Call a Specialist Today! 800-878-6893

Barracuda Security Suite
Best-of-Breed Security in an Integrated Platform

Barracuda Security Suite

This product is no longer available

Click here to jump to more pricing!

Barracuda Security Suite Overview:

Today's businesses need a method to secure their network from multiple threat vectors without compromising features or performance. The Barracuda Security Suite offers a new way to provide integrated security using best-of-breed components, at an affordable price.

Secure Multiple Threat Vectors without Performance Compromises

Have you secured all your threat vectors? Hackers look for any point of entry into your network. Each one of these entry points is a threat vector that needs to be secured from attacks. Leaving even one threat vector unprotected puts your entire network and data at risk. Barracuda Security Suite protects three of the most vulnerable threat vectors without performance compromises.

The Barracuda Security Suite includes three best-of-breed network security solutions in one integrated platform to create a strong security posture against current and future threats.

  • Barracuda Firewall: Provides next-generation app control at a granular level, enabling administrators to grant permissions and regulate app usage to prevent network intrusions.
  • Barracuda Web Filter: Provides content filtering and malware, virus and spyware protection, blocking website exposure for increased productivity.
  • Barracuda Spam Firewall: Provides inbound and outbound email filtering to prevent email-borne threats and data leaks.

Barracuda Security Suite Deployment

The Barracuda Advantage

  • Preconfigured for quick deployment
  • Simple and intuitive web-based administration
  • Barracuda Real-Time Protection
  • Simple pricing with no per-user or per-feature license fees
  • Backed by our live 24x7 customer support experts

Product Spotlight

  • Integrated network security platform
    – Barracuda Firewall
    – Barracuda Web Filter
    – Barracuda Spam Firewall
  • Next-generation perimeter security
  • Industry-leading spam and virus defense
  • Optimize multiple WAN links
Best-of-breed Products

Best-of-breed Products

The Barracuda Security Suite includes comprehensive network, content, and email security solutions, easily managed from a single pane of glass. These best-of-breed components provide full-featured security functionality without any limitations or restrictions.

Integrated Platform

Integrated Platform

The Barracuda Security Suite is an integrated platform providing seamless functionality and management. It is preconfigured for ease of deployment and use.

Secure All Your Threat Vectors

Secure All Your Threat Vectors

The Barracuda Security Suite defends against attacks using Barracuda Real-Time Protection providing comprehensive updates to protect your network from zero-hour vulnerabilities.


Deliver Powerful Protection of Next Generation Firewalls
Deliver Powerful Protection of Next Generation Firewalls

Barracuda Firewall provides comprehensive real-time network protection against a broad range of vulnerabilities including intrusions, malware, and advanced persistent threats. Firewalls are required to provide deep-packet inspection so organizations can enforce granular policies for network optimization such as traffic prioritization that can be set to ensure that latency-sensitive or business-critical applications are always given priority.

Safeguard Users with Comprehensive Web Security

Safeguard Users with Comprehensive Web Security

The ubiquity of the web and its ability to deliver such a broad range of content also introduces significant challenges for organizations. Barracuda Security Suite can help by controlling access to websites, applications, and Web 2.0 platforms based on users, groups, time, bandwidth, and other criteria. For those looking to maintain productivity and ensure that working environments are not compromised by inappropriate Internet use, Barracuda solutions increase productivity, regulate bandwidth usage, and prevent risky behavior by enforcing granular policies on user activities.

Secures against Data Leaks and Email-Borne ThreatsSecures against Data Leaks and Email-Borne Threats

Only one out of 10 emails received is legitimate. Today’s email-borne malware poses the greatest threat to your network. As virus attacks become more sophisticated and complex, the potential for the destruction and release of information severely impacts productivity and can lead to financial loss. The Barracuda Security Suite scrutinizes all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. As a complete email security solution, organizations can encrypt messages and leverage the cloud to spool email if mail servers become unavailable. As a result, your network is protected from potential harm increasingly common in the outside world.

Never Worry About Upgrades Again

Never Worry About Upgrades Again

With the Barracuda Security Suite, there’s no need to budget for upgrades as the product is automatically enrolled in the Barracuda Hardware Refresh Program where we provide a new physical appliance every four years—no need for customers to upgrade every 4-6 years due to changing technology.


Best-of-Breed Products

Barracuda Security Suite enables you to protect your organization’s network, web, and email threat vectors with three best-of-breed products: Barracuda Firewall, Barracuda Spam Firewall and Barracuda Web Filter. Barracuda Security Suite includes these products in a pre-packaged, pre-configured solution. These best-of-breed components provide full-featured security functionality—no limitations or restrictions.

Integrated Platform

The Barracuda Security Suite provides these products in an integrated platform. All the products are pre-configured to work together. Barracuda Security Suite includes pre-configured network zones consisting of LAN, WAN and DMZ. Traffic from the LAN can be routed to the Internet either directly or through the web filter.

Application Visibility and Control

The Barracuda Security Suite analyzes network traffic up to Layer 7, leveraging advanced fingerprints to identify applications and content traffic. Based on the fingerprints, a flexible set of actions, including allowing, blocking, resetting, and redirecting connection attempts and traffic, can be defined. A library of hundreds of applications is currently fingerprinted. Furthermore, granular policies can be set for specific application features (e.g., limiting audio calls on Skype). These fingerprints are dynamically updated so that security policies and signatures remain up-to-date.

Intrusion Detection and Prevention (IPS)

The Barracuda Security Suite Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against thousands of network-based threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases to prevent network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda Security Suite is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

The IPS can also be used in combination with SSL Inspection.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda Security Suite is constantly up-to-date.

Quality of Service (QoS) and Traffic Prioritization

Granular QoS settings enable an organization to set bandwidth policies for applications, services, and users. In addition, traffic prioritization can be set to ensure that latency-sensitive or business-critical applications are always given priority. Pre-built policies enable organizations to immediately begin implementing one of eight pre-defined bandwidth policies. Pre-defined policies can easily be customized to individual customer needs.

Full User Identity Awareness

The Barracuda Security Suite authenticates users with Active Directory, NTLM, LDAP/LDAPS, RADIUS, and x.509 digital certificates. User- and group-specific policies, including time-based access controls, are integrated into the firewall rules, making it easy for administrators to customize network access, application usage, and bandwidth allocation for specific users and groups.

User Identity Awareness includes connections via Microsoft Terminal Servers.

One Stop for Firewall Rules

The intuitive interface is designed so that a single configuration encompasses every component of a firewall rule. This includes link balancing and QoS configurations necessary to ensure uptime and full control of network traffic. A drag-and-drop interface enables quick-and-easy prioritization of rules.

Link Optimization and Failover

To ensure the best and most cost-efficient connectivity, the Barracuda Security Suite provides a wide range of built-in uplink options including unlimited leased lines, up to six DHCP lines, four xDSL lines, two ISDN lines, and one UMTS line. Administrators can bond multiple low-cost WAN links such as DSL lines to increase bandwidth at reduced costs. Further, by eliminating the need to purchase additional devices for uplink balancing, security-conscious customers will have access to a WAN connection, even if one or two of the existing WAN uplinks are severed.

Inbound Link Balancing

The Barracuda Security Suite performs inbound link balancing by distributing inbound traffic across multiple links, leveraging its authoritative DNS services. This ensures that the Authoritative DNS server always provides the IP address of the best link when responding to DNS queries.


The Barracuda Security Suite provides VPN capabilities that can be used from within a web browser. Unlike a traditional client-to-site VPN, SSL VPN does not require the installation of client software on the end user's computer. Use SSL VPN to grant remote users access to web applications, client and server applications, as well as internal network resources like Outlook Web Access, SMB, RDP, Telnet, SSH, SMTP, POP3, VNC, IMAP4, webDAV, and HTTP and HTTPS web forwards.

Client-to-Site VPN

The Barracuda Security Suite provides support for a suite of protocols to connect remote employees. The appliance supports IPsec-based VPN, PPTP, and the Barracuda Network Access VPN client. The VPN tunnel can be authenticated using a comprehensive set of mechanisms including NTLM, RADIUS, LDAP/LDAPS, Active Directory, and Local Authentication. Barracuda Networks provides VPN clients for Windows, Mac OS X, Linux, and Debian—downloadable right from the user interface.

Site-to-Site Connectivity

IPsec VPNs ensure secure connectivity to other remote sites or a centralized office. Barracuda includes unlimited site-to-site licenses to connect as many sites as needed to the Barracuda Security Suite.

Content Filtering

The Barracuda Security Suite provides flexible controls for pinpoint regulation of online activity. Administrators can create policies that control user access to 99.7 percent of commonly visited websites using 95 content categories including pornography, violence, hacking, sports, news, dating, shopping, chat, and more. Content filtering policies can be customized to restrict specific websites or look for patterns in web addresses.

The Barracuda Security Suite's image/multimedia safe search feature prevents search engines such as Google, Yahoo, and MSN from displaying objectionable thumbnail images in search results. Administrators can also create policies that control web-file downloads based on file type.

Spyware and Virus Protection

The Barracuda Security Suite uses a continually updated database to identify and block access to sites known to host spyware and viruses. It also detects installed spyware trying to access the Internet. Upon discovery, it blocks the spyware activity and notifies the administrator. By using dual-layer virus blocking, decompressing archives, and blocking file types, the antivirus engine in the Barracuda Security Suite protects networks from aggressive viruses.

Spyware/Malware Removal

Not only does the Barracuda Security Suite prevent the potential download of malware onto the network, it can also remove it if it has been downloaded onto a computer on the network.

The Barracuda Malware Removal Tool performs a comprehensive scan of computers for any traces of spyware or other malware. This thorough scan quickly identifies potential threats residing on a computer and provides the option for removal of those that have been found.

Web 2.0 and Social-Media Regulation

The Barracuda Security Suite provides granular control over Web 2.0 sites and web applications, including social media platforms. Scanning and inspecting SSL-encrypted traffic for specific categories and domains enable granular policy enforcement. Administrators can also configure the Barracuda Security Suite to monitor and archive outbound web application communications like Facebook posts, tweets, and web-based email to a message archiving solution, such as the Barracuda Message Archiver. These messages can be indexed and then mined for forensic analysis. Suspicious activity alerts can also be generated using predefined or customized categories.

SSL Inspection

Organizations can control online content normally hidden by SSL. This includes content found in social-media platforms, web-based email, and search engines. Administrators can specify domains and URL categories for which SSL-encrypted traffic will be decrypted and scanned for malware and policy. Not only can organizations restrict entire platforms, it’s now possible to enforce granular access for secure websites (e.g., YouTube for Schools).

Comprehensive Reporting

To budget computing resources and ensure adherence to corporate policies, IT and HR administrators often require detailed information about how Internet users in the network are spending time online. In addition to its powerful web filtering and malware protection capabilities, the Barracuda Security Suite allows administrators to generate more than 60 different reports on Internet activity.

Interactive reports with multiple layers of drill-down capability can be generated on users’ web browsing activity, by domains and content categories, by time spent online, and/or by bandwidth consumption.

The Barracuda Web Security Agent

The Barracuda Web Security Agent (WSA) is a tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces. The Barracuda WSA supports both Windows and Mac OS X.

The Barracuda Safe Browser

The Barracuda Safe Browser is a full-featured web browser that enforces compliance with the policies configured on the Barracuda Security Suite.

Spam Protection

The Barracuda Security Suite leverages Barracuda Central to identify email from known spammers and determine whether domains embedded in email lead to known spam or malware domains. It leverages many of the same industry-leading techniques found in the Barracuda Spam Firewall that protect against attempts to embed text inside images with the intent of hiding content from traditional spam filters.

Virus Protection

As virus attacks become more sophisticated and complex, email infrastructure requires advanced virus protection. The potential for the destruction and release of information, or the disruption of a network severely impacts productivity and can lead to financial loss.

The Barracuda Security Suite scans email and incoming files using three powerful layers of virus scanning technology. It also decompresses archives for complete protection. Powerful virus definitions are automatically updated via Energize Updates to maintain the most up-to-date protection against email-borne viruses.

To provide protection from tainted internal email, a Microsoft Exchange Plug-In allows organizations to protect against the spread of viruses that don’t access the email gateway. The virus definitions are also regularly updated to ensure the latest protection.

Denial of Service (DoS) Attack Protection

Not every attack is focused on planting a virus or on getting users to send their credit card number or to click on a malicious link. Often, the objective of the attack is focused on disabling a network or mitigating its effectiveness. As a cloud-based service, the Barracuda Security Suite is positioned to stop spammers before they overload an email server.

Email Spooling

The Barracuda Security Suite ensures that email can still be delivered even during email server failures or loss of connectivity. In the event of on-premises disruptions, email can be spooled in the Cloud Protection Layer for up to 96 hours. An alternate destination can also be specified for delivery, if delivery to the primary destination fails.

During email server outages, the email for all mail servers is visible through the Cloud Protection Layer. From the message log, you can see the status of all spooled emails, and whether mail has been re-delivered.

Cloud Protection Layer

The Barracuda Security Suite is integrated with a cloud-based service that pre-filters email before delivery to the on-site Barracuda Spam Firewall. The Cloud Protection Layer is continuously updated with definitions in real time with updates from Barracuda Central. The elasticity of Barracuda’s global cloud infrastructure provides the flexibility to handle email surges during specific periods of the day and during Denial of Service attacks.

The Cloud Protection Layer ensures that an organization’s email security infrastructure scales with the increasing growth in email volume and attachment sizes, as well as the growth of companies. By leveraging the bandwidth and computing power of the CPL, organizations can easily scale their email security solution.


The Barracuda Security Suite offers a number of encryption features. It is fully integrated with a cloud-based email encryption service for outbound email. Email that matches policy or is marked for encryption via the Barracuda Outlook Add-in is securely sent via TLS to the Barracuda Message Center.

The Barracuda Message Center uses AES with 256-bit keys to encrypt email. To encrypt email traffic between sites over the Internet, the Barracuda Security Suite Message Transport Agent supports SMTP over TLS. This can be used between other email servers that support SMTP over TLS.

Outbound Filtering

Outbound filtering prevents organizations from being put on spam block lists and prevents sensitive data in email from leaving the organization. Employees can inadvertently cause internal systems to become a source for botnet spam. Using a subset of its defense layers, the Barracuda Security Suite’s outbound filtering stops outbound spam and viruses. It also lets administrators enforce content policies for data loss prevention (DLP) and meet other content standards in outgoing email. Predefined filters and custom policies can be used to detect sensitive data and block or encrypt email.


Model IS300
Users 100 - 300
Domains 250
Active Web TCP Connections 2,000 - 5,000
Firewall Throughput 1,500 Mbps
Concurrent Sessions 120,000
Form Factor 1U Rackmount Chassis
Copper Ethernet NICs 8 x Gbe Copper Ports
Dimensions (WxDxH; in) 16.8 x 15.9 x 1.7
Weight (lbs) 11.3
Power Supply Single, Internal
Web 2.0 Application Control
Intrusion Protection
IPsec VPN (Client-to-Site)
IPsec VPN (Site-to-Site)
DHCP Server
Outbound Email Filtering
Email Encryption
Cloud Protection Layer
Uplink Balancing
Traffic Shaping
High Availability
SSL Inspection
Content Filtering
Advanced Policy Creation
Network Threat Protection
Spyware Removal
Summary Reports
Roles-Based Administration
Centrally Manageable via Barracuda 
Syslog Support 
Ethernet Bypass Hardware
MS Exchange/LDAP Accelerator
Per User Settings and Quarantine


Web Filter

Spam Firewall

Security Suite

Perimeter Security
Perimeter Security

  • Stateful packet forwarding
  • Intrusion Prevention (IPS)
  • Application enforcement (including subtypes)
  • DoS/DDoS denial of service protection
  • NAT, PAT
  • Object-oriented rule sets
  • Dynamic rules/timer triggers
  • User/group based firewall rules
  • ARP security
  • Bridging
  • Virtual rule test environment
  • Jumbo frame support

Traffic Optimization

  • Uplink monitoring and aggregation
  • Policy routing
  • Traffic shaping and QoS


  • Unlimited site-to-site VPN licensing
  • Unlimited client-to-site VPN licensing
  • iOS and Android mobile device VPN support

Web Filtering
Web Filtering

  • Content Filtering
  • HTTP/HTTPS support
  • URL filtering by category
  • Image safe search
  • YouTube for Schools support
  • Anonymous proxy detection
  • SSL Inspection

Social Media Control
Social Media Control

  • Web 2.0 application control

Remote Filtering
Remote Filtering

  • Web Security Agent (Windows, Mac OS X)
  • Barracuda Safe Browser (iOS-based devices)

Email Filtering
Email Filtering

  • Spam and virus filtering
  • Prevents spoofing, phishing, and malware
  • Denial of Service (DoS/DDoS) protection
  • Outbound email filtering

DLP & Reputation Loss
DLP & Reputation Loss

  • Maintain compliance
  • Prevents reputation loss and blacklisting

Spam Filter
Spam Filter

  • Rate control
  • IP reputation analysis
  • Fingerprint and image analysis

Virus Filter
Virus Filter

  • Triple-layer virus blocking
  • Integrated Exchange AV Agent

Barracuda Energize Updates
Barracuda Energize Updates

  • Standard technical support
  • Firmware and capability updates as required
  • Automatic virus & spyware definition updates
  • Automatic content filter database updates

Instant Replacement Service
Instant Replacement Service

  • Replacement unit shipped next business day
  • 24x7 technical support
  • Hardware refresh every four years


  • Standard VGA
  • USB
  • 8 ports (3 WAN, 1 DMZ and 4 LAN)

Front Panel Indicators
Front Panel Indicators

  • Power indicator
  • Disk activity indicator
  • Power button
  • Reset button


Barracuda Security Suite Ports and Internal Network

This diagram illustrates the virtual network in the Barracuda Security Suite interconnecting the web interface with the Barracuda virtual appliances. Ensure that the virtual appliance internal IP addresses do not conflict with other devices in your internal network. The diagram also illustrates how the physical ports are connected to the virtual appliances. Most of the ports are connected to just the Barracuda Firewall Vx. LAN4 is connected to the Barracuda Web Filter Vx. The MGMT port is connected to the Barracuda Security Suite web interface.

Barracuda Security Suite Ports and Internal Network

Barracuda Security Suite Deployment

Barracuda Security Suite Deployment

  1. Connect the WAN1 portto a DHCP enabled switch or router connected to the Internet. The Barracuda Security Suite should automatically obtain the uplink WAN IP address.
  2. You can also statically assign WAN IP address from within the Barracuda Firewall Vx and bind the static WAN IP address to port WAN2.
  3. LAN1 handles traffic coming directly from the Barracuda Firewall Vx and carries any email traffic from the Barracuda Spam Firewall Vx destined for your email server. It also carries any general network traffic. LAN1 traffic bypasses the Barracuda Web Filter Vx.
  4. LAN4 handles traffic coming directly from the Barracuda Security Suite Web Filter. The filtered traffic is forwarded to web clients (http or https) on the internal network.


Download the Barracuda Security Suite Datasheet (.PDF)

Pricing Notes: