Call a Specialist Today! 800-878-6893

Barracuda NextGen Firewall F900
Next-Generation Firewalls for Distributed Enterprises with Advanced Threat Detection


Barracuda NextGen Firewall F900

Barracuda Networks NextGen Firewall Series
Barracuda NextGen Firewall F900
Barracuda NextGen Firewall F900 Standard Model (Modular)
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a
Contact us for pricing!
Barracuda NextGen Firewall F900 Model CCC with 24x1 GbE Copper Network Ports
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a.CCC
Contact us for pricing!
Barracuda NextGen Firewall F900 Model CCE with 16x1 GbE Copper + 4x1 GbE SFP (Fibre) Network Ports
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a.CCE
Contact us for pricing!
Barracuda NextGen Firewall F900 Model CFE with 8x1 GbE + 8x1 GbE SFP (Fibre) + 4x10 GbE SFP+ (Fibre) Network Ports
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a.CFE
Contact us for pricing!
Barracuda Hardware Refresh Program - Learn More
Refresh - Barracuda NextGen Firewall F900
Note: Customers need to return their old hardware within 30 days
#HWWF900a
Contact us for pricing!

Click here to jump to more pricing!

Click here for a Barracuda LIVE DEMO!Barracuda Networks NextGen Firewall F900 Overview:

Barracuda NextGen Firewall F-Series is a family of hardware and virtual appliances designed to protect network infrastructure, improve site-to-site connectivity and simplify administration of network operations. Beyond its powerful network firewall and VPN technologies, Barracuda NextGen Firewall integrates a comprehensive set of next-generation firewall technologies, including identityaware Application Control, intrusion prevention, web filtering, antivirus, anti-spam, and Network Access Control. On top of these next-generation capabilities Barracuda NextGen Firewall F-Series provides sophisticated next-generation Advanced Persistent Threat Protection with the Barracuda Advanced Threat Detection.

Barracuda NextGen Firewall F-Series features intelligent site-to-site traffic management capabilities that optimize both availability and performance of the Wide Area Network (WAN). Administrators can control application-level routing and prioritization of traffic across multiple links, tunnels, and traffic conditions.

Leading next-generation firewall capabilities, industry-leading centralized management, highly resilient VPN technology combined with intelligent traffic management capabilities, allow customers to save line costs and increase overall network availability.

Central Management Across the Enterprise

With hardware models ranging from the micro branch office up to the large headquarters and datacenters, and a corresponding offering of virtual appliances, the Barracuda NextGen Firewall F-Series is designed for deployment across the entire enterprise. Through the Barracuda NG Control Center, administrators can manage security, content and traffic management policies from a single interface. Centralized management of security and content policy provides a number of benefits, including:

  • Consistent security posture and policy enforcement across the enterprise
  • Real-time accounting and reporting across multiple gateways
  • Comprehensive history and rollback of configuration and policy changes across the network
  • Centralized version control of anti-spam, anti-virus, Web filter and network access control updates

Improving Performance, Availability, and Security of Distributed Networks

Designed for modern networks, our F-Series firewalls are purpose-built to help your organization adopt cloud-based business applications and improve user productivity across highly-distributed networks. In addition to securing the network, they optimize network traffic and ensure users have access to the resources they need across on-premises, private, and public cloud environments.

In addition to next-generation firewall protection, the F-Series Firewall provides industry-leading operational efficiency and added business value by safeguarding network traffic against line outages and link quality degradation

The Barracuda F-Series Firewall delivers scalable, efficient configuration and lifecycle management across dispersed networks, and performance to business-critical applications. Industry-leading centralized management significantly lowers overall operational cost for multi-site deployments.

Scalable Security for the Enterprise

Enterprise networks grow larger and more complex every day - and more critical to key business operations. The Barracuda NextGen Firewall is an essential tool to optimize the performance, security, and availability of today's dispersed enterprise WANs.

The Barracuda Advantage

  • Effective WAN Management
    • Application-based traffic prioritization across the WAN
    • Intelligent uplink balancing
    • Intelligent traffic reprioritization on uplink loss
  • Enterprise Readiness
    • Industry-leading centralized management
    • WAN optimization
    • Global WAN monitoring with Barracuda NG Earth
  • Scalable Security
    • Cloud Enablement and secure WAN Virtualization
    • Drag-and-drop VPN graphical tunnel interface

Product Spotlight

  • Powerful next-generation network firewall
  • Advanced Threat Detection
  • Built-in web security and IDS/IPS
  • Dynamic mesh site-to-site VPN
  • Client-to-Site VPN via browser (SSL VPN), mobile apps and desktop VPN clients
  • Full application visibility and granular control
  • Intelligent traffic regulation including application-based provider selection
  • Tightly integrated Quality of Service (QoS) and link balancing
  • Centralized management of all functionality
  • Template-based and role-based configuration

Integrated Next-Generation Security

Integrated Next-Generation Security

The Barracuda NextGen Firewall F-Series is designed and built from the ground up to provide comprehensive, next-generation firewall capabilities. Cloud-hosted content filtering and reporting offload computeintensive tasks to the cloud for greater resource efficiency and throughput. Based on application visibility, user-identity awareness, intrusion prevention, and centralized management, the Barracuda NextGen Firewall is the ideal solution for today's dynamic enterprises.

Regaining Control of User Activity

Regaining Control of User Activity

The Barracuda NextGen Firewall F-Series restores control to networks made opaque and unmanageable by mobile devices at work, Web 2.0 applications, increasing dispersion, and the growing integration and dependence on cloud-based resources. It extends security coverage beyond network boundaries, and makes it easy to monitor and regulate everything the network and its users are doing.

True Enterprise Readiness

True Enterprise Readiness

The Barracuda NextGen Firewall F-Series meets the enterprise requirements for massive scalability and efficient management across distributed networks. Integrated WAN optimization and dedicated centralized management appliances enable organizations to increase system availability while keeping administrative time and operation costs low.

The Barracuda NextGen Firewall dashboard provides real-time information and summaries of what is going on in an organization's network.
The Barracuda NextGen Firewall dashboard provides real-time information and summaries of what is going on in an organization's network.

Benefits:

Enable Intelligent Network Perimeters

Security, WAN optimization, and application control features are available in all models to fit any network environment from small remote sites to large headquarters. Provide business quality-of-service to cloud applications like Office 365 by dynamic prioritization over non-critical web traffic. Guarantee users' access to critical applications through granular policy controls. Dynamically balance traffic across multiple Internet connections to minimize downtime and improve performance.

Key Features: Application-Based Link Selection, Application Control 2.0, Deep Application Context, Personalized Application Control, User Identity Awareness, Reporting

Secure Your Network's Perimeter

Secure your organization's data against hackers, malware, DoS attacks, and botnets with Advanced Threat Detection. Traditionally, these threats would routinely bypass signature-based IPS and antivirus engines. Advanced Threat Detection stops threats in their tracks. You gain granular control backed by real-time, zero-hour threat intelligence, all from one single pane of glass that is easy to use and manage for the most advanced, up-to-the-minute security.

Key Features: Application-based Provider Selection , Traffic Shaping and Quality of Service , Failover and Link Balancing , Application Control 2.0


Secure Against Advanced Threats

Secure a constantly evolving threat landscape as your organization faces zero-hour malware exploits and advanced persistent threats that routinely bypass traditional signature-based IPS and antivirus engines.

Barracuda's Advanced Threat Detection enables businesses like yours to go beyond securing and protecting their assets from intrusion and data loss.

Key Features: Advanced Threat Detection


Optimized Site-to-Site Connectivity

Securely connect networks between multiple sites. Transparently span across up to 24 physical uplinks with VPN tunnels that are highly redundant against link loss. Built-in traffic compression and WAN optimization effectively increase available bandwidth. Automatically create and tear down VPN tunnels between spokes in a hub-and-spoke architecture to enhance connection quality for latency-sensitive traffic.

Key Features: TINA VPN , Site-to-Site Connectivity

Ready for Virtual Environments and Hybrid Cloud Deployments

Provides secure, fast connectivity across hybrid on-premises and cloud network components. Easily deploy as a virtual appliance for virtualized private networks in VMware, XenServer, KVM, and Hyper-V. Provide network segmentation and security on public cloud platforms such as Amazon Web Services and Microsoft Azure; available both as Pay-As-You-Go and Bring-Your-Own-License. Traffic flows can be optimized within dynamically created VPN tunnels between on-premises and cloud components to remove any performance bottlenecks.

Key Features: Microsoft Azure , Amazon EC2 , Site-to-Site Connectivity


Provide Secure Remote Access

Enable a mobile workforce through advanced client-to-site VPN capabilities, to ensure secure remote access to network resources without time-consuming client configuration and management.

Available remote access options range from clientless SSL VPN via a remote access app for iOS and Android to dedicated VPN clients for Mac OS, Linux, and Windows operating systems.

Network Access Control clients featuring a centrally manageable private firewall are also available for Windows devices.

Key Features: BYOD (Bring Your Own Device) , Secure Remote Access , Network Access Control , Mobile Portal , TINA VPN , CudaLaunch

Features:


Advanced Threat Detection

While traditional solutions usually detect network threats after they have breached the network, by sending log notifications to the administrator, the Barracuda Advanced Threat Detection (ATD) implements full system emulation, which provides deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.

The Barracuda ATD offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization's network.

The Barracuda Advanced Threat Detection is an optional subscription.

Application Control 2.0

The Barracuda NextGen Firewall provides a powerful and extremely reliable detection and classification of more than 1,200 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:

  • Block unwanted applications for certain users or groups
  • Control and throttle acceptable traffic
  • Preserve bandwidth and speed-up business-critical applications to ensure business continuity
  • Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube Postings, or MSN file transfers)
  • Intercept SSL-encrypted application traffic

The Barracuda NextGen Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, the Barracuda NextGen Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial for QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Deep Application Context

The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.

Personalized Application Control

On top of the 1,400+ applications that are delivered out of the box and constantly updated, the Barracuda NextGen Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization's specific needs.

User Identity Awareness

Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to. Barracuda NextGen Firewalls are fully user-identity aware by linking a user to one or several IP addresses. Any role assignments that result from identity and device posture checks communicated to the firewall by our health agents can be used within the firewall to facilitate role-based access control (RBAC). Barracuda NextGen Firewalls support authentication of users and enforcement of user-aware firewall rules, web filter settings, and Application Control 2.0 using Active Directory, NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.

Reporting

The Barracuda NG Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda NextGen Firewall units and to create easy-to-read reports in pdf format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email. Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.

For auditing reasons IP addresses can be anonymized.

Intrusion Detection and Prevention

The Barracuda NextGen Firewall Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda NextGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NextGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NG Control Center.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection

In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda NextGen Firewall effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network. Additionally, the Barracuda NextGen Firewall allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda NextGen Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.

Web Filtering

The Barracuda Web Filter enables highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.

Malware Protection

Barracuda Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

Application-Based Link Selection

The combination of next-generation security and adaptive WAN routing allows the Barracuda NextGen Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

Traffic Shaping and Quality of Service

Limited network resources make bandwidth prioritization a necessity. The Barracuda NextGen Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. The Barracuda NextGen Firewall provides a large set of QoS techniques, such as traffic shaping, traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.

Failover and Link Balancing

To ensure the best and most cost-efficient connectivity, the Barracuda NextGen Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.

WAN Optimization

The Barracuda NextGen Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of business-critical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of the Barracuda NextGen Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprise-grade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, the Barracuda NextGen Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications - at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.

Microsoft Azure

Besides VMware, KVM, and XenServer, the Barracuda NextGen Firewall is fully compatible for use in Windows Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer.

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances to help organizations. 

Barracuda NextGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring, and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualized environments.

Amazon EC2

Besides VMware, KVM, and XenServer, the Barracuda NextGen Firewall is fully compatible for use in Amazon Elastic Compute Cloud (EC2).

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances.

Barracuda NextGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda Networks virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualization environments.

BYOD (Bring Your Own Device)

The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The Barracuda NextGen Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Secure Remote Access

The Barracuda NextGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every Barracuda NextGen Firewall unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.

Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.

Network Access Control

The optional Barracuda NextGen Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.

The Barracuda Network Access Client, when used with the Barracuda NextGen Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NextGen Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NextGen Firewall units acting as policy servers can be administered, monitored, and reviewed from a single Barracuda NG Control Center.

Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time-consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With the Barracuda NG Control Center, managing mulitple Barracuda NextGen Firewalls takes the same amount of time as managing one.

  • Create pre-configured templates for easy-rollout.
  • Have all information about the enterprise security deployment available in real time.
  • Create reports of either one or all Barracuda NextGen Firewalls.

Lifecycle Management

Scalable Barracuda NextGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Revision Control System, Audit, and Reporting

The integrated revision control system increases auditing ease for the infrastructure and cuts overhead.

Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements.

Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable, and easy to read.

Mobile Portal

Gain easy access to your organization’s applications via SSL VPN connections. Barracuda‘s Mobile Portal enables you to set up shortcuts on the home screen of devices such as smartphones or tablets. When accessing the portal via the web browser on a mobile device, users can browse apps, network folders and files as if they were connected to the office network.

The Mobile Portal supports most commonly used devices, e.g., Apple iOS, Android, and Blackberry devices.

Barracuda’s Mobile Portal is an optional feature included with an “SSL VPN and NAC” subscription.

Specifications:


Barracuda NextGen Firewall F900
Interface1
Model CCC 24x1 GbE Copper
Model CCE 16x1 GbE Copper
4x10 GbE SFP
Model CFE 8x1 GbE Copper
8x1 GbE SFP
4x10 GbE SFP+
USB 2.0 2
Serial / console 1 [RJ45]
Performance2
Firewall throughput 3 22.2 Gbps
VPN throughput [AES-128, NOHASH] 7.8 Gbps
VPN throughput [AES-128, MD5] 6.6 Gbps
VPN throughput [AES-128, SHA] 6.4 Gbps
VPN throughput [AES-256, MD5] 5.6 Gbps
IPS throughput 3 7.1 Gbps
Concurrent sessions 2,800,000
New sessions/s 4 160,000
Memory
RAM 12 GB
Mass Storage
Type Solid State
Size 80 (system) + 300 (logs, cache)
SSD MTBF 1,200,000 hours
Dimensions
Weight appliance 39.7 lbs
Weight carton with appliance 48.5 lbs
Appliance size: width x depth x height 17.4 x 26.0 x 3.5 inch
Carton size: width x depth x height 23.2 x 34.3 x 11.4 inch
Form factor 2U Rackmount
Hardware
Display Yes
Hardware crypto accelerator Yes
Cooling Fans
Power supply Dual hot swap, internal
Environmental
Noise emission N/A
Operating temperature 30 to 105 °F
Storage temperature -5 to +140 °F
Operating humidity 5% to 95% non-condensing
MTBF [System]
MTBF > 4 years
Certifications & Compliance
CE emissions Yes
CE electrical safety Yes
FCC emissions Yes
ROHS compliant Yes
Power & Efficiency
Power supply type Internal, dual hot swap
Power type [AC/DC] AC
Input rating 100 - 240 Volts
Input frequency 50 - 60 Hz
Auto sense Yes
Wattage / max. power draw 500 W
Max. power draw 5 Amps.
Max. heat dissipation [W] 300 W
Max. heat dissipation [BTU] 1024 BTU
Energy efficiency [average] > 80%
Packaging Content
Appliance Yes
Serial cable Yes
Straight network cable Yes
Cross network cable Yes
Direct power to wall outlet Yes
USB flash drive for recovery & installation Yes
Quick start guide Yes
2x Barracuda L-shape rackmount bracket Yes
Barracuda rail kit Yes

1 Please consult section "Supported Barracuda Network Module Combinations"
2 Measured with 10GbE fibre ports
3 Measured with large packets (MTU1500)
4 Measured with TCP

Model Comparison:

With hardware models available for small branch offices as well as large headquarters and data centers, and a corresponding offering of virtual appliances, the Barracuda NextGen Firewall F-Series is designed for deployment across the entire enterprise.

Model: F10 F18 F80 F180 F280 F380
Capacity
Firewall throughput1 300 Mbps 1.0 Gbps 1.35 Gbps 1.65 Gbps 3.0 Gbps 3.8 Gbps
VPN throughput2 85 Mbps 190 Mbps 240 Mbps 300 Mbps 1.0 Gbps 1.2 Gbps
IPS throughput1 60 Mbps 400 Mbps 500 Mbps 600 Mbps 1.0 Gbps 1.7 Gbps
Concurrent sessions 2,000 80,000 80,000 100,000 250,000 400,000
New Session/sec 1,000 8,000 8,000 9,000 10,000 15,000
Hardware
Form factor Desktop mini Desktop Desktop Desktop Desktop 1U Rackmount
Dimensions (in) 9.5 x 6.5 x 1.9 10.8 x 6.4 x 1.7 10.8 x 6.4 x 1.7 14.9 x 6.4 x 1.7 14.9 x 6.4 x 1.7 16.9 x 13.0 x 1.7
Weight (lbs) 2.6 3.1 3.1 4.9 5.1 14.3
1 GbE Copper Ethernet NICs 4x1GbE 4x1GbE 4x1GbE 6x1GbE 6x1GbE 8x1 GbE
1 GbE Fiber NICs (SFP) - - - - - -
10 GbE Fiber NICs (SFP+) - - - - - -
Wi-Fi Access Point - - -
Max Power Draw (W) 40 45 45 45 60 60
Power Supply Single, External Single, External Single, External Single, Internal Single, Internal Single, Internal
Features
Firewall
Application Control4
IPS3
Dynamic Routing
VPN
SSL Interception  
WAN Optimization  
Mail Security  
Web Filter  
NextGen Web Filter   Optional Optional Optional Optional Optional
Malware Protection   Optional Optional Optional Optional Optional
Advanced Threat Detection4   Optional Optional Optional Optional Optional
Basic Remote Access     Optional Optional Optional Optional
Premium Remote Access8     Optional Optional Optional Optional
Model: F400 F600 F800 F900 F1000  
Capacity
Firewall throughput1 5.5 Gbps 16.3 Gbps5 19.6 Gbps5 22.2 Gbps5 40 Gbps5  
VPN throughput2 1.2 Gbps 2.3 Gbps5 7.3 Gbps5 7.8 Gbps5 10 Gbps5  
IPS throughput1 2.0 Gbps 5.0 Gbps5 6.5 Gbps5 7.1 Gbps5 13 Gbps5  
Concurrent sessions 500,000 2,100,0005 2,500,0005 4,000,0005 10,000,0005  
New Session/sec 20,000 115,0005 150,0005 160,0005 250,0005  
Hardware
Form factor 1U Rackmount 1U Rackmount 1U Rackmount 2U Rackmount 2U Rackmount  
Dimensions (in) 16.8 x 17.7 x 1.7 16.8 x 17.7 x 1.7 17.4 x 20.4 x 1.7 17.4 x 26.0 x 3.5 16.9 x 24.6 x 3.5  
Weight (lbs) 18.8 18.8 28.6 39.6 44.1  
1 GbE Copper Ethernet NICs 8x1 GbE (STD , F20 sub-model)
12x1 GbE
(C10, C20 sub-models)
or
8x1 GbE
(F10, F20, E20 sub-models)
20x1 GbE
(CCC sub-model)
or
12x1 GbE
(CCF, CCE sub-models)
24x1 (CCC sub-model)
or
16x1 GbE
(CCE sub-model)
or
8x1 GbE
(CFE sub-model)
16x1 GbE
(CE0, CFE sub-models)
or
32x1 GbE
(CE2 sub-model)
 
1 GbE Fiber NICs (SFP) 4x1 GbE
(F20 sub-model)
4x1 GbE
(F10, F20 sub-models)
4x1 GbE
(CCF sub-model)
8x1 GbE
(CFE sub-model)
16x1 GbE
(CFE sub-model)
 
10 GbE Fiber NICs (SFP+) - 2x10 GbE
(E20 sub-model)
4x10 GbE
(CCE sub-model)
4x10 GbE
(CCE, CFE sub-models)
4x10 GbE
(CE0 sub-model)
or
8x10 GbE
(CE2, CFE sub-models)
 
Wi-Fi Access Point - - - - -  
Max Power Draw (W) 250 300 400 500 810  
Power Supply Single, Internal (STD);
or
Dual, Internal (F20 sub-model)
Single, Internal
(C10, F10 sub-models)
or
Dual, Internal
(C20, F20, E20 sub-models)
Dual, Internal Dual, Internal Dual, Internal  
Features
Firewall  
Application Control4  
IPS3  
Dynamic Routing  
VPN  
SSL Interception    
WAN Optimization  
Mail Security  
Web Filter  
NextGen Web Filter Optional Optional Optional Optional Optional  
Malware Protection Optional Optional Optional Optional Optional  
Advanced Threat Detection4 Optional Optional Optional Optional Optional  
Basic Remote Access Optional Optional Optional Optional Optional  
Premium Remote Access8 Optional Optional Optional Optional Optional  

1 Measured with large packets (MTU1500)
2 VPN throughput using AES128 NOHASH
3 Requires Energize Updates subscription
4 Requires Malware Protection subscription
5 Measured with 10GbE fiber ports
6 Internal dual hot swap power supply
7 Internal dual hot swap power supply optional
8 Requires Basic Remote Access subscription

Technical Specs

 

Support Options

Firewall
Firewall

  • Stateful packet inspection and forwarding
  • Full user-identity awareness
  • Intrusion Detection and Prevention System (IDS/IPS)
  • Application control and granular application enforcement
  • Interception and decryption of SSL/ TLS encrypted applications
  • Antivirus and web filtering in single pass mode
  • SafeSearch enforcement
  • YouTube for Schools support
  • Denial of Service protection (DoS/DDoS)
  • Spoofing and flooding protection
  • ARP spoofing and trashing protection
  • DNS reputation filtering
  • TCP stream reassembly
  • Transparent proxying (TCP)
  • NAT (SNAT, DNAT), PAT
  • Dynamic rules / timer triggers
  • Single object-oriented rule set for routing, bridging, and routed bridging
  • Virtual rule test environment

User Identity Awareness
User Identity Awareness

  • Terminal Server Agent
  • Domain Controller Agent
  • Authentication – supports x.509, NTLM, RADIUS, RSA SecurID, LDAP/LDAPS, Active Directory, TACACS+, SMS Passcode (VPN), local authentication database
  • WiFi Access Point Authentication support

Intrusion Detection & Prevention
Intrusion Detection & Prevention

  • Protection against exploits, threats, and vulnerabilities
  • Packet anomaly and fragmentation protection
  • Advanced anti-evasion and obfuscation techniques
  • Automatic signature updates

Traffic Optimization
Traffic Optimization

  • Link monitoring, aggregation, and failover
  • Dynamic routing
  • Application-based provider selection
  • Traffic shaping and QoS
  • On-the-fly flow reprioritization
  • Stream and packet compression
  • Byte-level data deduplication
  • Protocol optimization (SMBv2)

High Availability
High Availability

  • Active-active or active-passive
  • Transparent failover without session loss
  • Network notification of failover
  • Encrypted HA communication
Advanced Threat Detection
Advanced Threat Detection
  • Dynamic, on-demand analysis of malware programs (sandboxing)
  • Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
  • Detailed forensics for both, malware binaries and web threats (exploits)
  • Support for multiple operating systems (Windows, Android, etc.)
  • Flexible malware analysis in the cloud

VPN
VPN

  • Drag & drop VPN tunnel configuration
  • Secure site-to-site, client-to-site VPN
  • Dynamic mesh site-to-site VPN
  • Supports AES-128/256, 3DES, DES, Blowfish, CAST, null ciphers
  • Private CA or external PKI
  • VPNC certified (basic interoperability)
  • Application-aware traffic routing
  • IPsec VPN / SSL VPN / TINA VPN/ L2TP / PPTP
  • Network Access Control
  • iOS and Android mobile device VPN support

Central Management Options
Central Management Options

  • Barracuda NG Control Center
    – Unlimited firewalls
    – Support for multitenancy
    – Multi-administrator support and RCS

Infrastructure Services
Infrastructure Services

  • DHCP server, relay
  • SIP, HTTP, SSH, FTP proxies
  • SNMP and IPFIX support
  • DNS Cache
  • SMTP gateway and spam filter
  • Wi-Fi (802.11n) access point on selected models

Protocol Support
Protocol Support

  • IPv4, IPv6, ARP
  • BGP/OSPF/RIP
  • VoIP (H.323, SIP, SCCP [skinny])
  • RPC protocols (ONC-RPC, DCE-RPC)
  • 802.1q VLAN

Barracuda Energize Updates
Barracuda Energize Updates

  • Standard technical support
  • Firmware updates
  • IPS signature updates
  • Application control definition updates
  • Web filter updates

Instant Replacement Service
Instant Replacement Service

  • Replacement unit shipped next business day
  • 24x7 technical support
  • Hardware refresh every four years

Security Options

  • Advanced Threat Detection
  • Web Filter
  • Malware Protection
  • Clientless SSL VPN
  • Network Access Control (NAC) clients validating client's workstation health status

Sub-Models Views:

The F900 standard model CCC is always shipped with a total of 24x1 GbE network ports and dual power supply. Other F900 model types provide different port combinations.

Note: Network ports are built-in and not replaceable in the field. Spare parts for redundant power supply can be ordered separately.

BNGF900a - F900 standard model (modular)

BNGF900a - Barracuda NextGen Firewall F900 standard model (modular)


BNGF900a.CCC - Barracuda NextGen Firewall F900 model CCC (24x1 GbE copper network ports)

BNGF900a.CCC - Barracuda NextGen Firewall F900 model CCC (24x1 GbE copper network ports)


BNGF900a.CCE - Barracuda NextGen Firewall F900 model CCE (16x1 GbE copper + 4x1 GbE SFP (fibre) network ports)

BNGF900a.CCE - Barracuda NextGen Firewall F900 model CCE (16x1 GbE copper + 4x1 GbE SFP (fibre) network ports)


BNGF900a.CFE - Barracuda NextGen Firewall F900 model CFE (8x1 GbE + 8x1 GbE SFP (fibre) + 4x10 GbE SFP+ (fibre) network ports)

BNGF900a.CFE - Barracuda NextGen Firewall F900 model CFE (8x1 GbE + 8x1 GbE SFP (fibre) + 4x10 GbE SFP+ (fibre) network ports)

NextGen Firewall Technology:

Secure Your Networks Perimeter

Barracuda NextGen Firewall provides several layers to protect an organization's network

Barracuda NextGen Firewall provides several layers to protect an organization's network

Intrusion Detection and Prevention
Barracuda NG Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • DoS and DDoS attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, Barracuda NextGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that Barracuda NextGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NG Control Center.

Malware Protection
Barracuda Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available.

Barracuda Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, pictures and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

Advanced Threat Detection
Barracuda Advanced Threat Detection (ATD) uses next-generation sandbox technology powered by full-system emulation to catch not only persistent threats and zero-day exploits, but also advanced malware designed to evade detection. Files are forwarded to a cloud-based sandbox environment, where they are executed and analyzed to identify suspicious and malicious behavior.

Barracuda ensures flexible and simple deployment with your existing network infrastructure—no additional hardware is required since resource intensive sandboxing is offloaded to the cloud. The cloud database is continuously updated by all Barracuda NextGen Firewalls with enabled ATD and, thereby, speed up the processing of already known files.

Advanced Threat Detection

The administrator has full policy control over how PDF documents, Microsoft Office Files, EXEs/MSIs/DLLs, Android APKs, compressed files and archives are emulated and delivered to the client. Based on identified malware activity, infected users can be automatically quarantined preventing the malware from spreading within the network.

Customizable, on-demand analysis reports for any emulated file provide full insight and details on malicious activities, file behavior, system-registry entries, evasion and obfuscation techniques. This also enables network activities such as establishing encrypted connections to Botnet Command and Control Centers for increased security posture to evade scaled Botnet attacks.

Advanced Threat Detection Screenshot

Web Filtering
The web filtering options for the Barracuda NextGen Firewall options enable highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.

  • Barracuda Web Filter offers online URL categorization (requires a valid Energize Updates subscription).
  • Barracuda Web Filter can be operated in online and offline mode (available as a separate subscription)

Controlling Application Usage

Controlling Application Usage

Block unwanted applications, control acceptable traffic, and ensure business continuity

Application Control
Barracuda NextGen Firewall provides a powerful and extremely reliable detection and classification of more than 1,400 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Barracuda NextGen Firewall combines its application control with the seamless integration of authentication schemes like Active Directory, LDAP/S, NTLM, etc. As a consequence, an administrator is always on top of what the users to on the organization's network. Barracuda NextGen Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, Barracuda NextGen Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial to QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Personalized Application Control
On top of the 1,400+ applications that are delivered out of the box and constantly updated, Barracuda NextGen Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization's specific needs.

Application-Based Provider Selection
The combination of next-generation security and adaptive WAN routing allows Barracuda NextGen Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories, and web filter categories. This keeps expensive, highly available lines free for business and missioncritical applications, while significantly reducing response times and freeing up additional bandwidth.

User Identity Awareness & ControlDeep Application Context
The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.

User Identity Awareness & Control
Barracuda NextGen Firewall supports authentication of users and enforcement of user-aware firewall rules, web filter settings, and application control by seamlessly integrating with

  • Microsoft and Citrix terminal service environments
  • Microsoft Active Directory
  • NTLM
  • RADIUS
  • RSA SecurID
  • LDAP/LDAPS
  • TACACS+
  • and more...

Application Risk and Usage ReportApplication Risk and Usage Report
The Application Usage and Risk Report is a predefined report type in the Barracuda Report Creator tool providing automated reports and risk analysis based on the network traffic that is traversing the network. It provides an overview on how effective the currently deployed technologies are in detecting and enforcing the corporate application usage policies and gives recommendations what should be taken into account when redefining these policies. For collecting the traffic required for this report, Barracuda offers two different approaches:

  • Layer2 Bridging
  • SPAN Port / Port Mirroring

In either way, collecting the traffic has no impact on the firewall performance at all. The report creation can be started manually (on-demand) or scheduled (including automated email distribution). And - of course - this report is fully customizable to comply with possible branding requirements.

Cloud Enablement & WAN Virtualization

Today's corporate networks are being transformed by the proliferation of mobile devices and the increasing adoption of SaaS offerings like Microsoft's Office 365 and moving corporate services to private or public clouds.

The net result of this is increased dispersion or fragmentation of corporate network into multiple dislocated segments and a massively increased attack surface. In this scenario a firewall solution is needed that can be deployed to multiple locations on the network with the corresponding next-generation deep inspection features to mitigate attacks. The introduction of, e.g., Office 365 all of a sudden creates a need for direct internet break outs at multiple branch office locations. Thus multiple enforcement points need to be created. Business critical internal traffic running across the WAN links must be protected against outages as well as quality of service impairments due to aggressive but less important network activities on the same physical infrastructure.

Multiple Barracuda NextGen Firewalls deployed to multiple physical and cloud locations allow an organization to span a highly performant and secure logical application delivery network (ADN) on top of the physical and virtualized infrastructure components. In conjunction with our leading central management concepts both the initial implementation and subsequent life cycle management tasks around the AND can be accomplished a surprisingly low total cost.

The key feature here is that full next-gen deep inspection can be combined with smart policy based adaptive traffic management. Policy based means that applicable QoS settings (bandwidth guarantees, priorities), network path selection, e.g., MPLS vs VPN, and/or privacy requirements can be based on the application or the person/groups causing the traffic. Adaptive means that failover policies can be defined that make sure that in case of unavailability of a particular path available alternative paths can be utilized. This feature allows for improved fault tolerance against outages as well for cost optimization strategies where multiple carriers/ISPs are combined to get the required bandwidth at an optimum price point.

Public cloud offerings like Amazon EC2 and Microsoft Azure are a new and increasingly attractive way to lower cost around IT operations. The business lines profit from a faster-timeto- market, good compute elasticity and an easy option to achieve global service availability quickly. There are challenges too. Replication typical on-premises DC concepts in these environments is impossible without a cloud compatible firewall product.

The Barracuda NextGen Firewall is ideal for securing and compartmentalizing these public cloud environments – connecting on-premises networks to the cloud and connecting logically separated components within the cloud data centers.

Application-Based Provider Selection
But before an organization can benefit of the cloud, it is mandatory to get to the cloud!

As mentioned earlier, Barracuda NextGen Firewall includes information on application, application categories, as well as web filter categories into its link selection policy. Such link policies can force for instance business critical traffic to use T1 lines whereas uncritical bulk traffic is routed via less expensive lines.

Traffic Shaping and Quality of Service
Limited network resources make bandwidth prioritization a necessity. Barracuda NextGen Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. Barracuda NextGen Firewall provides a large set of QoS techniques, such as traffic shaping, on-the-fly traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.

Failover and Link Balancing
To ensure the best and most cost-efficient connectivity, Barracuda NextGen Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes businesscritical applications, networks, or distinct endpoints.

Dynamic Mesh VPN
Simply by defining which deployments may create dynamic site-to-site VPN connections and, thereby, ensure business and communication continuity via low latency VPN connections.

WAN Optimization
Barracuda NextGen Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of businesscritical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of Barracuda NextGen Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprisegrade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, Barracuda NextGen Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications - at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.

Supported Virtualization and Public Cloud Offerings

Supported Virtualization and Public Cloud Offerings

Secure Remote Access & Access Control

Barracuda NextGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without time-consuming client configuration and management. The communication protocols used with our VPN clients are optimized to be fully roaming-capable by quickly reconnecting upon loss of communication. Smart pathfinder technology determines the nearest point of entry to the corporate network. Advanced NAT traversal technology can use different ports encapsulated in either TCP or UDP and, thus, is able to pass through web proxies.

Secure Remote Access & Access Control

BYOD (Bring Your Own Device)
The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. Barracuda NextGen Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Barracuda's Mobile Portal enables you to set up shortcuts on the home-screen of devices such as smartphones or tablets. When accessing the portal via the web browser on a mobile device, users can browse apps, network folders and files as if they were connected to the office network. The Mobile Portal supports most of commonly used devices, e.g., Apple iOS, Android, and Blackberry devices and is part of the "SSL VPN and NAC" subscription.

Dedicated VPN Clients
Every Barracuda NextGen Firewall unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.

Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.

Barracuda VPN Client for Mac OS
Barracuda VPN Client for Mac OS

Barracuda VPN Client for Windows 7
Barracuda VPN Client for Windows 7

Windows and MAC OS

Network Access Control
The optional Barracuda NextGen Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.

The Barracuda Network Access Client, when used with a Barracuda NG Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NG Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NextGen Firewall units acting as policy servers can be administered, monitored, and reviewed via the Barracuda NG Control Center.

TINA - Barracuda's VPN Protocol
Due to the limitations that come with standard IPsec connections Barracuda Networks created several powerful extensions to standard IPsec tunnel management. This core of the Barracuda NG VPN engine is called TINA (Transport Independent Network Architecture).

The TINA protocol allows to use TCP, UDP, ESP, and IPsec protocols for high speed VPN connections which improves the VPN connectivity substantially by adding:

  • Endpoint-to-Endpoint (not network-to-network) connectivity
  • NAT friendliness
  • Multiple physical transport paths for a logical tunnel
  • Multiple tunnels in between two locations
  • HTTPS and SOCKS4/5 proxy compatibility
  • Dynamic Address Support
  • Tunnel heartbeat monitoring

Central Management across the Enterprise

To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to manage and configure security, content, traffic management, and network access policies from a single interface. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NG Control Center helps significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateway. Software patches and version upgrades are centrally controlled from within the management console and deployment can be applied to all managed devices.

Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

Barracuda NG Control Center's Status Map displays a drill down status overview of all centrally managed Barracuda NextGen Firewall units.
Barracuda NG Control Center's Status Map displays a drill down status overview of all centrally managed Barracuda NextGen Firewall units.

Scalable Deployment


Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With Barracuda NG Control Center, managing mulitple Barracuda NextGen Firewalls takes the same amount of time as managing one.

  • Create pre-configured templates for easy-rollout.
  • Have all information about the enterprise security deployment available in real time.
  • Create reports of either one or all Barracuda NextGen Firewalls.

Lifecycle Management
Scalable Barracuda NextGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Additional Hardware Options:


  F10 F18 F80 F100 F180 F200 F280 F300 F380 F400 F600 F800 F900 F1000
Built-in WiFi option     Included   Included   Included              
Network Module M801                       Included Included  
Network Module M802                       Optional    
Network Module M804                         Optional  
Network Module M805                       Optional Optional  
Network Module M1001                           Included
Network Module M1002                           Optional
Network Module M1003                           Included
Wall mount bracket (2x)   Included Included   Included   Included              
L-shape rackmount bracket (2x)         Included Included Included Included Included Included Included Included Included Included
Rail kit                 Optional Optional Included Included Included Included
Maintenance kit                           Optional

Included Included

Optional Optional

Built-in Wi-Fi Option

The Barracuda NextGen Firewall appliances F101, F201, F280, and F301 offer built-in Wi-Fi.

Item Specification
Standards IEEE 802.11b/g/n, CSMA/CA with ACK
Frequency 2.4-2.4835 GHz
Signal Rate 11n: Up to 300Mbps
11g: Up to 54Mbps
11b: Up to 11Mbps
EIRP 20 dBm (MAX)
Radio receive sensitivity 130Mbps: -68 dBm @10% PER
108 Mbps: -68 dBm @10% PER
54 Mbps: -68 dBm @10% PER
11 Mbps: -85 dBm @8% PER
6 Mbps: -88 dBm @10% PER
1 Mbps: -90 dBm @8% PER
Wireless security 64/128 bits WEP
WPA/WPA2
WPA-PSK/WPA2-PSK (TKIP/AES)

Supported Barracuda Network Module Combinations (firmware release 6.1.x and newer)

Barracuda Network Module Combinations

Barracuda Network Module M801Barracuda Network Module M801
Optional network module providing 8x1 GbE RJ45 copper ports.
Available for Barracuda NextGen Firewall models F800 and F900.

Barracuda Network Module M802Barracuda Network Module M802
Optional network module providing 4x1 GbE fiber slots for standard SFP type transceivers (compatible with SR and LR transceivers).
Available for Barracuda NextGen Firewall models F800 for self-installed field upgrades.

Barracuda Network Module M804Barracuda Network Module M804
Optional network module providing 8x1 GbE fiber ports for standard SFP type transceivers (compatible with SR and LR transceivers).
Available for Barracuda NextGen Firewall model F900.

Barracuda Network Module M805Barracuda Network Module M805
Optional network module providing 4x10 GbE fiber ports for standard SFP+ type transceivers (compatible with SR and LR transceivers).
Available for Barracuda NextGen Firewall models F800 and F900.

Barracuda Network Module M1001Barracuda Network Module M1001
Optional network module providing 16x1 GbE RJ45 copper ports.
Available for Barracuda NextGen Firewall model F1000.

Barracuda Network Module M1002Barracuda Network Module M1002
Optional network module providing 16x1 GbE fiber ports for standard SFP type transceivers (compatible with SR and LR transceivers).
Available for Barracuda NextGen Firewall model F1000.

Barracuda Network Module M1003Barracuda Network Module M1003
Optional network module providing 4x10 GbE fiber ports for standard SFP+ type transceivers (compatible with SR and LR transceivers).
Available for Barracuda NextGen Firewall model F1000.

Barracuda Wall Mount BracketBarracuda Wall Mount Bracket
The Barracuda wall mount bracket allows mounting Barracuda NextGen Firewalls F18, F80, F180, and F280 to be mounted on a wall or similar.

Barracuda L-shape Rack Mount bracketBarracuda L-shape Rack Mount bracket
The L-shape rack mount bracket enables Barracuda Firewall F280 to be mounted in a 1U Standard 19" Rack slot.

Barracuda NextGen Firewall FAQ:

What is a Next Generation Firewall?

Next generation firewalls are the successors of traditional firewall and unified threat management (UTM) devices. Traditional firewalls generally perform packet forwarding and blocking functions and often incorporate packet inspection techniques. UTM devices usually add content security functions but typically fail to tightly integrate those functions tightly with network management, network access and WAN connectivity capabilities of enterprise-class firewalls.

To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application profiling and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).

Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda NextGen Firewall is the most advanced next generation firewall on the market today.

What is a Network Security Gateway?

Network security gateways are the successors of traditional firewalls, unified threat management (UTM) devices, and the latest cycle of "next-generation" firewalls. Traditional firewalls forward packets and block functions often employing packet inspection. UTM devices usually add content security functions. Next-generation firewalls add detection and control of social media and Web 2.0 applications, but typically fail to integrate these functions tightly with link management, WAN management, and SSL VPN remote connectivity.

In comparison, the Barracuda NextGen Firewall, the first true network security gateway, starts by integrating an advanced network firewall with Layer 7 application recognition and user awareness, content security, malware protection, plus IPS in a suite of security technologies. It tightly integrates these features with intelligent network link aggregation and traffic management, VPN WAN management, and optimization for seamless remote office integration and SSL VPN for remote client security. As a network security gateway, the Barracuda NextGen Firewall weaves a seamless fabric of security, performance optimization, high-availability, and centralized management into network infrastructures while simplifying network architecture.

Why do I need a Next Generation Firewall?

As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda NextGen firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.

What are the major capabilities of the Barracuda NextGen Firewall?

The Barracuda NextGen Firewall is a next generation firewall and VPN that provides:

  • Integrated content security and network access control
  • Optimization of intelligent traffic flow across the WAN
  • Industry-leading centralized management capabilities

What are the differences among the F-Series, S Series and X-Series firewalls?

The Barracuda NextGen Firewall F-Series is designed for network engineers who manage distributed enterprise environments. It provides all the security functionality one expects from an enterprise next-generation firewall, including application detection and prioritization, IPS, malware protection, URL filter and even DDOS protection. Furthermore, its powerful traffic optimization features, extremely resilient site-to-site connectivity capabilities, and extensive logging and auditing tools make the F-series an ideal fit for organizations that need to efficiently manage and scale massive firewall deployments.

The Barracuda NextGen Firewall S-Series provides remote connectivity in an affordable and easy to deploy solution. It is designed from the ground up to support Internet of Things initiatives where thousands of remote devices need to be connected to a headquarters or data center. The SC appliances are managed via a NextGen Control Center, and security features like IPS, application detection etc. are provided at the Secure Access Concentrator where the VPN for each SC appliance terminates.

The Barracuda NextGen Firewall X-Series is ideal for small to medium-sized organizations looking for a simple, yet powerful next-generation firewall that provides IPS, application detection, URL filter, malware protection and some basic email security. Designed for the resource-constrained IT professional, the X-Series’ intuitive web interface has a low learning curve while providing and easy-to-use management interface.

How do I know if I should get the X-Series, F-Series or S-Series?

If you only have a few locations to manage (e.g., between one and three) and are looking for a firewall that is application aware and easy to use with a Web UI, then the X-Series firewall is ideal for you.

If you have a lot of remote locations to manage, secure and connect (e.g., more than three) and need a solution to seamlessly manage, protect and optimize your network, the F-Series firewall is right for you.

If you have to securely connect large numbers of devices to backhaul traffic to your HQ or data center, want to centrally administer the deployment and stay scalable, then the S-Series is the perfect choice for you.

Can I centrally manage multiple firewalls from one place?

Yes, all the Barracuda NextGen Firewall Series—X, F, and S—can be centrally managed from a single pane of glass. The F and S-Series utilize the Barracuda NextGen Control Center to manage massive firewall deployments. The NextGen Control Center is available in physical, virtual and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, which is the same web-based portal that IT administrators use to control their other Barracuda products.

What is the difference in terms of deployment between the F, S and X-Series firewalls?

The Barracuda NextGen Firewall F-Series can easily be deployed as "standalone" and provides great value this way, but its full potential and cost savings is unleashed when it’s centrally managed using a NextGen Control Center.

The S-Series firewall cannot be deployed as standalone, but needs one or multiple Secure Access Concentrators for VPN tunnel termination and a NextGen Control Center for central management. The Web UI on the SC appliances is only intended for initial setup.

The Barracuda NextGen Firewall X-Series is designed to be used as standalone, and can optionally (at no extra charge) be connected to the Barracuda Cloud Control portal for convenient remote management.

What level of support can I expect to receive from Barracuda?

Regardless of whether you’re using the X-Series, F-Series or S-Series firewalls, you can expect the same level of award-winning support from Barracuda’s expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you will always speak to an in-region technician who is ready to help.

Integrated content security and network access control:

Barracuda NextGen Firewall integrates a comprehensive set of next generation firewall technologies, including Web Filtering, malware protection, intrusion prevention, anti-spam protection and Layer 7 application profiling.

Barracuda NextGen Firewalls include licenses for an unlimited number of IPSec site-to-site connections and IPSec clients through the Barracuda NG VPN Client. The Barracuda NextGen Firewall SSL VPN and NAC option adds a customizable and easy-to-use Web portal-based SSL VPN as well as sophisticated network access control (NAC) functionality. NAC allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of anti-virus and/or anti-spyware and user ID. The Barracuda NG Network Access Client also adds support for 802.1x port based security for 802.1x enabled routers and switches.

Optimization of intelligent traffic flow across the WAN:

The Barracuda NextGen Firewall provides application-aware traffic management and prioritization across the WAN, featuring adaptive routing based on network traffic conditions and link status. In addition, through Barracuda NG Control Center, administrators can efficiently monitor VPN tunnels and firewall status.

Industry Leading Centralized Management Capabilities:

To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NG Control Center supports multiple administrators simultaneously - even within the same configuration tree. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

What are the differences in levels between the Barracuda NG Control Center editions?

The Barracuda NG Control Center is offered at three levels - Standard Edition, Enterprise Edition and Global Edition. All Barracuda NG Control Center levels enable administration of an unlimited number of Barracuda NextGen Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or “range.” The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each “range.”

What application proxies are included?

Barracuda NextGen Firewalls include application layer proxies for HTTP, HTTPS (optional), FTP, SSH, as well as a generic TCP and SOCKS proxy.

What is Layer 7 application profiling?

Application identification techniques in traditional firewalls typically rely on Layer 3 (destination IP address) or Layer 4 (TCP port / protocol) definitions.

Next-generation firewalls utilizing Layer 7 Application Control can identify and enforce policy on more sophisticated applications that may hide their traffic inside otherwise "safe" port/protocols such as HTTP. Skype and peer-to-peer (P2P) applications are particularly notorious for requiring Layer 7 Application Control for policy enforcement.

The Barracuda NextGen Firewall integrates Layer 7 Application Control into its core firewall functions, enabling enforcement of policy based on user ID, security policy, location, and time of day. Policy actions can include blocking, allowing, throttling, or even enabling or disabling of specific application features.

What user authentication methods are supported?

The Barracuda NextGen Firewall can authenticate users and enforce user-aware policy using Active Directory, NTLM, MC CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, built-in local authentication, as well as x.509 certificates.

Does the Barracuda NextGen Firewall help my organization troubleshoot network problems?

All Barracuda NG Control Center and Barracuda NextGen Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.

What if I am not looking to replace my entire firewall infrastructure?

In addition to the Barracuda NextGen Firewall, Barracuda Networks offers a set of best-of-breed point solutions to address your needs if you are not looking yet to replace your entire firewall infrastructure. Relevant point solutions include:

  • Email security: Barracuda Spam & Virus Firewall
  • Web filtering: Barracuda Web Filter or Barracuda Purewire Web Security Service
  • Layer 7 application profiling: Barracuda Web Filter
  • SSL VPN: Barracuda SSL VPN
  • Site-to-site IPSec VPN: Barracuda Link Balancer
  • Link load balancing: Barracuda Link Balancer
What appliance models are recommended for my organization?

The Barracuda NextGen Firewall is a family of hardware and virtual appliances designed to service next generation firewall capabilities to all office locations of enterprise networks. This includes very small remote locations, home offices, branch offices, headquarters and data centers. Typically, Barracuda NextGen Firewall models are sized based on firewall throughput, VPN throughput, concurrent connections, and the features selected. For more information, please contact your Barracuda Networks systems engineer.

Does the Barracuda NextGen Firewall involve per user fees for VPN client or SSL VPN client usage?

No. The Barracuda NextGen Firewall models include a license to an unlimited number of Barracuda NG VPN clients. With the purchase of the Barracuda SSL VPN and NAC option, there is no licensed limit to the number of Barracuda NG Network Access clients or Barracuda NG SSL VPN users.

What is included in the Energize Updates subscription for the Barracuda NextGen Firewall?

Energize Updates from Barracuda Central deliver updates on the extensive library of definitions for intrusion prevention and Layer 7 application profiling. In addition, Energize Updates subscriptions also provide access to Basic Support, Firmware Maintenance and optional participation in the Barracuda Early Release Firmware program.

What if I have more questions about the Barracuda NextGen Firewall?

For additional assistance or for a product demonstration of the Barracuda NextGen Firewall, please contact us.

Pricing Notes:

Barracuda NextGen Firewall F900
Barracuda NextGen Firewall F900 Standard Model (Modular)
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a
Contact us for pricing!
Barracuda NextGen Firewall F900 Model CCC with 24x1 GbE Copper Network Ports
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a.CCC
Contact us for pricing!
Barracuda NextGen Firewall F900 Model CCE with 16x1 GbE Copper + 4x1 GbE SFP (Fibre) Network Ports
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a.CCE
Contact us for pricing!
Barracuda NextGen Firewall F900 Model CFE with 8x1 GbE + 8x1 GbE SFP (Fibre) + 4x10 GbE SFP+ (Fibre) Network Ports
Note: The purchase of at least 1 Year of Energize Updates is required
#BNGF900a.CFE
Contact us for pricing!
Barracuda Hardware Refresh Program - Learn More
Refresh - Barracuda NextGen Firewall F900
Note: Customers need to return their old hardware within 30 days
#HWWF900a
Contact us for pricing!
Barracuda Product Phone Installation Appointment
#BT001
Contact us for pricing!
Barracuda Onsite Installation
#BT002
Contact us for pricing!
Barracuda Networks Energize Updates for F900
1 Year Energize Updates
#BNGF900a-E1
Contact us for pricing!
3 Year Energize Updates
#BNGF900a-E3
Contact us for pricing!
5 Year Energize Updates
#BNGF900a-E5
Contact us for pricing!
Barracuda Networks Instant Replacement for F900
1 Year Instant Firewall Replacement
Included with Instant Replacement subscription for NextGen Firewall models F800 and F900 is Instant Replacement coverage for BNGM80x Network Modules sold and installed with that F800 and F900
#BNGF900a-H1
Contact us for pricing!
3 Year Instant Firewall Replacement
Included with Instant Replacement subscription for NextGen Firewall models F800 and F900 is Instant Replacement coverage for BNGM80x Network Modules sold and installed with that F800 and F900
#BNGF900a-H3
Contact us for pricing!
5 Year Instant Firewall Replacement
Included with Instant Replacement subscription for NextGen Firewall models F800 and F900 is Instant Replacement coverage for BNGM80x Network Modules sold and installed with that F800 and F900
#BNGF900a-H5
Contact us for pricing!
Barracuda Networks Premium Support for F900
1 Year Premium Support
Premium support on the 3X0 and 4X0 is available for customers who have purchased premium support on model 6X0/8X0/9X0s
#BNGF900a-P1
Contact us for pricing!
3 Year Premium Support
Premium support on the 3X0 and 4X0 is available for customers who have purchased premium support on model 6X0/8X0/9X0s
#BNGF900a-P3
Contact us for pricing!
5 Year Premium Support
Premium support on the 3X0 and 4X0 is available for customers who have purchased premium support on model 6X0/8X0/9X0s
#BNGF900a-P5
Contact us for pricing!
Barracuda Networks Web Security
1 Year Web Security
Includes Web Filter + Malware Protection
#BNGF900a-W1
Contact us for pricing!
3 Year Web Security
Includes Web Filter + Malware Protection
#BNGF900a-W3
Contact us for pricing!
5 Year Web Security
Includes Web Filter + Malware Protection
#BNGF900a-W5
Contact us for pricing!
Barracuda Networks Web Filter
1 Year Web Filter
#BNGF900a-U1
Contact us for pricing!
3 Year Web Filter
#BNGF900a-U3
Contact us for pricing!
5 Year Web Filter
#BNGF900a-U5
Contact us for pricing!
Barracuda Networks Malware Protection
1 Year Malware Protection
#BNGF900a-M1
Contact us for pricing!
3 Year Malware Protection
#BNGF900a-M3
Contact us for pricing!
5 Year Malware Protection
#BNGF900a-M5
Contact us for pricing!
Barracuda Networks Advanced Threat and Malware Protection Bundle
1 Year Advanced Threat and Malware Protection Bundle
#BNGF900a-am1
Contact us for pricing!
3 Year Advanced Threat and Malware Protection Bundle
#BNGF900a-am3
Contact us for pricing!
5 Year Advanced Threat and Malware Protection Bundle
#BNGF900a-am5
Contact us for pricing!
Barracuda Networks Basic Remote Access for F900
1 Year Basic Remote Access
#BNGF900a-VB1
Contact us for pricing!
3 Year Basic Remote Access
#BNGF900a-VB3
Contact us for pricing!
5 Year Basic Remote Access
#BNGF900a-VB5
Contact us for pricing!
Barracuda Networks Premium Remote Access for F900
1 Year Premium Remote Access
(Includes Basic Remote Access)
#BNGF900a-VP1
Contact us for pricing!
3 Year Premium Remote Access
(Includes Basic Remote Access)
#BNGF900a-VP3
Contact us for pricing!
5 Year Premium Remote Access
(Includes Basic Remote Access)
#BNGF900a-VP5
Contact us for pricing!
Barracuda Networks USB Modem
Barracuda USB Modem M10 for NextGen Firewall models 10-900 (3G/UTMS)
#BNGM10a
Contact us for pricing!
Barracuda Networks Module
Barracuda Network Module M801 for NextGen Firewall models 800-900 (8x1Gb Copper)
#BNGM801a
Contact us for pricing!
Barracuda Network Module M802 for NextGen Firewall models 800-900 (4x1Gb SFP)
#BNGM802a
Contact us for pricing!
Barracuda Network Module M803 for NextGen Firewall models 800-900 (2x10Gb SFP+)
#BNGM803a
Contact us for pricing!