Barracuda Web Application Firewall Reviews

We used Barracuda Web Application Firewall to protect the banking system. There were cyber drills where we had to find some logs, share those logs, and identify the attacks.

What I like most about Barracuda Web Application Firewall is its availability. I also like that it's an easy-to-use solution.

An area for improvement in Barracuda Web Application Firewall is attack identification. Other banks identified attacks and tracked logs that the solution wasn't able to identify because of its ready-made rules pre-deployed by the vendor. My organization raised this issue with the technical support team.

Another area to improve in Barracuda Web Application Firewall is its service desk. The team resorted to stonewalling because they couldn't accept that a feature was missing in the solution, and it was only after a lot of drilling down that the service desk team accepted that, and would be adding that feature in the future.

My organization had to submit a report to the Reserve Bank of India with information on the logs identified and the attacks that happened, and that there was a failure on the part of the Barracuda Web Application Firewall. The Reserve Bank of India conducts a tri-monthly cyber risk audit in all Indian banks. Even smaller banks identified and caught attacks that my organization wasn't able to do, so I was looking into other solutions that competitor banks could be using because Barracuda Web Application Firewall failed to identify some of the attacks.

I've used Barracuda Web Application Firewall for six months in the past year.

Barracuda Web Application Firewall is a stable product.

Barracuda Web Application Firewall is a scalable product. Scaling it up isn't an issue.

I wasn't happy with the technical support for Barracuda Web Application Firewall, particularly because of the intentional stonewalling by the team. The support team should accept if a threat wasn't caught by the solution. Support should accept that there's a problem in Barracuda Web Application Firewall and improve or fix that problem. My organization had to do a lot of drilling down before the technical support team accepted that the solution was lacking, and that was frustrating.

My rating for the Barracuda Web Application Firewall technical support team is a two out of five.

Barracuda Web Application Firewall was easy to set up. It's a physical appliance, and I only needed one engineer to do the setup. My support engineer set the product up remotely, and it wasn't difficult.

I don't remember how long the deployment took for Barracuda Web Application Firewall because it was done by one of my engineers, but the solution was easy to deploy.

Barracuda Web Application Firewall was implemented by a support engineer from my organization.

I don't remember which version of Barracuda Web Application Firewall I used, but it was the latest at the time.

My organization has a few people using Barracuda Web Application Firewall. Only four or five people use the product.

What I would tell people to do before using Barracuda Web Application Firewall is to first have a POC with different vendors and solutions and even use one or more open source firewalls and WAFs before making a decision. You have to first do a lot of research before installing Barracuda Web Application Firewall because even some open source WAFs can identify some attacks that Barracuda isn't able to identify.

My rating for Barracuda Web Application Firewall is six out of ten.

I'm a product user and not a reseller or partner of Barracuda Web Application Firewall.

Our primary use case of this solution is protection of applications. If you have applications, for instance, in Azure, and you want to protect them, you can use Barracuda Web Application Firewall, and you have any input data available. This is one of the best use cases. 

For this solution, we have both cloud-based and VM for Azure. 

Some of the most valuable features are the ease of deployment, the Barracuda support, the easy-to-use console, and the granularity of the reports. 

Barracuda Web Application Firewall's load balancing feature could be improved.

I have been using Barracuda Web Application Firewall for four years. 

In our organization, there are around 1,200 to 1,800 users of this solution. 

I would rate Barracuda's technical support a nine and a half out of ten. The technical support is very good. 

The installation is straightforward. There are no hidden challenges or anything. Anybody can do it with the installation guide. 

One engineer is more than enough to handle maintenance. 

We implemented this solution through an in-house team. 

They only offer a yearly licensing plan. 

There are dedicated web application firewalls like Imperva that allow for enterprise level firewall web apps. The main competitors are FortiWeb and Cloudflare. 

I rate Barracuda Web Application Firewall an eight out of ten. Everything—support, efficiency, the tax rate—comes into the picture. I would recommend this solution to others who want to start using it. 

The product has fantastic support services. It provides complex solutions, including block mode and other default protection features.

We encountered a few glitches while implementing API security features into the product. Secondly, they could provide transparency for different types of protection parameters available. It will be beneficial if there is some visibility for the same. We faced some downtime issues the last two times due to Barracuda infrastructure. Thus, we are searching for alternate WAF solutions.

We have been using Barracuda Web Application Firewall for two years.

I rate the platform's stability a ten out of ten.

I rate the product's scalability nine out of ten. It is suitable for enterprise businesses.

The technical support services are fantastic. They share the knowledge transparently. This feature is more exceptional than that of other vendors.

Positive

The initial setup process is simple. We have deployed the product on the cloud.

I rate Barracuda Web Application Firewall a nine out of ten.

Our company uses the solution to provide customers with a proxy service that secures transcriptions as part of a seven-layer process. We currently provide this service to twenty customers. 

The solution ensures layer seven is secure from attacks. 

The scripting is good. 

Layer four could be more secure like layer seven to prevent HTTP and HTTPS attacks. 

There are issues when upgrading firewalls and we experience different issues across customers. The communication metrics, ports, traffic, source, destination, and service must be enabled to upgrade firmware but there is no documentation or article for opening the communication matrix to upgrade smoothly. 

STM crashes are a repeat issue and they wipe out appliances. Each time, we have to open a ticket with support and get Apache to fix the issue. It is unclear why appliances have issues or fail and need to be recovered with Apache. 

Firmware upgrades cause automatic configuration changes without providing notifications. Configurations such as ports should not be changed automatically because they negatively affect customers. One customer's configuration issue was within the third layer and took seven days to solve. Support mitigation and work describes policies created automatically after upgrading firewalls but we already created and want to retain our own policies. 

I have been using the solution for two years. 

The solution is stable but ongoing issues with appliance failures, system crashes, and upgrading firmware affect its smooth operation. 

I opened a support ticket for resolving issues when upgrading firewalls. Support could not get to the issue and did not inform me to check traffic on the firewall. It is important to determine what is plugged in when a parameter is trying to communicate outside to download and upgrade firmware to the latest version. The issue was ongoing for three months until I accidently detected it myself. 

Tickets are not solved in one day and sometimes I have to close tickets without any solution from support. Only tickets at the second or third escalation level receive support. 

The setup is straightforward and installation can be finished in one day. 

We implement the solution for customers. 

The solution is based on a licensing model and might be $360 for the hybrid version. 

We have to migrate to another vendor because the solution no longer supports issues with the stack hub. 

We are a partner with Barracuda so recommend the application firewall to our customers but we now have thirteen customers who use Azure stack hub and cannot receive support. We communicated this issue with Barracuda's Middle East management and they suggested using a container as a service. We tried this in our lab but had issues with the installation which we finally resolved. We have some concerns about data being exposed because it is in the cloud. Our customers are administrators and will not accept their data being exposed. 

We would rather work with Barracuda because we have experience with their application firewalls and that makes it easier to support customers. We will have to go to another vendor and take classes to become experts. 

I rate the solution a seven out of ten. 

People who host their applications on the cloud, global servers, on-premises, or various locations may encounter issues related to IT threading as well as volumetric attacks. To address these challenges, we provide the Barracuda Web Application Firewall. The most significant advantage of the Barracuda Web Application Firewall is that it offers a single subscription for Active DDoS protection.

There are two types of DDoS attacks: active DDoS and offline DDoS. With Barracuda Web Application Firewall, we only need one subscription to be protected against both. In contrast, other solutions and competitors often require separate subscriptions for DDoS protection, making their offerings more expensive.

When it comes to a comprehensive web application firewall solution, Barracuda stands out by providing an affordable and end-to-end approach. In comparison, other market solutions typically consist of separate boxes for different features, leading to higher pricing.

We only need one subscription to be protected against both active DDoS and offline DDoS attacks.

In the Barracuda Web Application Firewall, there should be more affordable options for WAF as a service. These options should cater to smaller businesses, with a focus on single-size configurations for fewer users and cloud applications. We currently offer WAF as a service for cloud-deployed applications, but the pricing is somewhat on the higher side. To enhance the service, I suggest that they work on improving their pricing strategy. It's crucial to provide competitive pricing in comparison to other competitors in the market.

I am currently using the Barracuda Web Application Firewall.

I give Barracuda Web Application Firewall nine out of ten for stability.

I give Barracuda Web Application Firewall nine out of ten for scalability.

I would rate the initial setup a ten out of ten for its ease.

Usually, deployment takes three to four weeks because it depends on the customer and what we can observe from their side. What SLA or scope of work have they shared with the partner? In essence, we are not a direct partner of Barracuda; instead, we serve as the brand custodian for multiple brands such as Sophos and Barracuda. During the deployment phase, we are not directly involved with the customers. Sometimes, the queries pertain to deployment issues or technical problems. For such cases, we typically respond within two to four hours, or at most, one to two days, depending on our schedule. Since we cater to multiple brands and settings, we are not exclusively focused on one particular brand. Our role involves supporting multiple brands and setting up various solution abilities or designs.

For instance, if a customer approaches us for web services, we can offer Sophos Firewall web services. However, if they require a dedicated web solution, we provide them with a Barracuda solution. In cases where the customer has budget constraints, we try to migrate them to cloud-based solutions. Consequently, we refer to them as end customers or partners as per the situation.

In most cases, we are not directly involved in the deployment phase, the configuration process, or the setup. However, we usually gather feedback from our partners or new partners, and based on that, I can estimate that the deployment will take around two to three weeks. The timeline depends on the specific requirements or wishlist of the end customer.

The Barracuda Web Application Firewall is quite expensive. The license is available on an annual or three-year term, with no monthly, quarterly, or semi-annual options. There is a bigger discount applied when a customer signs up for a three-year term.

I would give Barracuda Web Application Firewall nine out of ten.

Barracuda Web Application Firewall is marketed for the enterprise segment because of its high cost.

Barracuda Web Application Firewall is a comprehensive and dedicated web application firewall, and I highly recommend it.

They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor. 

I don't really like the product. They restricted the number of servers we can protect. They restrict how many servers you can protect based on appliance.

They also don't support additional ATP. Customers also want ATP. They want something extra apart from the basic security package. 

Their appliances are very cheap. The quality is not that good. Their appliances should be more robust. 

I have been using this solution for a year. 

The backend server capability is low. It's risky to put extra servers behind it because it may or may not protect it. The workload is not that high. 

It has worked fine until now. We have some projects that are overloaded. In the next phase, I will remove some servers and add one or two servers from our project team. 

I have not tested out the scalability. 

The software is running 24/7.

I am not satisfied with the support. It used to be better. 

You don't need help from Barracuda to help with the deployment. The deployment is easy. We deployed them all by ourselves. It took some research through the manuals and documentation to find the best way to deploy for your infrastructure. The research took two to three days and then it took another two to three days to install it. By 7-8 days we were ready to do a soft launch. We did the rest within a month. 

We only needed one team member to deploy it. I worked alongside him so that I could also understand it. 

There are costs in addition to the standard licensing. 

I would rate it a five out of ten. 

My advice would be to explore the market. There are many good players. If a solution is on the higher side, it could be a better investment. 

The product has valuable technical features.

Barracuda Web Application Firewall’s scalability needs improvement.

We have been using Barracuda Web Application Firewall for two years now. At present, we use the latest version.

I rate the product's stability a ten out of ten.

The product has low scalability, and it is three out of ten. It could be improved.

The initial setup is easy. I rate the process a ten out of ten. It takes a month to complete.

We implement the product with the help of a reseller.

The product is inexpensive. I rate its pricing a two out of ten. We purchase its monthly license.

We have medium businesses as our customers for Barracuda Web Application Firewall. I recommend it to others and rate it a ten out of ten.

We use the solution to protect our internal applications from cybersecurity threats.

Parameter Protection is a valuable feature. Most of the features are quite useful. It is a helpful tool. It helped us with penetration testing.

We get false positives about phishing emails. The vendor must improve Barracuda Email Security Gateway.

I am using the solution currently.

The tool is quite stable. I have no issues with it. It depends on the fine-tuning of customized applications based on our requirements.

The solution is scalable.

The technical support is fantastic.

Positive

The initial setup was easy. However, we needed to do some fine-tuning in the applications. It was not difficult.

Overall, I rate the tool a ten out of ten.