Call a Specialist Today! 800-878-6893

Barracuda NextGen Firewall SAC 820
Simple, Secure and Scalable Remote Connectivity For the Internet of Things


Barracuda NextGen Firewall

Barracuda Networks NextGen Firewall Series
Barracuda NextGen Firewall S-Series
Barracuda Secure Access Concentrator VFAC820
Note: The purchase of at least 1 Year of Energize Updates is required
#BNCVFAC820a
List Price: $11,999.00
Our Price: $11,399.00

Click here to jump to more pricing!

Virtual BoxBarracuda Networks NextGen Firewall SAC 400 Overview:

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. The Barracuda NextGen Firewall S-Series fits perfectly into this ongoing virtualization process. It is ideally suited for organizations that are deploying virtual environments - be it for scalability, fast rollout, or cost reasons. Beyond its powerful network firewall, IPS, and VPN technologies, the Barracuda NextGen Firewall S-Series integrates via Advanced Threat Detection a comprehensive set of next-generation firewall technologies, including Application Control, availability and traffic flow optimization across the wide area network, web filtering, antivirus enforcement as well as protection against zero-hour/day threats, advanced malware, etc.

NextGen Firewall S-Series

Enterprise networks grow larger and more complex every day, thus becoming more critical to key business operations. The Barracuda NextGen Firewall S-Series—Secure Connector 1 (SC1) and Secure Access Concentrator (SAC)—is an essential tool for optimizing the performance, security and availability of today's dispersed enterprise WANs.

The Barracuda NextGen S-Series offers large-scale remote access capabilities. It enables the ever-growing number of IoT devices and micro-networks to securely connect to the central or distributed corporate datacenter.

Components for a S-Series deployment are:

  • Secure Connector (SC) appliances (hardware only)
  • Secure Access Concentrator (SAC) (virtual, Azure)
  • NextGen Control Center (hardware, virtual, Azure)

In such a scenario, a large number of small Secure Connector (SC) appliances connect via TINA VPN to their regional Secure Access Concentrator (SAC). The SAC forwards the management traffic to the NextGen Control Center. Corporate policies such as Application Control, URL Filtering, and Virus Scanning are handled either directly on the SAC or forwarded to the border firewall. The configuration and lifecycle management for all SCs and their SACs are handled by one central NextGen Control Center. The Control Center can manage multiple Secure Access Concentrators, allowing you to scale up the network at will.

Easily Scales to the Tens of Thousands of Remote Locations

The encrypted connection between the SC1 appliance and the Secure Access Connector is established with the Barracuda Networks proprietary enhanced IPsec protocol TINA, which is more resilient and provides greater performance than most competitive VPN solutions no loss to security. Every Secure Access Connector can thus maintain an encrypted connection to thousands of remote SC1 appliances while literally dozens of Secure Access Connectors can be managed remotely by the Barracuda NextGen Control Center.

To deploy Barracuda NextGen S-Series appliances to an even wider variety of use cases and remote locations, the SC1 appliance comes with your choice of uplinks and automated failover in case one uplink fails. Besides the typical wired uplinks using DHCP or static IP, the integrated wireless Access Point functionality can be reversed to access the WAN via existing wireless networks. For even greater deployment flexibility, the SC1 is available with an optional 3G modem.

NextGen Firewall Security Levels

While the device itself is not designed to perform advanced functions like Application Detection, IPS, Anti-Virus or URL Filtering on the box itself, such actions can easily be performed centrally at the larger office or datacenter where the devices connect to the Secure Access Connector. Full next-generation protection is available as moderately priced options for unlimited users per Secure Access Connector gateway deployed. Advanced Threat Detection (ATD) via sandboxing and detonation in the cloud is also available.

Central Management

Managing configurations of security appliances can be a complicated and time-consuming task. To ease administrators’ lives, the S-Series uses a new template-based configuration. Templates can be created at the various organizational levels supported by the NextGen Control Center. Once a template is changed, all SC1 appliances linked to this template are automatically updated within seconds.

Deploying to many locations often results in a complex routing setup. Each remote network needs to be properly defined and routed from the datacenter. The S-Series can also take care of these tasks by assigning defined subnets automatically to SC1 appliances and keeping track of required routing paths.

And - of course - you can manage F-Series and S-Series deployment in the same NextGen Control Center.

Quickly Deployed by Untrained Staff

To make the installation and setup process as efficient as possible, the SC1 appliances can be shipped directly to the intended remote location without the need for specialized IT personnel to be present on-site. The central IT department can quickly create a configuration file via the Barracuda NextGen Control Center, send it to the site (e.g., via email), and have the configuration file copied by drag-and-drop onto the SC1 appliance. After rebooting the SC1, the configuration file is processed and the setup process concluded – your SC1 is ready to go!

The Barracuda Advantage

  • Quick rollout
  • Comprehensive reporting
  • Highly scalable
  • Fully compatible with Microsoft Azure

Product Spotlight

  • Powerful next-generation network firewall
  • Advanced Threat Detection
  • Built-in web security and IDS/IPS
  • Full application visibility and granular controls
  • Centralized management of all functionalities
  • Template-based and role-based configuration
  • Available for VMware, XenServer, KVM, Hyper-V, and Microsoft Azure

Securing the Internet of Things

Securing the Internet of Things

The Barracuda NextGen Firewall S-Series is designed and built from the ground up to provide comprehensive, next-generation security while being simple to deploy and maintain, and highly scalable. Need to connect micro-offices, point of sales and machine-to-machine business? With the S-Series you're all set!

Easy to setup and maintain: SC1

Easy to setup and maintain: SC1

The Secure Connector (SC1) is a hardware appliance purposebuilt to be an on-premises connectivity device that ensures high-performance and tamper-proof VPN connections to protect the data flow and, thus, guarantee data continuity.

Bundling the data stream: SAC

Bundling the data stream: SAC

The Secure Access Concentrator is the collecting point for the data stream. This fully fledged NextGen Firewall acts as VPN gateway for the SC1 deployments. SACs can be run on VMware, Hyper-V, XenServer, or KVM environments as well as directly in Microsoft Azure.

Grows with your needs

Grows with your needs

Integration within the Barracuda NextGen Control Center architecture ensures that your deployment can grow with your needs without technical or financial trapdoors. The template-based configuration ensures easy rollout of additional devices and maintain compliance.

Benefits:

Simplifying Machine-to-Machine Connectivity

The S-Series is designed for companies that need to securely and cost-effectively connect large numbers of remote devices like Automated Teller Machines (ATMs), point-of-sale kiosks, wind power stations, networked industrial machines or even very small offices. Managing and protecting network traffic among these remote machines is often a logistical nightmare involving managing many different firewalls, VPN software and routing steps.

Simplifying Machine-to-Machine Connectivity

The S Series consists of a small Secure Connector appliance (SC1) that connects each remote device with multiple uplinks and even an automated failover in case one uplink fails. The SC1 provides zone-based firewalling, Wi-Fi and full VPN connectivity for the connected device. The network traffic is then backhauled to a Secure Access Concentrator running at a central office or in the cloud for inspection and other resource-intensive security tasks such as URL filtering, intrusion prevention (IPS), anti-virus protection and application detection.

Flexible Deployment Options
Flexible Deployment Options

In order to be able to deploy Barracuda NextGen Firewall S-Series’ even to a wide variety of use cases and remote locations the SC1 appliance comes with a choice of uplinks and even automated failover in case one uplink fails. Besides the typical wired uplinks using DHCP or Static IP, the integrated wireless Access Point functionality can be reversed to access the WAN via existing wireless networks. For even more deployment flexibility the SC1 is even available with an optional 3G modem.

Easy and Affordable Scalability to Thousands of Devices
Easy and Affordable Scalability to Thousands of Devices

Instead of having all S-Series appliances establish a VPN connection to the primary Firewall/VPN gateway – and potentially bog down corporate traffic – Barracuda designed the Secure Access Concentrator (SAC). The Secure Access Connector is "stackable" and optimized to handle VPN tunnel termination, routing and offload Application enforcement, intrusion protection (IPS) and Content Security tasks for thousands of remote locations.

Once connected to a SAC, all S Series components can be centrally managed via the NextGen Control Center. Administrators can easily manage traffic routing and security policies for tens of thousands of devices from a single control panel. In addition, features like template based management and automated network setup simplify the connection of remote devices so that even very large scale deployments can be managed by a few administrators.

Full Next Generation Security Levels
Full Next Generation Security Levels

The encrypted connection between the SC1 appliance and the Secure Access Connector (SAC) is established with the Barracuda Networks proprietary enhanced IPsec protocol called TINA, which is more resilient and performant than most competitive VPN solutions – without giving up on any security aspects. Every SAC can maintain an encrypted connection to thousands of remote SC1 appliances, while literally dozens of Secure Access Connectors can be remote controlled by the Barracuda NextGen Control Center.

Full next generation protection is available at customer-friendly priced options for unlimited users per Secure Access Connector gateway deployed. Advanced Threat Detection via sandboxing and detonation in the cloud is available.

Features:

Next Generation Security

Secure Connector 1 (SC1)

The SC1 is a secure connectivity device providing zone-based firewalling, Wi-Fi, and full VPN connectivity for connecting large number of remote devices or micro offices and centrally backhauling all network traffic.

While the device does not perform advanced functions like application detection, IPS, antivirus, or URL filtering on the box itself this can still be done centrally at the Secure Access Concentrators, larger offices, headquarters, or datacenter where the devices connect to.

TINA VPN

Due to the limitations that come with standard IPsec connections, Barracuda Networks has created several powerful extensions to standard IPsec tunnel management. This core of the Barracuda S-Series VPN engine is called TINA (Transport Independent Network Architecture). The TINA protocol allows the use of TCP, UDP, and ESP for high speed VPN connections, which improves the VPN connectivity substantially by adding:

  • Endpoint-to-Endpoint (not network-to-network) connectivity
  • NAT friendliness
  • Multiple physical transport paths for a logical tunnel
  • HTTPS and SOCKS4/5 proxy compatibility
  • Dynamic Address Support
  • Tunnel heartbeat monitoring

Advanced Threat Detection

While traditional solutions usually detect network threats after they have breached the network by sending log notifications to the administrator, the Barracuda Advanced Threat Detection (ATD) implements full system emulation, providing deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.

The Barracuda ATD offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization’s network.

The Barracuda Advanced Threat Detection is an optional subscription.

Intrusion Detection and Protection

The Intrusion Detection and Prevention System (IDS/IPS) of the S-Series strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

Barracuda NextGen Firewall S-Series Secure Access Concentrators provides advanced attack and threat protection features such as:

  • Stream segmentation and packet anomaly protection
  • TCP split handshake protection
  • IP and RPC defragmentation
  • FTP evasion protection
  • URL and HTML decoding

As a result, the Barracuda NextGen Firewall S-Series is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NextGen Firewall S-Series is constantly up-to-date. If the firewall unit is centrally managed, the updates are conveniently distributed by the Barracuda S-Series Control Center.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection

In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda NextGen Firewall S-Series effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network.

Additionally, the Secure Access Concentrator allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets.

The integrated environmental monitoring feature of the Barracuda NextGen Firewall S-Series diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.

Web Filtering

Configuring and maintaining configurations of security appliances can be a complicated and time-consuming task. To ease administrator’s life’s, the S-Series uses a new template based editor, called SCA Editor. Templates can be created at the various organizational levels supported by the respective NextGen Control Center version (Global, range or cluster level). Once a template is changed all SC1 appliances linked to this template are automatically updated within seconds.

Network Performance

Application Control 2.0

The Barracuda NextGen Firewall S-Series provides powerful and extremely reliable detection and classification of thousands of applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic policies and facilitates establishing and enforcing access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:

  • Block unwanted applications for certain users or groups
  • Control and throttle acceptable traffic
  • Preserve bandwidth and speed-up business-critical applications to ensure business continuity
  • Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube Postings, or MSN file transfers)
  • Intercept SSL-encrypted application traffic

The Barracuda NextGen Firewall S-Series features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, the S-Series comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial to QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Traffic Shaping and Quality of Service

Limited network resources make bandwidth prioritization a necessity. The Barracuda NextGen Firewall S-Series provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications.

Failover and Link Balancing

To ensure the best and most cost-efficient connectivity, the Barracuda NextGen Firewall S-Series Secure Access Connector provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security-conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed.

Traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.

Scalability

Secure Access Concentrator (SAC)

The SAC is a virtual deployed gateway designed especially for terminating the encrypted traffic the SC1 appliances provide as well as providing the more advanced security functions like application control, antivirus, IPS and URL filtering.

To ensure scalability to the thousands, multiple SAC’s can be integrated and managed by a NextGen Control Center. Separating the workload of management and traffic handling is another factor that enables us to handle tens of thousands of remote devices.

Microsoft Azure

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer.

Barracuda’s award-winning security solutions are available as virtual appliances to help organizations in Microsoft Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer. For Barracuda NextGen Firewall S-Series, the NextGen Control Center as well as the Secure Access Concentrator can be deployed as virtual images in the Azure cloud.

Ease of Management

Rapid Deployment

To make the installation and setup process as efficient as possible the SC1 appliances can be shipped directly to the intended remote location without the need for specialized IT personnel to be present on-site. The central IT department can quickly create a configuration file via the Barracuda NextGen Control Center through the included configuration wizard.

Once the configuration file is on site (e.g. via email) an employee or technician connects the SC1 to a workstation or laptop and copies the configuration-file by drag and drop onto the SC1 mass-storage (attached via USB-OTG port). After rebooting the SC1, the configuration file is processed and the setup process concluded – the SC1 is ready.

Automatic Network Setup

Deploying to many locations often results in a complex routing setup. Each remote network behind an SC1 needs to be defined and routed to properly from the datacenter. The “Automatic Network Setup” automates the process of creating a new SC1 configuration file. You can define a single large network that is automatically partitioned into smaller subnets which then in turn are automatically assigned to the SC1 appliances. The Secure Access Connectors are updated with all needed routing paths.

Barracuda NextGen Control Center

Managing the security issues in a widely distributed network can be painful and extremely time-consuming. Managing a system may take only 15 minutes per day, but having 20 security devices in place results in five hours per day – just to manage the existing system. With the Barracuda NextGen Control Center, managing multiple Barracuda NextGen Firewall S-Series takes the same amount of time as managing one.

  • Create pre-configured templates for easy-rollout.
  • Have all information about the security deployment available in real time.
  • Create reports of either one or all Barracuda NextGen Firewall S-Series.

Personalized Application Control

On top of the thousands of applications that are delivered out of the box and constantly updated, the Barracuda NextGen Firewall S-Series provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization’s specific needs.

User Identity Awareness

Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to.

NextGen Report Creator

The Barracuda NextGen Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda NextGen Firewall S-Series Secure Access Concentrator units and to create easy-to-read reports in PDF format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email.

Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.

Revision Control System, Audit and Reporting

The integrated revision control system increases auditing ease for the infrastructure and cuts overhead. Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements. Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable and easy to read.

Specifications:


SAC Editions1 SAC400 SAC610 SAC820
Number of Protected IPs unlimited unlimited unlimited
Allowed Cores 2 4 8
Max. number of VPN Connections 500 1,200 2,500
Firewall & VPN Throughput 1 Gbit/s 2 Gbit/s 4 Gbit/s
Firewall
Application Control2
IPS2
Dynamic Routing
VPN3
SSL Interception
Web Filter
Malware Protection4 Optional Optional Optional
Advanced Threat Detection4,5 Optional Optional Optional

1 The Barracuda NextGen Firewall S-Series SAC virtual image covers all editions.
2 Requires a valid Energize Updates subscription.
3 Barracuda NextGen Firewall S-Series SAC editions include as many VPN licenses as the number of protected IPs. VPN clients with an active connection to the Barracuda NextGen Firewall S-Series SAC are counted towards the protected IP limits.
4 Including FTP, mail and Web protocols.
5 Requires a valid Malware Protection subscription.

Technical Specs

Firewall
Firewall

  • Stateful packet inspection and forwarding
  • Full user-identity awareness
  • Intrusion Detection and Prevention System (IDS/IPS)
  • Application control and granular application enforcement
  • Interception and decryption of SSL/ TLS encrypted applications
  • Antivirus and web filtering in single pass mode
  • SafeSearch enforcement
  • YouTube for Schools support
  • Denial of Service protection (DoS/DDoS)
  • Spoofing and flooding protection
  • ARP spoofing and trashing protection
  • DNS reputation filtering
  • TCP stream reassembly
  • NAT (SNAT, DNAT), PAT
  • Dynamic rules / timer triggers
  • Single object-oriented rule-set for routing, bridging, and routed bridging
  • Virtual rule test environment

Hypervisor and Public Support
Hypervisor and Public Support (for SAC and NextGen Control Center)

  • VMware
  • Hyper-V
  • XenServer
  • KVM
  • Microsoft Azure

Intrusion Detection & Prevention
Intrusion Detection & Prevention

  • Protection against exploits, threats and vulnerabilities
  • Packet anomaly and fragmentation protection
  • Advanced anti-evasion and obfuscation techniques
  • Automatic signature updates


Advanced Threat Detection
Advanced Threat Detection

  • Dynamic, on-demand analysis of malware programs (sandboxing)
  • Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
  • Detailed forensics for both malware binaries and web threats (exploits)
  • Support for multiple operating systems (Windows, Android, etc.)
  • Flexible malware analysis in the cloud

VPN
VPN

  • Secure site-to-site
  • Supports AES-128/256, 3DES, DES, Blowfish, CAST, null ciphers

High Availability
High Availability

  • Active-passive
  • Transparent failover without session loss
  • Network notification of failover
  • Encrypted HA communication

Central Management Options
Central Management Options

  • Barracuda NextGen Control Center
    – Unlimited SACs and SC1s
    – Support for multi-tenancy
    – Multi-administrator support & RCS

Protocol Support
Protocol Support

  • IPv4
  • BGP/OSPF/RIP
  • VoIP (H.323, SIP, SCCP [skinny])
  • RPC protocols (ONC-RPC, DCE-RPC)
  • 802.1q VLAN

Support Options

Barracuda Energize Updates
Barracuda Energize Updates

  • Standard technical support
  • Firmware updates
  • IPS signature updates
  • Application control definition updates
  • Online web filter

Security Options

  • Advanced Threat Detection
  • Malware Protection

NextGen Firewall Technology:

Secure Your Networks Perimeter

Barracuda NextGen Firewall S provides several layers to protect an organization’s IoT network

Barracuda NextGen Firewall S provides several layers to protect an organization’s IoT network

Intrusion Detection and Prevention
The built-in Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection for your operating systems, applications, and databases against a broad range of threats and attacks.

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Secure Access Concentrator (SAC) can identify and block advanced evasion attempts and obfuscation techniques used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of Barracuda’s Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the SAC is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NextGen Control Center.

Malware Protection
The optional Malware Protection shields your internal network from malicious content by scanning web / email content and file transfers via two fully integrated antivirus engines. Malware Protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available.

The Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on, for example, PDFs, pictures and office documents, macro viruses, even when using stealth or morphing techniques for obfuscation.

Advanced Threat Detection
Barracuda’s Advanced Threat Detection (ATD) uses next-generation sandbox technology powered by full-system emulation to catch not only persistent threats and zero-day exploits, but also advanced malware designed to evade detection. Files are forwarded to a cloud-based sandbox environment, where they are executed and analyzed to identify suspicious and malicious behavior.

Barracuda ensures flexible and simple deployment with your existing network infrastructure—no additional hardware is required since resourceintensive sandboxing is offloaded to the cloud. The cloud database is continuously updated by all SACs with enabled ATD. Processing of already known files is thereby speeded up.

The administrator has full policy control over how PDF documents, Microsoft Office files, EXEs/MSIs/DLLs, Android APKs, compressed files, and archives are emulated and delivered to the client. Based on identified malware activity, infected users can be automatically quarantined, thus preventing the malware from spreading within the network.

Advanced Threat Detection

Customizable, on-demand analysis reports for any emulated file provide full insight and details on malicious activities, file behavior, system-registry entries, and evasion and obfuscation techniques. This also enables network activities, such as establishing encrypted connections to Botnet Command and Control Centers for increased security posture, to evade scaled botnet attacks.

Advanced Threat Detection Screenshot

Web Filtering
The web filtering options for the SAC enable highly granular, real-time visibility into online activity, broken down by individual users and applications. Administrators can thus easily create and enforce effective Internet content and access policies. Web filtering protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, thereby providing an important additional layer of security alongside application control.

Controlling Application Usage

Mobile devices, online applications, social networks, and streaming media have caused an enormous increase in nonbusiness network data traffic, pushing bandwidth capacities to their limits and causing degradation in performance of business-critical applications.

The Barracuda NextGen Firewall S-Series gives administrators granular control over applications, allowing them to define rules for forwarding data traffic using the best respective transmission channels based on type of application, user, content, time of day, and geographical location.

Block unwanted applications, control acceptable traffic, and ensure business continuity

Block unwanted applications, control acceptable traffic, and ensure business continuity

Application Control
The Barracuda NextGen Firewall family provides powerful and extremely reliable detection and classification of thousands of applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates the establishment and enforcement of acceptable access and use policies for users and groups by application, application category, location, and time of day. Barracuda NextGen Firewalls combine application control with seamless integration of authentication schemes like Active Directory, RADIUS, or LDAP/S. As a result, administrators are always on top of what users are doing to on the organization’s network. Barracuda NextGen Firewalls feature advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value and security by significantly improving network quality and availability, and by reducing direct line cost due to saved bandwidth.

For rich reporting and drill-down capabilities, Barracuda NextGen Firewalls come with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, which is crucial to QoS optimization for business-critical applications. Furthermore, it lets admins adjust and refine corporate application use policies.

Personalized Application Control
On top of thousands of applications that are delivered out of the box and constantly updated, Barracuda NextGen Firewalls provide a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization’s specific needs.

Application-Based Provider Selection
The combination of next-generation security and adaptive WAN routing lets Barracuda NextGen Firewalls dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories, and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

Deep Application Context
The deep application context analysis allows for a more thorough inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means, administrators can gain detailed insight into what a specific application was used for, or if a user was trying to circumvent the corporate application usage policy.

Application Risk and Usage Report
User Identity Awareness & Control

Barracuda NextGen Firewalls support the authentication of users and enforcement of user-aware firewall rules, web filter settings, and application control by seamlessly integrating with Microsoft Active Directory.

  • Microsoft and Citrix terminal service environments
  • Microsoft Active Directory
  • NTLM
  • RADIUS
  • RSA SecurID
  • LDAP/LDAPS
  • TACACS+
  • and more...

Application Risk and Usage Report
The Application Usage and Risk Report is a predefined report in the Barracuda Report Creator tool providing automated reports and risk analysis based on the network traffic that is traversing the network. It provides an overview on how effective the currently deployed technologies are in detecting and enforcing the corporate application usage policies and recommends what should be taken into account when redefining these policies. The report creation can be started manually (on-demand) or scheduled (including automated email distribution). And - of course - this report is fully customizable to comply with possible branding requirements.

Central Management across the IoT

To centralize management across an IoT network and organization networks, the Barracuda NextGen Control Center lets administrators manage and configure security, content, traffic management, and network access policies from a single interface. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NextGen Control Center helps significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateway. Software patches and version upgrades are centrally controlled from within the management console, and deployment can be applied to all managed devices.

Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

Simplifying Machine-to-Machine Connectivity

Scalable Deployment


Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 systems in place results in five hours per day – just to manage the existing system.

With the Barracuda NextGen Control Center, managing multiple SACs takes the same amount of time as managing one.

  • Create pre-configured templates for easy rollout.
  • Have all information of the enterprise security deployment available in real time.
  • Create reports for either one or all S-Series compounds.

Lifecycle Management
Scalable Barracuda NextGen Firewall S-Series offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up-to-date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Barracuda NextGen Firewall FAQ:

What is a Next Generation Firewall?

Next generation firewalls are the successors of traditional firewall and unified threat management (UTM) devices. Traditional firewalls generally perform packet forwarding and blocking functions and often incorporate packet inspection techniques. UTM devices usually add content security functions but typically fail to tightly integrate those functions tightly with network management, network access and WAN connectivity capabilities of enterprise-class firewalls.

To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application profiling and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).

Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda NextGen Firewall is the most advanced next generation firewall on the market today.

What is a Network Security Gateway?

Network security gateways are the successors of traditional firewalls, unified threat management (UTM) devices, and the latest cycle of "next-generation" firewalls. Traditional firewalls forward packets and block functions often employing packet inspection. UTM devices usually add content security functions. Next-generation firewalls add detection and control of social media and Web 2.0 applications, but typically fail to integrate these functions tightly with link management, WAN management, and SSL VPN remote connectivity.

In comparison, the Barracuda NextGen Firewall, the first true network security gateway, starts by integrating an advanced network firewall with Layer 7 application recognition and user awareness, content security, malware protection, plus IPS in a suite of security technologies. It tightly integrates these features with intelligent network link aggregation and traffic management, VPN WAN management, and optimization for seamless remote office integration and SSL VPN for remote client security. As a network security gateway, the Barracuda NextGen Firewall weaves a seamless fabric of security, performance optimization, high-availability, and centralized management into network infrastructures while simplifying network architecture.

Why do I need a Next Generation Firewall?

As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda NextGen firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.

What are the major capabilities of the Barracuda NextGen Firewall?

The Barracuda NextGen Firewall is a next generation firewall and VPN that provides:

  • Integrated content security and network access control
  • Optimization of intelligent traffic flow across the WAN
  • Industry-leading centralized management capabilities

What are the differences among the F-Series, S Series and X-Series firewalls?

The Barracuda NextGen Firewall F-Series is designed for network engineers who manage distributed enterprise environments. It provides all the security functionality one expects from an enterprise next-generation firewall, including application detection and prioritization, IPS, malware protection, URL filter and even DDOS protection. Furthermore, its powerful traffic optimization features, extremely resilient site-to-site connectivity capabilities, and extensive logging and auditing tools make the F-series an ideal fit for organizations that need to efficiently manage and scale massive firewall deployments.

The Barracuda NextGen Firewall S-Series provides remote connectivity in an affordable and easy to deploy solution. It is designed from the ground up to support Internet of Things initiatives where thousands of remote devices need to be connected to a headquarters or data center. The SC appliances are managed via a NextGen Control Center, and security features like IPS, application detection etc. are provided at the Secure Access Concentrator where the VPN for each SC appliance terminates.

The Barracuda NextGen Firewall X-Series is ideal for small to medium-sized organizations looking for a simple, yet powerful next-generation firewall that provides IPS, application detection, URL filter, malware protection and some basic email security. Designed for the resource-constrained IT professional, the X-Series’ intuitive web interface has a low learning curve while providing and easy-to-use management interface.

How do I know if I should get the X-Series, F-Series or S-Series?

If you only have a few locations to manage (e.g., between one and three) and are looking for a firewall that is application aware and easy to use with a Web UI, then the X-Series firewall is ideal for you.

If you have a lot of remote locations to manage, secure and connect (e.g., more than three) and need a solution to seamlessly manage, protect and optimize your network, the F-Series firewall is right for you.

If you have to securely connect large numbers of devices to backhaul traffic to your HQ or data center, want to centrally administer the deployment and stay scalable, then the S-Series is the perfect choice for you.

Can I centrally manage multiple firewalls from one place?

Yes, all the Barracuda NextGen Firewall Series—X, F, and S—can be centrally managed from a single pane of glass. The F and S-Series utilize the Barracuda NextGen Control Center to manage massive firewall deployments. The NextGen Control Center is available in physical, virtual and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, which is the same web-based portal that IT administrators use to control their other Barracuda products.

What is the difference in terms of deployment between the F, S and X-Series firewalls?

The Barracuda NextGen Firewall F-Series can easily be deployed as "standalone" and provides great value this way, but its full potential and cost savings is unleashed when it’s centrally managed using a NextGen Control Center.

The S-Series firewall cannot be deployed as standalone, but needs one or multiple Secure Access Concentrators for VPN tunnel termination and a NextGen Control Center for central management. The Web UI on the SC appliances is only intended for initial setup.

The Barracuda NextGen Firewall X-Series is designed to be used as standalone, and can optionally (at no extra charge) be connected to the Barracuda Cloud Control portal for convenient remote management.

What level of support can I expect to receive from Barracuda?

Regardless of whether you’re using the X-Series, F-Series or S-Series firewalls, you can expect the same level of award-winning support from Barracuda’s expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you will always speak to an in-region technician who is ready to help.

Does the Barracuda NextGen Firewall help my organization troubleshoot network problems?

All Barracuda NG Control Center and Barracuda NextGen Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.

What is included in the Energize Updates subscription for the Barracuda NextGen Firewall?

Energize Updates from Barracuda Central deliver updates on the extensive library of definitions for intrusion prevention and Layer 7 application profiling. In addition, Energize Updates subscriptions also provide access to Basic Support, Firmware Maintenance and optional participation in the Barracuda Early Release Firmware program

What if I have more questions about the Barracuda NextGen Firewall?

For additional assistance or for a product demonstration of the Barracuda NextGen Firewall, please contact us.

Pricing Notes:

Barracuda NextGen Firewall S-Series
Barracuda Secure Access Concentrator VFAC820
Note: The purchase of at least 1 Year of Energize Updates is required
#BNCVFAC820a
List Price: $11,999.00
Our Price: $11,399.00
Barracuda Networks Energize Updates for SAC820
1 Year Energize Updates
#BNCVFAC820a-E1
List Price: $2,199.00
Our Price: $2,089.05
3 Year Energize Updates
#BNCVFAC820a-E3
List Price: $5,599.00
Our Price: $5,319.05
5 Year Energize Updates
#BNCVFAC820a-E5
List Price: $8,799.00
Our Price: $8,359.05
Barracuda Networks Malware Protection
1 Year Malware Protection
#BNCVFAC820a-M1
List Price: $1,699.00
Our Price: $1,614.05
3 Year Malware Protection
#BNCVFAC820a-M3
List Price: $4,349.00
Our Price: $4,131.55
5 Year Malware Protection
#BNCVFAC820a-M5
List Price: $6,799.00
Our Price: $6,459.05
Barracuda Networks Advanced Threat Detection
1 Year Advanced Threat Detection
#BNCVFAC820a-A1
List Price: $2,399.00
Our Price: $2,279.05
3 Year Advanced Threat Detection
#BNCVFAC820a-A3
List Price: $6,099.00
Our Price: $5,794.05
5 Year Advanced Threat Detection
#BNCVFAC820a-A5
List Price: $9,599.00
Our Price: $9,119.05
Barracuda Networks Premium Support for SAC820
1 Year Premium Support
#BNCVFAC820a-P1
List Price: $2,749.00
Our Price: $2,611.55
3 Year Premium Support
#BNCVFAC820a-P3
List Price: $6,999.00
Our Price: $6,649.05
5 Year Premium Support
#BNCVFAC820a-P5
List Price: $10,999.00
Our Price: $10,449.05