Barracuda CloudGen Firewall Review

Updating firewalls, both for firmware and on fixes, requires a couple of mouse clicks. However, initial deployment required a steep learning curve.


How has it helped my organization?

Since updating single boxes or large amounts of systems only requires a couple of mouse clicks, it allows us to keep the firewalls up to date, both for firmware and on fixes, in demanding locations around the globe. This process is such that we trust it to handle nearly impossible to reach systems too.

What is most valuable?

The real difference is the fact that it truly scales, and fully managing a thousand firewalls worldwide with a team of two is quite doable. Even with serious hardware failures, you can often still securely manage the system and analyze the issue at hand, or even fix certain issues. Other indispensable functions, are the full transparency of handled data, both real time and historical, the ability to create VPN tunnels in the blink of an eye, the multiple parallel VPN tunnels, and near infinite routing options.

What needs improvement?

Although IPv6 was implemented a couple of years ago in the Barracuda NG Firewalls, the real use of IPv6 is still rare. This means that the “real world exposure” of these parts is less than the IPv4 parts. This is obviously a general issue for security vendors.

What do I think about the stability of the solution?

None what so ever, we use these systems in critical 24x7x365 environments because of their stability and resiliency.

What do I think about the scalability of the solution?

Barracuda offers a wide range of models ranging up to 40 GB sustained firewall throughput, and since all their systems work from a single image, I’ve never had an issue with scaling or migrating them.

The Barracuda NG Firewall, managed through the Barracuda Control Center thrives in large to very large environments. Unlike other vendors, the management really scales. Managing (all aspects) a thousand firewalls anywhere in the world with just a couple of engineers, is quit doable. The current practical maximum of firewalls to manage simultaneously is around 7,500, but that is quite beyond my scope.

How are customer service and technical support?

Customer Service:

I’ve been in IT for nearly 40 years, and I’ve had my share of dealings with “service/support organizations”, often service/support was just the name of the department, but down the line it got a different meaning. Barracuda’s definition of support however extends every definition of the term to a new level.

These guys are accessible, no phone trees etc., they are polite, extremely knowledgeable, and customer oriented. Officially you need a subscription to be eligible for support, but I’ve never seen them turn their back on anyone. Barracuda Service is really Barracuda Service.

Technical Support:

There is not really a difference between customer service and technical support except maybe in the questions asked (and the people assigned to answer these questions).

Every user is entitled to full technical support which, as states, is unsurpassed in the IT industry.

Which solution did I use previously and why did I switch?

I’ve been working with firewalls in small, medium and world scale solutions, since approx. 1994. and have dealt with a substantial amount of systems from number of vendors (like Check Point, Juniper NetScreen, Cisco PIX and ASA and some smaller ones).

Over the years, I’ve seen many sales guys promising “the world” but upon closer scrutiny actually offering very little. I must confess that I told the Barracuda (Phion back than) sales guy of my experiences, and his reply was; “you’re right, I’ll organize a phone conference with one of the developers”. My immediate reply was “Do these guys talk to mortals?”

After a very frank and open call lasting far beyond the one hour initially set, I was convinced that this product truly did stand out. Seven years of experience later, I’m even more convinced that this solution is unparalleled.

How was the initial setup?

Let me rephrase, my “first setup” was complex, as the Barracuda NG firewall is different to others, but once you understand what you’ve got, and can get your head around it, it’s tremendously straightforward.

What about the implementation team?

I’ve received full training of the Barracuda NG Firewall, and I’m the guy that designs the entire environment, and gets to setup the complex parts, and for the really insane tweaks, I can always count on the help of the entire Barracuda team. They are always reachable and will come over on short notice for special cases. These are the people who were part of team that build the systems back in the very early 2000’s and working with these guys is always a pleasure.

What's my experience with pricing, setup cost, and licensing?

It is a real next generation firewall, if you’re looking for any run of the mill box and have little requirements, it’s probably not for you. If your requirements are more demanding and especially if you’ve got a number of locations, this is the product to consider.

The price itself is in the normal range, so the real benefit lies in the savings in management and amount of staff. Furthermore, Barracuda offers a so called instant replacement contract that not only entitles you to replacement of defective hardware, but also after four years enables you to replace the system with a brand new system for free.

Which other solutions did I evaluate?

As stated, I’ve worked with firewalls from different vendors, also in quite large environments, but they are no match for the Barracuda NG Firewall, not by a long shot. The vendors were:

  • Check Point
  • Cisco PIX and ASA
  • Juniper NetScreen
  • CyberGuard
  • SonicWALL
  • IIS

What other advice do I have?

Although it is a truly great firewall it is certainly not a “run of the mill” product, and even if you have thorough knowledge of other firewall environment, don’t go in there without a good partner that will guide and support you.

Not really a Barracuda NG Firewall but a Barracuda rack mounted device (EON) that is capable of running the NG Firewall, next to instances of e.g. Web Application Firewall, Web Filters, etc., the sustained throughput on these boxes is around 250 GB.

Showing an F10, low-end, firewall and an F600, mid-range, model Barracuda NG Firewall

Just the first screen of a (demo env.) Barracuda Control Center showing the status of some firewalls

The Barracuda tool (NGEarth) that allows you to monitor in real time your VPN tunnels and system status (again demo)

Example showing traffic history (just one of the many screens.)

Disclosure: My company has a business relationship with this vendor other than being a customer: Diamond partner since 2008
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email