduced from hours to just minutes. 

With affordable, all-inclusive pricing (no per-feature or per-user license fees), the Barracuda NextGen Firewall can converge multiple point solutions into just one appliance to deliver impressive upfront and running cost savings. Ease of use keeps training and administrative costs low, while traffic intelligence and WAN optimization extend the capacity of existing infrastructure to deliver additional long-term direct cost savings.

Key Features: Scalable Deployment, Lifecycle Management, Revision Control System, Audit, and Reporting

Features:

Advanced Threat Detection

While traditional solutions usually detect network threats after they have breached the network, by sending log notifications to the administrator, the Barracuda Advanced Threat Detection (ATD) implements full system emulation, which provides deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.

The Barracuda ATD offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization's network.

The Barracuda Advanced Threat Detection is an optional subscription.

Application Control 2.0

The Barracuda NextGen Firewall provides a powerful and extremely reliable detection and classification of more than 1,200 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:

  • Block unwanted applications for certain users or groups
  • Control and throttle acceptable traffic
  • Preserve bandwidth and speed-up business-critical applications to ensure business continuity
  • Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube Postings, or MSN file transfers)
  • Intercept SSL-encrypted application traffic

The Barracuda NextGen Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, the Barracuda NextGen Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial for QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Deep Application Context

The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.

Personalized Application Control

On top of the 1,400+ applications that are delivered out of the box and constantly updated, the Barracuda NextGen Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization's specific needs.

User Identity Awareness

Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to. Barracuda NextGen Firewalls are fully user-identity aware by linking a user to one or several IP addresses. Any role assignments that result from identity and device posture checks communicated to the firewall by our health agents can be used within the firewall to facilitate role-based access control (RBAC). Barracuda NextGen Firewalls support authentication of users and enforcement of user-aware firewall rules, web filter settings, and Application Control 2.0 using Active Directory, NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.

Reporting

The Barracuda NG Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda NextGen Firewall units and to create easy-to-read reports in pdf format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email. Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.

For auditing reasons IP addresses can be anonymized.

Intrusion Detection and Prevention

The Barracuda NextGen Firewall Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda NextGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NextGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NextGen Control Center.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection

In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda NextGen Firewall effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network. Additionally, the Barracuda NextGen Firewall allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda NextGen Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.

Web Filtering

The Barracuda Web Filter enables highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.

Malware Protection

Barracuda NG Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda NG Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

Application-Based Link Selection

The combination of next-generation security and adaptive WAN routing allows the Barracuda NextGen Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

Traffic Shaping and Quality of Service

Limited network resources make bandwidth prioritization a necessity. The Barracuda NextGen Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. The Barracuda NextGen Firewall provides a large set of QoS techniques, such as traffic shaping, traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.

Failover and Link Balancing

To ensure the best and most cost-efficient connectivity, the Barracuda NextGen Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.

WAN Optimization

The Barracuda NextGen Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of business-critical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of the Barracuda NextGen Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprise-grade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, the Barracuda NextGen Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications - at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.

Microsoft Azure

Besides VMware, KVM, and XenServer, the Barracuda NextGen Firewall is fully compatible for use in Windows Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer.

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances to help organizations. 

Barracuda NextGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring, and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualized environments.

Amazon EC2

Besides VMware, KVM, and XenServer, the Barracuda NextGen Firewall is fully compatible for use in Amazon Elastic Compute Cloud (EC2).

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances.

Barracuda NextGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda Networks virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualization environments.

BYOD (Bring Your Own Device)

The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The Barracuda NextGen Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Secure Remote Access

The Barracuda NextGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every Barracuda NextGen Firewall unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.

Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.

Network Access Control

The optional Barracuda NextGen Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.

The Barracuda Network Access Client, when used with the Barracuda NextGen Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NextGen Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NextGen Firewall units acting as policy servers can be administered, monitored, and reviewed from a single Barracuda NextGen Control Center.

Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time-consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With the Barracuda NextGen Control Center, managing mulitple Barracuda NextGen Firewalls takes the same amount of time as managing one.

  • Create pre-configured templates for easy-rollout.
  • Have all information about the enterprise security deployment available in real time.
  • Create reports of either one or all Barracuda NextGen Firewalls.

Lifecycle Management

Scalable Barracuda NextGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Revision Control System, Audit, and Reporting

The integrated revision control system increases auditing ease for the infrastructure and cuts overhead.

Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements.

Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable, and easy to read.

Mobile Portal

Gain easy access to your organization’s applications via SSL VPN connections. Barracuda‘s Mobile Portal enables you to set up shortcuts on the home screen of devices such as smartphones or tablets. When accessing the portal via the web browser on a mobile device, users can browse apps, network folders and files as if they were connected to the office network.

The Mobile Portal supports most commonly used devices, e.g., Apple iOS, Android, and Blackberry devices.

Barracuda’s Mobile Portal is an optional feature included with an “NG SSL VPN and NAC” subscription.

Specifications:


Barracuda NextGen Control Center C610
Interface
Copper Ethernet NICs 2x1 GbE
USB 2.0 2
Serial / console 1 [DB9]
Memory
RAM 4 GB
Mass Storage
Type HDD
Size 2x 500 GB or better
Redundant Disk Array (RAID) RAID 5
Dimensions
Weight appliance 18 kg
Weight carton with appliance 28.5 kg
Appliance size: width x depth x height 648 x 442 x 89 mm
Carton size: width x depth x height 870 x 680 x 286 mm
Form factor 2U Full Size
Environmental
Noise emission N/A
Operating temperature 0 to +40 °C
Storage temperature -20 to +70 °C
Operating humidity 5% to 95% non-condensing
Certifications & Compliance
CE emissions Yes
CE electrical safety Yes
FCC emissions Yes
ROHS compliant Yes
Power & Efficiency
Power supply type Dual, internal
Power type [AC/DC] AC
Input rating 100 - 240 Volts
Input frequency 47 - 63 Hz
Auto sense Yes
Max. power draw 4.1 Amps.
Packaging Content
Appliance Yes
Direct power to wall outlet Yes
USB flash drive for recovery & installation Yes
Quick start guide Yes
2x Barracuda L-shape rack mount bracket Yes
Barracuda Rail kit Yes

Model Comparison:


Model Comparison Standard Edition Enterprise Edition Global Edition
Available models C400 VC400 (Virtual Appliance) C610 VC610 (Virtual Appliance) VC820 (Virtual Appliance)
Maximum managed Gateways (recommended) Not limited / 20 Not limited / 20 Not limited / 200 Not limited / hardware-dependent Not limited / hardware-dependent
Configuration Groupings 1 1 Not limited Not limited Not limited
Hardware
Form Factor 1U Full Size Depends on hardware 2U Full Size Depends on hardware Depends on hardware
Dimensions (Height x Width x Depth) 1.7 x 16.8 x 22.6 in 3.5 x 17.4 x 64.8 in
Weight 26 46
Copper Ethernet NICs 2x1 GbE 2x1 GbE
Mass Storage Type HDD HDD
Mass Storage Size 2x250 GB or better 4x500 GB or better
Power Supply Single, internal Dual, internal
Max. Power Draw 1.8 4.1
Features
Multi-Administrator Support
Role-based Administration
Revision Control System
Central Statistics
Central Syslog Host / Relay
Firewall Audit Information Collector / Viewer
NG Access Monitor
Barracuda NG Earth - -
PKI Service - -
High Availability Optional Optional Optional Optional HA license included
Multitenancy - - Yes (via configuration groupings) Yes (via configuration groupings) Yes, support for 5 tenants (each with multiple groups)
Additonal Range for multi-tenancy - - - - Optional

Technical Specs

Configuration Management
Configuration Management

  • Multitenant capabilities
  • Configuration templates
  • Object database and template repository
  • Firewall/VPN policies, application gateway parameters
  • Flat file data storage
  • Database characteristics (transaction, orientation, locking, etc.)
  • Easy configuration backup & restore
  • Speed install support via USB key
  • Configuration update monitoring
  • Full RCS versioning
  • VPN graphical tunnel interface
  • Barracuda Networks Access Client policy management
  • Multi-release management
  • Multi-platform management

Status Monitoring
Status Monitoring

  • Gateway health state
  • Launch pad functionality
  • Customizable layout
  • Barracuda NG Earth support

Trust Center
Trust Center

  • Gateway x.509 certificate CA
  • Gateway SSH key management
  • VPN server for management tunnels
  • Virtual IP addresses for gateways
  • Dynamic gateway IP address support

License Center
License Center

  • License timestamp server
  • License status display
  • Central event message list
  • Central event database
  • Event forwarding (SNMP, mail)
  • Event log

Central Session Tracking
Central Session Tracking

  • Administration Session display
  • Administration Session termination

Central Software Update
Central Software Update

  • Real-time version display
  • Kernel and OS updates
  • Barracuda NextGen Firewall updates
  • Update log viewer

VPN
Secure Remote Execution (SSHv2)

  • Job scheduling
  • Script management
  • Execution log viewer

Administration Models
Administration Models

  • Full GUI-based access
  • Strong authentication & AES encryption
  • Role-based administration
  • Configurable roles
  • Adjustable view on configuration tree
  • Configurable administrative domains
  • Multiple domains per administrator
  • Configurable access on OS level
  • Configurable access notification

Reporting & Accounting
Reporting & Accounting

  • Historical reports on gateway activity
  • Customer-based gateway activity reports
  • Policy distribution
  • Control-Center resource utilization
  • Gateway resource utilization
  • Central log host
  • Streaming/relaying to external log host

Protocol Support
Additional Functions

  • NTP4 time server for gateways
  • Integrated DNS server
  • High availability
  • SIEM syslog interface
  • Public Key Infrastructure
  • Revision Control System
  • Barracuda NG Access Monitor

Support Options

Barracuda Energize Updates
Barracuda Energize Updates

  • Standard technical support
  • Firmware updates
  • IPS signature updates
  • Application control definition updates

Instant Replacement Service
Instant Replacement Service

  • Replacement unit shipped next business day
  • 24x7 technical support
  • Hardware refresh every four years

NextGen Firewall Technology:

Secure Your Networks Perimeter

Barracuda NextGen Firewall provides several layers to protect an organization's network

Barracuda NextGen Firewall provides several layers to protect an organization's network

Intrusion Detection and Prevention
Barracuda NG Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • DoS and DDoS attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, Barracuda NextGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that Barracuda NextGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NextGen Control Center.

Malware Protection
Barracuda NG Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available.

Barracuda NG Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, pictures and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

Advanced Threat Detection
Barracuda Advanced Threat Detection (ATD) uses next-generation sandbox technology powered by full-system emulation to catch not only persistent threats and zero-day exploits, but also advanced malware designed to evade detection. Files are forwarded to a cloud-based sandbox environment, where they are executed and analyzed to identify suspicious and malicious behavior.

Barracuda ensures flexible and simple deployment with your existing network infrastructure—no additional hardware is required since resource intensive sandboxing is offloaded to the cloud. The cloud database is continuously updated by all Barracuda NextGen Firewalls with enabled ATD and, thereby, speed up the processing of already known files.

Advanced Threat Detection

The administrator has full policy control over how PDF documents, Microsoft Office Files, EXEs/MSIs/DLLs, Android APKs, compressed files and archives are emulated and delivered to the client. Based on identified malware activity, infected users can be automatically quarantined preventing the malware from spreading within the network.

Customizable, on-demand analysis reports for any emulated file provide full insight and details on malicious activities, file behavior, system-registry entries, evasion and obfuscation techniques. This also enables network activities such as establishing encrypted connections to Botnet Command and Control Centers for increased security posture to evade scaled Botnet attacks.

Advanced Threat Detection Screenshot

Web Filtering
The web filtering options for the Barracuda NextGen Firewall options enable highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.

  • Barracuda Web Filter offers online URL categorization (requires a valid Energize Updates subscription).
  • Barracuda NG Web Filter can be operated in online and offline mode (available as a separate subscription)

Controlling Application Usage

Controlling Application Usage

Block unwanted applications, control acceptable traffic, and ensure business continuity

Application Control
Barracuda NextGen Firewall provides a powerful and extremely reliable detection and classification of more than 1,400 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Barracuda NextGen Firewall combines its application control with the seamless integration of authentication schemes like Active Directory, LDAP/S, NTLM, etc. As a consequence, an administrator is always on top of what the users to on the organization's network. Barracuda NextGen Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, Barracuda NextGen Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial to QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Personalized Application Control
On top of the 1,400+ applications that are delivered out of the box and constantly updated, Barracuda NextGen Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization's specific needs.

Application-Based Provider Selection
The combination of next-generation security and adaptive WAN routing allows Barracuda NextGen Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories, and web filter categories. This keeps expensive, highly available lines free for business and missioncritical applications, while significantly reducing response times and freeing up additional bandwidth.

User Identity Awareness & ControlDeep Application Context
The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.

User Identity Awareness & Control
Barracuda NextGen Firewall supports authentication of users and enforcement of user-aware firewall rules, web filter settings, and application control by seamlessly integrating with

  • Microsoft and Citrix terminal service environments
  • Microsoft Active Directory
  • NTLM
  • RADIUS
  • RSA SecurID
  • LDAP/LDAPS
  • TACACS+
  • and more...

Application Risk and Usage ReportApplication Risk and Usage Report
The Application Usage and Risk Report is a predefined report type in the Barracuda Report Creator tool providing automated reports and risk analysis based on the network traffic that is traversing the network. It provides an overview on how effective the currently deployed technologies are in detecting and enforcing the corporate application usage policies and gives recommendations what should be taken into account when redefining these policies. For collecting the traffic required for this report, Barracuda offers two different approaches:

  • Layer2 Bridging
  • SPAN Port / Port Mirroring

In either way, collecting the traffic has no impact on the firewall performance at all. The report creation can be started manually (on-demand) or scheduled (including automated email distribution). And - of course - this report is fully customizable to comply with possible branding requirements.

Cloud Enablement & WAN Virtualization

Today's corporate networks are being transformed by the proliferation of mobile devices and the increasing adoption of SaaS offerings like Microsoft's Office 365 and moving corporate services to private or public clouds.

The net result of this is increased dispersion or fragmentation of corporate network into multiple dislocated segments and a massively increased attack surface. In this scenario a firewall solution is needed that can be deployed to multiple locations on the network with the corresponding next-generation deep inspection features to mitigate attacks. The introduction of, e.g., Office 365 all of a sudden creates a need for direct internet break outs at multiple branch office locations. Thus multiple enforcement points need to be created. Business critical internal traffic running across the WAN links must be protected against outages as well as quality of service impairments due to aggressive but less important network activities on the same physical infrastructure.

Multiple Barracuda NextGen Firewalls deployed to multiple physical and cloud locations allow an organization to span a highly performant and secure logical application delivery network (ADN) on top of the physical and virtualized infrastructure components. In conjunction with our leading central management concepts both the initial implementation and subsequent life cycle management tasks around the AND can be accomplished a surprisingly low total cost.

The key feature here is that full next-gen deep inspection can be combined with smart policy based adaptive traffic management. Policy based means that applicable QoS settings (bandwidth guarantees, priorities), network path selection, e.g., MPLS vs VPN, and/or privacy requirements can be based on the application or the person/groups causing the traffic. Adaptive means that failover policies can be defined that make sure that in case of unavailability of a particular path available alternative paths can be utilized. This feature allows for improved fault tolerance against outages as well for cost optimization strategies where multiple carriers/ISPs are combined to get the required bandwidth at an optimum price point.

Public cloud offerings like Amazon EC2 and Microsoft Azure are a new and increasingly attractive way to lower cost around IT operations. The business lines profit from a faster-timeto- market, good compute elasticity and an easy option to achieve global service availability quickly. There are challenges too. Replication typical on-premises DC concepts in these environments is impossible without a cloud compatible firewall product.

The Barracuda NextGen Firewall is ideal for securing and compartmentalizing these public cloud environments – connecting on-premises networks to the cloud and connecting logically separated components within the cloud data centers.

Application-Based Provider Selection
But before an organization can benefit of the cloud, it is mandatory to get to the cloud!

As mentioned earlier, Barracuda NextGen Firewall includes information on application, application categories, as well as web filter categories into its link selection policy. Such link policies can force for instance business critical traffic to use T1 lines whereas uncritical bulk traffic is routed via less expensive lines.

Traffic Shaping and Quality of Service
Limited network resources make bandwidth prioritization a necessity. Barracuda NextGen Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. Barracuda NextGen Firewall provides a large set of QoS techniques, such as traffic shaping, on-the-fly traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.

Failover and Link Balancing
To ensure the best and most cost-efficient connectivity, Barracuda NextGen Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes businesscritical applications, networks, or distinct endpoints.

Dynamic Mesh VPN
Simply by defining which deployments may create dynamic site-to-site VPN connections and, thereby, ensure business and communication continuity via low latency VPN connections.

WAN Optimization
Barracuda NextGen Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of businesscritical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of Barracuda NextGen Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprisegrade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, Barracuda NextGen Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications - at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.

Supported Virtualization and Public Cloud Offerings

Supported Virtualization and Public Cloud Offerings

Secure Remote Access & Access Control

Barracuda NextGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without time-consuming client configuration and management. The communication protocols used with our VPN clients are optimized to be fully roaming-capable by quickly reconnecting upon loss of communication. Smart pathfinder technology determines the nearest point of entry to the corporate network. Advanced NAT traversal technology can use different ports encapsulated in either TCP or UDP and, thus, is able to pass through web proxies.

Secure Remote Access & Access Control

BYOD (Bring Your Own Device)
The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. Barracuda NextGen Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Barracuda's Mobile Portal enables you to set up shortcuts on the home-screen of devices such as smartphones or tablets. When accessing the portal via the web browser on a mobile device, users can browse apps, network folders and files as if they were connected to the office network. The Mobile Portal supports most of commonly used devices, e.g., Apple iOS, Android, and Blackberry devices and is part of the "NG SSL VPN and NAC" subscription.

Dedicated VPN Clients
Every Barracuda NextGen Firewall unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.

Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.

Barracuda VPN Client for Mac OS
Barracuda VPN Client for Mac OS

Barracuda VPN Client for Windows 7
Barracuda VPN Client for Windows 7

Windows and MAC OS

Network Access Control
The optional Barracuda NextGen Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.

The Barracuda Network Access Client, when used with a Barracuda NG Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NG Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NextGen Firewall units acting as policy servers can be administered, monitored, and reviewed via the Barracuda NextGen Control Center.

TINA - Barracuda's VPN Protocol
Due to the limitations that come with standard IPsec connections Barracuda Networks created several powerful extensions to standard IPsec tunnel management. This core of the Barracuda NG VPN engine is called TINA (Transport Independent Network Architecture).

The TINA protocol allows to use TCP, UDP, ESP, and IPsec protocols for high speed VPN connections which improves the VPN connectivity substantially by adding:

  • Endpoint-to-Endpoint (not network-to-network) connectivity
  • NAT friendliness
  • Multiple physical transport paths for a logical tunnel
  • Multiple tunnels in between two locations
  • HTTPS and SOCKS4/5 proxy compatibility
  • Dynamic Address Support
  • Tunnel heartbeat monitoring

Central Management across the Enterprise

To centralize management across many different firewalls and remote access users, the Barracuda NextGen Control Center enables administrators to manage and configure security, content, traffic management, and network access policies from a single interface. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NextGen Control Center helps significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateway. Software patches and version upgrades are centrally controlled from within the management console and deployment can be applied to all managed devices.

Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

Barracuda NextGen Control Center's Status Map displays a drill down status overview of all centrally managed Barracuda NextGen Firewall units.
Barracuda NextGen Control Center's Status Map displays a drill down status overview of all centrally managed Barracuda NextGen Firewall units.

Scalable Deployment


Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With Barracuda NextGen Control Center, managing mulitple Barracuda NextGen Firewalls takes the same amount of time as managing one.

  • Create pre-configured templates for easy-rollout.
  • Have all information about the enterprise security deployment available in real time.
  • Create reports of either one or all Barracuda NextGen Firewalls.

Lifecycle Management
Scalable Barracuda NextGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Public Cloud:

Growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures cannot reach; specifically, data centers not owned by your corporate IT group. Barracuda NextGen Firewall provides centralized management and highly secure, encrypted traffic to, from, and within public cloud deployments.

Integrated Next-Generation Security
Barracuda NextGen Firewall is designed and built from the ground up to provide comprehensive, next-generation firewall capabilities. Based on application visibility, user-identity awareness, intrusion prevention, and centralized management, Barracuda NextGen Firewall is the ideal solution for today's dynamic enterprises that are adding public cloud deployments into their company network.

Central Management
Users of a Barracuda NextGen Firewall benefit from the same singlepane-of-glass central management that is used in on-premises deployments. It enables users to manage the secure VPN connections, to, from, and within public cloud deployments, and the Barracuda NextGen Firewall itself.

Microsoft Azure Small (A1) Medium (A2) Large (A3) Extra Large (A4)
Capacity Level 2 Level 4 Level 6 Level 8
Firewall Throughput 400 Mbps 2 Gbps 5 Gbps 9 Gbps
VPN Throughput 120 Mbps 500 Mbps 1 Gbps 1.5 Gbps
IPS Throughput 80 Mbps 900 Mbps 2.5 Gbps 3 Gbps
Concurrent Sessions 35,000 300,000 500,000 1,000,000
New Session/s 2,500 16,000 35,000 45,000
Features
Malware Protection Optional Optional Optional Optional
Advanced Threat Detection Optional Optional Optional Optional
Premium Support     Optional Optional

 

Amazon Web Services M1.Small C1.Medium M1.XLarge C1.XLarge
Capacity Level 2 Level 4 Level 6 Level 8
Virtual Cores 1 2 4 8
Max Number of Interfaces 2 2 4 4
Firewall Throughput 400 Mbps 2 Gbps 5 Gbps 9 Gbps
VPN Throughput 120 Mbps 500 Mbps 1 Gbps 1.5 Gbps
IPS Throughput 80 Mbps 900 Mbps 2.5 Gbps 3 Gbps
Concurrent Sessions 35,000 300,000 500,000 1,000,000
New Session/s 2,500 16,000 35,000 45,000
Features
Malware Protection Optional Optional Optional Optional
Advanced Threat Detection Optional Optional Optional Optional
Premium Support     Optional Optional

Barracuda NextGen Firewall FAQ:

What is a Next Generation Firewall?

Next generation firewalls are the successors of traditional firewall and unified threat management (UTM) devices. Traditional firewalls generally perform packet forwarding and blocking functions and often incorporate packet inspection techniques. UTM devices usually add content security functions but typically fail to tightly integrate those functions tightly with network management, network access and WAN connectivity capabilities of enterprise-class firewalls.

To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application profiling and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).

Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda NextGen Firewall is the most advanced next generation firewall on the market today.

Why do I need a Next Generation Firewall?

Absent application awareness, existing Firewall and UTM solutions will generally prove ineffective at dealing with a growing category of current and emerging threats. Even when best-of-breed point solutions can be utilized to provide protection along all threat vectors, such as email, Web, remote access, and IM, operational costs can typically be reduced through consolidation.

Beyond threat protection, application-awareness can dramatically improve traffic prioritization and routing decisions over site-to-site connections, resulting in cost reductions of MPLS, leased line, bandwidth, or 3G data charges associated with maintaining reliable WANs.

Through the Barracuda NextGen Control Center, the Barracuda NextGen Firewall delivers next generation firewall features with industry-leading centralized management, capable of scaling to thousands of firewalls with very little administrative overhead.

What are the major capabilities of the Barracuda NextGen Firewall?

The Barracuda NextGen Firewall is a next generation firewall and VPN that provides:

  • Integrated content security and network access control
  • Optimization of intelligent traffic flow across the WAN
  • Industry-leading centralized management capabilities

Integrated content security and network access control:

Barracuda NextGen Firewall integrates a comprehensive set of next generation firewall technologies, including Web filtering, malware protection, intrusion prevention, anti-spam protection and Layer 7 application profiling.

Barracuda NextGen Firewalls include licenses for an unlimited number of IPSec site-to-site connections and IPSec clients through the Barracuda NG VPN Client. The Barracuda NextGen Firewall SSL VPN and NAC option adds a customizable and easy-to-use Web portal-based SSL VPN as well as sophisticated network access control (NAC) functionality. NAC allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of anti-virus and/or anti-spyware and user ID. The Barracuda NG Network Access Client also adds support for 802.1x port based security for 802.1x enabled routers and switches.

Optimization of intelligent traffic flow across the WAN:

The Barracuda NextGen Firewall provides application-aware traffic management and prioritization across the WAN, featuring adaptive routing based on network traffic conditions and link status. In addition, through Barracuda NextGen Control Center, administrators can efficiently monitor VPN tunnels and firewall status.

Industry Leading Centralized Management Capabilities:

To centralize management across many different firewalls and remote access users, the Barracuda NextGen Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NextGen Control Center supports multiple administrators simultaneously - even within the same configuration tree. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

What are the differences in levels between the Barracuda NextGen Control Center editions?

The Barracuda NextGen Control Center is offered at three levels - Standard Edition, Enterprise Edition and Global Edition. All Barracuda NextGen Control Center levels enable administration of an unlimited number of Barracuda NextGen Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or “range.” The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each “range.”

What application proxies are included?

The Barracuda Networks NextGen Firewalls include application layer proxies for HTTP, HTTPS (optional), FTP, SSH as well as a generic TCP and SOCKS proxy.

What is Layer 7 application profiling?

Application identification techniques in traditional firewalls typically rely on layer 3 (destination IP address) or layer 4 (TCP port / protocol) definitions.

Next generation firewalls utilizing Layer 7 application profiling can identify and enforce policy on more sophisticated applications which may hide their traffic inside otherwise “safe” port/protocols such as HTTP. Skype and peer-to-peer (P2P) applications are particularly notorious for requiring Layer 7 application profiling for policy enforcement.

The Barracuda NextGen Firewall integrates Layer 7 application profiling into its core firewall functions, enabling enforcement of policy based on user ID, security policy, location, and time of day. Policy actions can include blocking, allowing, throttling, or even enabling or disabling of specific application features.

What user authentication methods are supported?

The Barracuda NextGen Firewall can authenticate users and enforce user-aware policy using Active Directory, NTLM, MC CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, and x.509 certificates.

Does the Barracuda NextGen Firewall help my organization troubleshoot network problems?

All Barracuda NextGen Control Center and Barracuda NextGen Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.

What if I am not looking to replace my entire firewall infrastructure?

In addition to the Barracuda NextGen Firewall, Barracuda Networks offers a set of best-of-breed point solutions to address your needs if you are not looking yet to replace your entire firewall infrastructure. Relevant point solutions include:

  • Email security: Barracuda Spam & Virus Firewall
  • Web filtering: Barracuda Web Filter or Barracuda Purewire Web Security Service
  • Layer 7 application profiling: Barracuda Web Filter
  • SSL VPN: Barracuda SSL VPN
  • Site-to-site IPSec VPN: Barracuda Link Balancer
  • Link load balancing: Barracuda Link Balancer
What appliance models are recommended for my organization?

The Barracuda NextGen Firewall is a family of hardware and virtual appliances designed to service next generation firewall capabilities to all office locations of enterprise networks. This includes very small remote locations, home offices, branch offices, headquarters and data centers. Typically, Barracuda NextGen Firewall models are sized based on firewall throughput, VPN throughput, concurrent connections, and the features selected. For more information, please contact your Barracuda Networks systems engineer.

Does the Barracuda NextGen Firewall involve per user fees for VPN client or SSL VPN client usage?

No. The Barracuda NextGen Firewall models include a license to an unlimited number of Barracuda NG VPN clients. With the purchase of the Barracuda SSL VPN and NAC option, there is no licensed limit to the number of Barracuda NG Network Access clients or Barracuda NG SSL VPN users.

What is the pricing?

The Barracuda NextGen Firewall comes in seven base hardware configurations, ranging from very small office to data center locations. Entry level pricing for the Barracuda NextGen Firewall F10 starts at $599.

What is included in the Energize Updates subscription for the Barracuda NextGen Firewall?

Energize Updates from Barracuda Central deliver updates on the extensive library of definitions for intrusion prevention and Layer 7 application profiling. In addition, Energize Updates subscriptions also provide access to Basic Support, Firmware Maintenance and optional participation in the Barracuda Early Release Firmware program.

Is there a warranty?

There is a one year warranty against manufacturing defects in the USA and Canada.

When will the Barracuda NextGen Firewall be available?

The Barracuda NextGen Firewall is available immediately for sale in North America with the ability to ship to remote customer locations across the world. Please contact your Barracuda Networks sales representative for more information.

What if I have more questions about the Barracuda NextGen Firewall?

For additional assistance or for a product demonstration of the Barracuda NextGen Firewall, please contact us

Pricing Notes:

Energize Updates and Instant Replacement Subscriptions need to be maintained for every Barracuda Product. All subscriptions are continuous and must start from the date of activation. Renewals purchases are continuous and start from the date of expiration of your current subscriptions. No exceptions.

Barracuda NextGen Control Center C610 - Enterprise Edition
Barracuda NextGen Control Center C610 - Enterprise Edition
Note: The purchase of Phone Installation or Onsite Installation and at least 1 Year of Energize Updates is required
#BNCC610a
Contact us for pricing!
Barracuda Product Phone Installation Appointment
#BT001
Contact us for pricing!
Barracuda Onsite Installation
#BT002
Contact us for pricing!
Barracuda Networks Energize Updates for C610
1 Year Energize Updates
#BNCC610a-E1
Contact us for pricing!
3 Year Energize Updates
#BNCC610a-E3
Contact us for pricing!
5 Year Energize Updates
#BNCC610a-E5
Contact us for pricing!
Barracuda Networks Instant Replacement for C610
1 Year Instant Firewall Replacement
#BNCC610a-H1
Contact us for pricing!
3 Year Instant Firewall Replacement
#BNCC610a-H3
Contact us for pricing!
5 Year Instant Firewall Replacement
#BNCC610a-H5
Contact us for pricing!
Barracuda Networks Premium Support for C610
1 Year Premium Support
Premium support on the 3X0 and 4X0 is available for customers who have purchased premium support on model 6X0/8X0/9X0s
#BNCC610a-P1
Contact us for pricing!
3 Year Premium Support
Premium support on the 3X0 and 4X0 is available for customers who have purchased premium support on model 6X0/8X0/9X0s
#BNCC610a-P3
Contact us for pricing!
5 Year Premium Support
Premium support on the 3X0 and 4X0 is available for customers who have purchased premium support on model 6X0/8X0/9X0s
#BNCC610a-P5
Contact us for pricing!