Improvements to My Organization
Since updating single boxes or large amounts of systems only requires a couple of mouse clicks, it allows us to keep the firewalls up to date, both for firmware and on fixes, in demanding locations around the globe. This process is such that we trust it to handle nearly impossible to reach systems too.
The real difference is the fact that it truly scales, and fully managing a thousand firewalls worldwide with a team of two is quite doable. Even with serious hardware failures, you can often still securely manage the system and analyze the issue at hand, or even fix certain issues. Other indispensable functions, are the full transparency of handled data, both real time and historical, the ability to create VPN tunnels in the blink of an eye, the multiple parallel VPN tunnels, and near infinite routing options.
Room for Improvement
Although IPv6 was implemented a couple of years ago in the Barracuda NG Firewalls, the real use of IPv6 is still rare. This means that the “real world exposure” of these parts is less than the IPv4 parts. This is obviously a general issue for security vendors.
None what so ever, we use these systems in critical 24x7x365 environments because of their stability and resiliency.
Barracuda offers a wide range of models ranging up to 40 GB sustained firewall throughput, and since all their systems work from a single image, I’ve never had an issue with scaling or migrating them.
The Barracuda NG Firewall, managed through the Barracuda Control Center thrives in large to very large environments. Unlike other vendors, the management really scales. Managing (all aspects) a thousand firewalls anywhere in the world with just a couple of engineers, is quit doable. The current practical maximum of firewalls to manage simultaneously is around 7,500, but that is quite beyond my scope.
Customer Service and Technical Support
I’ve been in IT for nearly 40 years, and I’ve had my share of dealings with “service/support organizations”, often service/support was just the name of the department, but down the line it got a different meaning. Barracuda’s definition of support however extends every definition of the term to a new level.
These guys are accessible, no phone trees etc., they are polite, extremely knowledgeable, and customer oriented. Officially you need a subscription to be eligible for support, but I’ve never seen them turn their back on anyone. Barracuda Service is really Barracuda Service.
There is not really a difference between customer service and technical support except maybe in the questions asked (and the people assigned to answer these questions).
Every user is entitled to full technical support which, as states, is unsurpassed in the IT industry.
I’ve been working with firewalls in small, medium and world scale solutions, since approx. 1994. and have dealt with a substantial amount of systems from number of vendors (like Check Point, Juniper NetScreen, Cisco PIX and ASA and some smaller ones).
Over the years, I’ve seen many sales guys promising “the world” but upon closer scrutiny actually offering very little. I must confess that I told the Barracuda (Phion back than) sales guy of my experiences, and his reply was; “you’re right, I’ll organize a phone conference with one of the developers”. My immediate reply was “Do these guys talk to mortals?”
After a very frank and open call lasting far beyond the one hour initially set, I was convinced that this product truly did stand out. Seven years of experience later, I’m even more convinced that this solution is unparalleled.
Let me rephrase, my “first setup” was complex, as the Barracuda NG firewall is different to others, but once you understand what you’ve got, and can get your head around it, it’s tremendously straightforward.
I’ve received full training of the Barracuda NG Firewall, and I’m the guy that designs the entire environment, and gets to setup the complex parts, and for the really insane tweaks, I can always count on the help of the entire Barracuda team. They are always reachable and will come over on short notice for special cases. These are the people who were part of team that build the systems back in the very early 2000’s and working with these guys is always a pleasure.
Pricing, Setup Cost and Licensing
It is a real next generation firewall, if you’re looking for any run of the mill box and have little requirements, it’s probably not for you. If your requirements are more demanding and especially if you’ve got a number of locations, this is the product to consider.
The price itself is in the normal range, so the real benefit lies in the savings in management and amount of staff. Furthermore, Barracuda offers a so called instant replacement contract that not only entitles you to replacement of defective hardware, but also after four years enables you to replace the system with a brand new system for free.
Other Solutions Considered
As stated, I’ve worked with firewalls from different vendors, also in quite large environments, but they are no match for the Barracuda NG Firewall, not by a long shot. The vendors were:
- Check Point
- Cisco PIX and ASA
- Juniper NetScreen
Although it is a truly great firewall it is certainly not a “run of the mill” product, and even if you have thorough knowledge of other firewall environment, don’t go in there without a good partner that will guide and support you.
Not really a Barracuda NG Firewall but a Barracuda rack mounted device (EON) that is capable of running the NG Firewall, next to instances of e.g. Web Application Firewall, Web Filters, etc., the sustained throughput on these boxes is around 250 GB.
Showing an F10, low-end, firewall and an F600, mid-range, model Barracuda NG Firewall
Just the first screen of a (demo env.) Barracuda Control Center showing the status of some firewalls
The Barracuda tool (NGEarth) that allows you to monitor in real time your VPN tunnels and system status (again demo)
Example showing traffic history (just one of the many screens.)
Disclosure: My company has a business relationship with this vendor other than being a customer: Diamond partner since 2008
Jul 22 2015