Barracuda CloudGen Firewall Reviews

Barracuda X200 is the edge of our home system for VPN traffic. It provides IPsec to two other sites, including remote VPN access for users who are off the network.

• Inbound and outbound traffic analysis
• Rule creation wizard
• GUI portal
• Quality online support

The unit seems to be handling our 150MB pipe okay, but logger refresh leaves a bit to be desired.

A rule for email announcements, when configured hits occur, would be a great improvement for a more efficient experience.

We replaced an underperforming, continually locking Cisco RV130 unit. However, the two are not an "apples to apples" comparison.

Much quicker deployment, ease of troubleshooting and better cost compared to our previous solution.

• Ease of use and troubleshooting.
• Very easy to quickly identify issues and resolve them.
• Add-on features such as Virus Scanning, ATP, and web filtering - These features add another level of protection and block malware before it gets to the end user. 
• Single device, multiple functions - I do not need to purchase a web application firewall, a proxy server, a VPN device and so many others because these are all built in to this one device.
• TINA (Transport Independent Network Architecture) VPN features - Allows automatic VPN configuration with little or no input from the tech. Drag and drop lines between Barracuda units and the VPN is automatically built.

Can be underpowered if you choose to use all available add-on features. Just be careful when sizing your unit. Make sure you take into account what features you will be turning on, and work with your sales rep to get the model that can handle that load.

No stability issues.

No scalability issues.

I would rate the technical support nine out of 10.

This product was much easier to deploy, manage and troubleshoot than my previous solution.

Straightforward, very intuitive.

Pricing is good. Licensing is pretty much automatic if using Control Center.

Cisco and Fortinet.

I rate it a nine out of 10 due to its ease of installation, great technical support, very intuitive user interface, and numerous features.

Go through the training course.

We use it for priority level security, to manage single sign-on applications and user base policy from a single firewall device. We use it for SSL inspection, for SSL site-to-site, for point-to-site, and for user base policy allocation.

I'm a network and cyber security consultant. This is not only for my offices, I have deployed it for many large enterprises where customers are remotely accessing their applications. We can define user application-level access, so our customers can work anytime from anywhere.

Live monitoring of what is happening inside and with the interfaces, either ingress or egress - this is a good feature of the device.

Secondly, most people use enterprise applications remotely, and there is no license for SSL VPN, or in other words point-to-site. There is no limit. On other devices there is a specific limit and you have to pay per use for SSL VPN.

Single sign-on is also good. If you are accessing your corporate firewall from your home, during that time there is an integration with the AD. You can use your AD's password to access your SSL VPN. It's not like if you buy a traditional SSL VPN. You have to define a specific password for your remote client application but there is no requirement of defining a specific password - which you would have to request from your admin - or to buy a token which can generate a password for your integration. You can directly integrate with your AD. If you change your password on the AD side, your client-to-VPN password also gets changed. You can integrate all your passwords from a single console. The admin doesn't has to change your password, it's a single sign-on.

It's a little bit complex in terms of handling. If you implement a change, there is a specific point where you have to commit it. It's not like you just push a button and it's always committed. If you don't know to check whether your commit command has been executed or not... that is something Barracuda needs to work on.

Secondly, when you do any commit, it locks your next access. If you are making a change to the device, from the security standpoint it's fine, but from the admin side it's not good. When you make changes, after each and every one it becomes locked.

It's really a good and stable product. I have worked with multiple firewall products and I can say that this is really very robust, good hardware. It's also good on the cloud side. I have deployed it on both sides, either on the public cloud or a virtual space, or a physical environment.

No scalability issues at all. When you buy this product it gives you multiple options: What can the maximum number of employees be, what can the number of concurrent users be. It's really good, there is no problem with the usability.

One of the most important parts is that there is auto-upgrade of the hardware every fourth year.

I would say technical support is lacking. They don't have strong technical support; their abilities are not so good. The support is not fabulous, it's okay. They need to improve their support.

I have used Cisco, Fortinet, Check Point, Palo Alto, Sophos Cyberoam, Dell SonicWall, and Juniper (both SRX and NetScreen).

One of the reasons I switched to Barracuda is that I was looking for real-time monitoring and Barracuda is good for that.

Secondly, SD-WAN. The first time I used this a question which occurred to me was regarding software-defined WAN technology. I wanted to go to a software-defined WAN and Barracuda have a specific protocol called TINA (Transport Independent Network Architecture). You can create a master policy over the internet and it allows you to do Quality of Services on top of it. It's really helpful for me.

When I saw that this box comes with software-defined WAN technology, along with all the firewall options, the specific user-level deep monitoring and real-time monitoring, that made me more curious about it.

Initially, it's complex when no one is familiar with it. The first time you use it, it is a really complex solution.

We have spent a good amount of time to "get in" to this box.

Pricing and licensing are fine. It's worth the value because if I buy any other product, every four years I have to replace my hardware. But with Barracuda I get a free hardware upgrade. Today I'm using Xbox. After four years I can take another Xbox or a Ybox.

When I initially started using it I was just an end-user, a technical consultant. And one of my customers said to me, "I want these and these features." I searched a number of products with respect to the customer's requirements and we chose Barracuda. I then signed on to be an OEM partner with Barracuda, about four years ago.

It's good to go with Barracuda. If your work is only on the internet, you can go with this product. If you want to create your own MPLS network, or you are more focused on application performance over the internet, you can go with Barracuda.

I would not blindly say go with any given product because there are multiple factors to consider. For example, there is no license for SSL. When you have a greater number of remote users, and you don't know what kind of scalability you will need, that is another thing. If you have multiple offices, all inter-connected via the internet, you want a single management console through which you can manage all you firewalls. In that case, Barracuda could be a good option.

If you want to buy a product which can challenge the industry-recognized leaders, like Palo Alto or Check Point, you should consider this product.

I rated it at nine out of 10. It's not a 10 because of their training - it takes a long time to understand this product. Also, it locks after each and every change, which is problematic. Also, when you login from some sources, there is no feature which can log you out after a certain timeout.

We implement it for customers. We have some customers in Mexico who need that kind of technology. We sell that technology to them. Some of our customers have experience working with previous versions of Barracuda; they ask us to implement that kind of device. We have certification with Barracuda, we have certification with some other brands.

Barracuda has a very simple interface, very good security, all the features of the best firewalls in the market, but with a very friendly interface.

Something that we've seen that Barracuda, and some other brands also, have. When you program the firewall to detect certain kinds of attacks, Barracuda can detect that kind of attack and automatically insulate, or remove, or encapsulate the very specific IP, if it's internal. And if it's external it just blocks any kind of communication with that specific IP. If you want, Barracuda will warn the security team. If you allow, or release, that IP, it will continue communication. If not, it will block it forever, or until you release it.

Internally, we'll remove it until you release also, but we allow the IT team to review what is happening with that particular piece of equipment, a computer, a laptop, a server, any kind of device into which a "back door" can be opened or through which they're trying to get some information. Barracuda can help with that. That is one of the most important features we've seen with Barracuda.

I cannot mention the name, due to the NDA that we have signed with a financial company, a financial entity. But we implemented Barracuda with them. Right now they are monitoring all the information that their employees are managing. If an employee tries to get or move a file that is not permitted to them - for example if he wants to copy it to a USB - he will not have the right to do that, because Barracuda manages who has the right to copy, and what you copy to a USB. The USB is encrypted with a specific code from Barracuda and will only be decrypted into any other laptop in the company if they allow it to see it.

Even in the network, a feature of Windows is to see how you are sharing files. Barracuda can help you to monitor how you are moving files.

When you are sending information to an external email address, Barracuda can warn you when you are trying to access a private or personal email, or trying to upload information; it's not allowing you to do that. That was the biggest feature that that financial entity admired in Barracuda, among others.

Easy integration with some other systems like LDAP or Active Directory to manage other permissions and the division of external access and internal access.

The problem we found was with the issue of configuration. Our engineers are working with some other brands, they have knowledge of other brands. With Barracuda it's a matter of translating the comments. So maybe one company calls something a "black box" and with Barracuda they call "black" "dark." So it's a matter of getting to know it.

We had only one issue. But after we did the analysis and we escalated the issue with the Barracuda service desk, the issue was shown to be coming from a failure in a RAM memory card in the Barracuda. That issue was detected by technical support. They sent a replacement, it solved the issue, and we continued working.

No issues with scalability.

When we buy the device for the customer, we buy the Enhanced Support, the extended support contract, 24/7 support. When we write in with issues we get very quick answers from technical support. The communication with their engineers is very fluid.

We had a couple of sessions at one point; the engineer working with us never put down the phone. When her work hours were supposed to end, we changed to another engineer, but not immediately. The first one didn't say goodbye immediately. She stayed behind for 30 minutes to explain and transfer the case to the other engineer and we completed the test with the other engineer. He detected the failure and created the RMA to change the problematic piece and that was it.

We are not entirely switching to Barracuda. We want to, but we are not because before we started selling Barracuda we had invested in other brands and, obviously, in the accounting and in reality, we need to complete using them. But yes, we are thinking of moving to Barracuda after we have had it for three years. We want to show our customers that we are using the technology we are selling.

The firewall we are using in our company is Palo Alto, it's a very good firewall, a very robust firewall as well. But when we are doing the comparison with Barracuda we can see it's not the same. The biggest difference between the brands is pricing.

This is something that I have never specifically asked my technical team. The simple answer is that they have told me there is no problem. It's very easy. We only need to know the names of the commented bits, because there are some comments where the names are changing.

We compared Barracuda with Cisco. We compared Barracuda, at that time, with Fortinet. When we did the comparison we felt Cisco was another great product. But the difference in this case, what made Barracuda the winner, was the price, at that time.

We are an information technology service provider in telecommunications. We can supply any kind of device, for a datacenter, and contact centers, for our customers. We are using technology from Dell, HPE, Palo Alto, Barracuda, and some other brands to implement technology solutions for customers.

Our principal service is a managed service, information security services, or cyber security. We sell those services to different customers in Mexico. We are serving Central America and some other countries in Latin America.

I give Barracuda an eight out of 10 because they can still give more to the end-user. They still have things they can improve. They have very good features but I think they can improve some of those features and make it into a super service. Today, they are a good solution. It could be a super solution.

Regarding Barracuda, Google has been using that technology for a very long time. If a company like Google is using that technology...

Take the opportunity to get to know the device. You need to request a proof of concept, in the case that you are comparing it with another brand. That is the best way to show what Barracuda can do, completely. It's not the same as a simple server, or any other device.

If you only want to secure internet access, Barracuda will comply completely with all the features you require. But if you have public servers, and you are looking for more security options, etc., and don't want to spend a lot, Barracuda is what you are looking for. If you are a company that has no specific standard to follow, Barracuda is what you are looking for. It has very good hardware, it has very good software - or operating system - and they have very good features and good pricing. If you compare it with other brands, Barracuda is a very good solution.

My current company operates in the financial arena so we have to maintain our infrastructure according to leading security standards (PCI DSS and PA-DSS). These devices allow us to pass external and internal penetration tests by supporting all the recommendations of those standards.

At the moment, the most valuable features are Application Control (Layer 7 filtering) and IPS/IDS. For existing network architecture, we use Barracuda NG Firewall as a border firewall. We use it to control all in/out Internet traffic.

Sometimes we have a need for detailed reports. Barracuda NG Firewall does not have a reports module and uses a satellite application (Barracuda NG Firewall Report Creator). In some cases, this report is uncomfortable to use.

Yes, we have had stability issues, but we use Barracuda NG firewall in HA mode. Therefore, we did not have problems with availability of services. HA mode operates very well.

We have had no issues due to scalability.

On a scale from one to 10, my rating is an eight. Level 1 and 2 of their support are good, but if you want serious expertise (Level 3), there are some issues. This is related to my area, maybe it is different in some other areas.

I have personally used a lot of different solutions in my career (Cisco, Fortinet, Check Point, etc.). 

I switched to this solution for the first time due to group standards. After trying this solution, I liked it and it became one of my favorites. 

The setup is very intuitive for people with network technology knowledge. 

It is a product with a very transparent model of licensing. In the sense of hidden expenses, they do not exist with this model. 

We evaluated a lot of different options. We concluded that Barracuda NG Firewall provided the most features for an exemplary price. 

My advice is to try and evaluate it (Barracuda offers a trial period of one month). I think that a lot of people will be pleasantly surprised with its possibilities.

In the time we were using it:

• Intrusion Prevention System/Intrusion Detection System (IPS/IDS)
• Layer 7 filtering
• DDoS prevention
• HA
• Traffic management, among others.

During the testing time, the improvement was prominent as we stop unwanted outgoing traffic and were able to get real-time logs. This provided us with better bandwidth administration and usage.

If I compare it to other firewalls like Kerio Control, I would say that, probably, the GUI/Configuration Menu is something that could be more user friendly.

We used it for almost two months while we were researching firewall solutions and this was one option.

Not much, the problem was on our side because it was the first time with this kind of firewall (and brand), but the installation of the virtual appliance was really easy.

None, from the first day to the last, the firewall ran with no issues at all.

None at all as long as you have the money to pay for the licenses to scale the system.

Nil, here in Argentina, the distributor was limited to providing the price of the product. We had to resolve issues by doing our own research.

We didn´t use the technical support, however we watched, many times, the webinars that Barracuda gave.

At that time we were using pfSense, which is not bad at all, but we needed something more enterprise-class like, and Barracuda Networks gave that to us. The monitoring tools are great.

Compared with other Firewalls, yes, it was complex but that´s for two reasons,

1. The firewall has plenty of options to configure
2. Because we were not trained or used to this kind of firewall, the initial set-up was long

We installed this application on our own, and we didn't receive any advice on it. I can say that the Latin America team at Barracuda took some time to reply to our questions through email.

We were evaluating a lot of appliances/firewalls/UTM like,

• Sonicwall
• Checkpoint
• Bluecoat
• Kerio Control
• Cisco ASA
• Sophos Gateway (formerly Astaro Gateway)

There were also many others that I don´t remember now as well. We were looking for simplicity and effectiveness.

Try it before you buy. Barracuda gives the chance to try the hardware and the software before buying it so you can test all the things that you will need and use day-to-day. And if you can, take a seminar to get the most out of the devices. However we found the product a little harder to configure than others, and so it´s not a product for unskilled/inexperienced administrators. You will need training to get the best of this product.

• Firewall
• VPN protocol - TINA
• Antivirus
• URL filter
• Web filter

It is already a complete product.

We've used this product since 2012.

No issues encountered.

No issues encountered.

No issues encountered.

Support is really great as we are a a diamond partner.

I used Cisco ASA before, but the Barracuda NG Firewall is better.

It can be complex, but also straightforward.

We are a managed service provider. So we setup a lot of boxes, and the implementation depends how complex the clients' network is.

Since updating single boxes or large amounts of systems only requires a couple of mouse clicks, it allows us to keep the firewalls up to date, both for firmware and on fixes, in demanding locations around the globe. This process is such that we trust it to handle nearly impossible to reach systems too.

The real difference is the fact that it truly scales, and fully managing a thousand firewalls worldwide with a team of two is quite doable. Even with serious hardware failures, you can often still securely manage the system and analyze the issue at hand, or even fix certain issues. Other indispensable functions, are the full transparency of handled data, both real time and historical, the ability to create VPN tunnels in the blink of an eye, the multiple parallel VPN tunnels, and near infinite routing options.

Although IPv6 was implemented a couple of years ago in the Barracuda NG Firewalls, the real use of IPv6 is still rare. This means that the “real world exposure” of these parts is less than the IPv4 parts. This is obviously a general issue for security vendors.

None what so ever, we use these systems in critical 24x7x365 environments because of their stability and resiliency.

Barracuda offers a wide range of models ranging up to 40 GB sustained firewall throughput, and since all their systems work from a single image, I’ve never had an issue with scaling or migrating them.

The Barracuda NG Firewall, managed through the Barracuda Control Center thrives in large to very large environments. Unlike other vendors, the management really scales. Managing (all aspects) a thousand firewalls anywhere in the world with just a couple of engineers, is quit doable. The current practical maximum of firewalls to manage simultaneously is around 7,500, but that is quite beyond my scope.

Customer Service:

I’ve been in IT for nearly 40 years, and I’ve had my share of dealings with “service/support organizations”, often service/support was just the name of the department, but down the line it got a different meaning. Barracuda’s definition of support however extends every definition of the term to a new level.

These guys are accessible, no phone trees etc., they are polite, extremely knowledgeable, and customer oriented. Officially you need a subscription to be eligible for support, but I’ve never seen them turn their back on anyone. Barracuda Service is really Barracuda Service.

Technical Support:

There is not really a difference between customer service and technical support except maybe in the questions asked (and the people assigned to answer these questions).

Every user is entitled to full technical support which, as states, is unsurpassed in the IT industry.

I’ve been working with firewalls in small, medium and world scale solutions, since approx. 1994. and have dealt with a substantial amount of systems from number of vendors (like Check Point, Juniper NetScreen, Cisco PIX and ASA and some smaller ones).

Over the years, I’ve seen many sales guys promising “the world” but upon closer scrutiny actually offering very little. I must confess that I told the Barracuda (Phion back than) sales guy of my experiences, and his reply was; “you’re right, I’ll organize a phone conference with one of the developers”. My immediate reply was “Do these guys talk to mortals?”

After a very frank and open call lasting far beyond the one hour initially set, I was convinced that this product truly did stand out. Seven years of experience later, I’m even more convinced that this solution is unparalleled.

Let me rephrase, my “first setup” was complex, as the Barracuda NG firewall is different to others, but once you understand what you’ve got, and can get your head around it, it’s tremendously straightforward.

I’ve received full training of the Barracuda NG Firewall, and I’m the guy that designs the entire environment, and gets to setup the complex parts, and for the really insane tweaks, I can always count on the help of the entire Barracuda team. They are always reachable and will come over on short notice for special cases. These are the people who were part of team that build the systems back in the very early 2000’s and working with these guys is always a pleasure.

It is a real next generation firewall, if you’re looking for any run of the mill box and have little requirements, it’s probably not for you. If your requirements are more demanding and especially if you’ve got a number of locations, this is the product to consider.

The price itself is in the normal range, so the real benefit lies in the savings in management and amount of staff. Furthermore, Barracuda offers a so called instant replacement contract that not only entitles you to replacement of defective hardware, but also after four years enables you to replace the system with a brand new system for free.

As stated, I’ve worked with firewalls from different vendors, also in quite large environments, but they are no match for the Barracuda NG Firewall, not by a long shot. The vendors were:

• Check Point
• Cisco PIX and ASA
• Juniper NetScreen
• CyberGuard
• SonicWALL
• IIS

Although it is a truly great firewall it is certainly not a “run of the mill” product, and even if you have thorough knowledge of other firewall environment, don’t go in there without a good partner that will guide and support you.

Not really a Barracuda NG Firewall but a Barracuda rack mounted device (EON) that is capable of running the NG Firewall, next to instances of e.g. Web Application Firewall, Web Filters, etc., the sustained throughput on these boxes is around 250 GB.

Showing an F10, low-end, firewall and an F600, mid-range, model Barracuda NG Firewall

Just the first screen of a (demo env.) Barracuda Control Center showing the status of some firewalls

The Barracuda tool (NGEarth) that allows you to monitor in real time your VPN tunnels and system status (again demo)

Example showing traffic history (just one of the many screens.)