Barracuda CloudGen Firewall

Protect & optimize your network

Security

While traditional solutions usually detect network threats after they have breached the network by sending log notifications to the administrator, Barracuda Advanced Threat Protection (ATP) implements full system emulation, providing deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.

  • Malware Protection - The Malware Protection built into Barracuda CloudGen Firewall shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Barracuda Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda Malware Protection covers viruses, worms, Trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.
  • Intrusion Detection and Prevention - The Intrusion Detection and Prevention System (IDS/IPS) of Barracuda CloudGen Firewall strongly enhances network protection by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks.
  • Botnet and Spyware Protection - Botnet and Spyware Protection guards against botnet infections by blocking access to malicious sites and servers, and detects potentially infected clients based on DNS Sinkholing technology. DNS Sinkholing blocks clients from accessing malicious domains by monitoring outbound DNS requests passing through the firewall. DNS requests to malicious domains are redirected to an internal sinkhole, thereby preventing data exfiltration and identifying the victim. Once an infected client is detected, it can be isolated automatically. An alert can also be created or reported by Barracuda Firewall Report Creator.
  • Advanced Threat Protection (ATP) - Barracuda ATP offers Administrators granular, file-type-based control including automatic quarantine and block-listing features to maintain the highest level of protection for an organization’s network.

Connectivity and SD-WAN

  • Azure Virtual WAN - With Azure Virtual WAN, Microsoft and Barracuda CloudGen Firewall automate the process of building secure, high-performance branch-to-branch and branch-to-cloud networks. Support for Azure Virtual WAN fully automates the creation of company-wide secure WANs using Azure’s high-performance fiber backbone. Every Barracuda CloudGen Firewall supports Azure vWAN, and Barracuda Firewall Control Center provides central orchestration, management, and maintenance.
  • Site-to-Site Connectivity - Create highly reliable and secure site-to-site connections between on-premises firewalls (both hardware and virtual appliances). Site-to-site connectivity also includes public cloud offerings like Amazon Web Services and Microsoft Azure. But it is not just about maintaining static site-to-site VPN tunnels. Having a hub-and-spoke VPN setup allows you to create tunnels automatically and on-demand between connected nodes in order to avoid the hub turning into a bottleneck. You thereby ensure low latency connections for VoIP applications, for example. As soon as the connection is no longer required, the VPN tunnel is automatically closed again. Administrators naturally have full real-time visibility into the dynamic mesh VPN setup.
  • Secure SD-WAN - Barracuda CloudGen Firewall combines a comprehensive set of advanced security features with capabilities that support the Software-Defined Wide-Area Network (SD-WAN). SD-WAN capabilities allow CloudGen Firewalls to create secure pathways across both multiple WAN connections and multiple carriers, without the involvement of typical high-management overhead. Advanced load sharing lets you use multiple WAN connections simultaneously and distribute encrypted VPN tunnels across multiple WAN connections. Built-in compression, caching, and WAN optimization technologies significantly increase your available bandwidth. These capabilities reduce your need for expensive leased lines, consolidate multiple security functions into a single device, and create a unified management framework — all of which results in significant cost savings for your organization.
  • Adaptive Bandwidth Protection - If Dynamic Bandwidth & Latency Detection indicates the measured bandwidth of an uplink is not sufficient to sustain the minimally required business critical traffic (e.g., VoIP), Barracuda CloudGen Firewall automatically shifts sessions for non-business critical traffic to secondary links to free up bandwidth for critical traffic.

Intelligent Network Perimeters

  • Web Filtering - The Web Security Gateway option of the CloudGen Firewall enables highly granular, real-time visibility into online activity broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.
  • File Content Enforcement - Barracuda CloudGen Firewall includes true file-type detection and enforcement capabilities based not only on extension and MIME type, but also on sophisticated true file-type detection algorithms. Bypassing executable files by renaming or compressing is detected and blocked. In addition to blocking / allowing connections, the CloudGen Firewall also lets admins change download priorities. If, for example, an ISO image started downloading with normal web traffic priority, the admin can increase or decrease the assigned bandwidth, even though the user started downloading via a regular web-browsing session.
  • Application Control - Barracuda CloudGen Firewall combines Deep Packet Inspection (DPI) and behavioral traffic analysis to reliably detect and classify thousands of applications and sub-applications, regardless of advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic policies and facilitates establishing and enforcing access and use policies for users and groups by application, application category, location, and time of day.

Remote Access

  • Network Access Control - Barracuda Network Access Client, when used with Barracuda CloudGen Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda CloudGen Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Ba
  • Secure Remote Access - Barracuda CloudGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every CloudGen Firewall unit supports an unlimited number of VPN clients at no extra cost.
  • BYOD (Bring Your Own Device) - The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss.

Reporting

  • Cross vendor visibility with Tufin SecureTrack - Barracuda CloudGen Firewall allows leveraging Tufin SecureTrack to view, search and track changes in the corporate security infrastructure, and detect misconfigurations, such as rule permissiveness, shadowing, and more. This vendor-agnostic management platform gives the visibility and control needed to ensure seamless protection, availability of applications and data, and excellent user experience in heterogeneous, multi-vendor, and multi-platform infrastructures.
  • Firewall Report Creator - Barracuda Firewall Report Creator is a standalone application recommended for reporting on a single appliance or up to few dozen appliances of Barracuda CloudGen Firewall. This free tool creates customized reports using statistics and logs collected directly from the deployed firewalls.
  • Real Time Reporting - For on-the-fly reporting and drill-down capabilities, Barracuda CloudGen Firewall comes with real-time and historical application visibility that show live and recent application traffic on the corporate network. These can be interactively filtered and drilled down for more details. This helps admins to decide which application connections should be given bandwidth prioritization and who is currently violating acceptable use policies.