Barracuda NextGen Firewall Review
Provides real-time, deep, user-level monitoring, single sign-on, and integrates with AD


Primary Use Case

We use it for priority level security, to manage single sign-on applications and user base policy from a single firewall device. We use it for SSL inspection, for SSL site-to-site, for point-to-site, and for user base policy allocation.

Improvements to My Organization

I'm a network and cyber security consultant. This is not only for my offices, I have deployed it for many large enterprises where customers are remotely accessing their applications. We can define user application-level access, so our customers can work anytime from anywhere.

Valuable Features

Live monitoring of what is happening inside and with the interfaces, either ingress or egress - this is a good feature of the device.

Secondly, most people use enterprise applications remotely, and there is no license for SSL VPN, or in other words point-to-site. There is no limit. On other devices there is a specific limit and you have to pay per use for SSL VPN.

Single sign-on is also good. If you are accessing your corporate firewall from your home, during that time there is an integration with the AD. You can use your AD's password to access your SSL VPN. It's not like if you buy a traditional SSL VPN. You have to define a specific password for your remote client application but there is no requirement of defining a specific password - which you would have to request from your admin - or to buy a token which can generate a password for your integration. You can directly integrate with your AD. If you change your password on the AD side, your client-to-VPN password also gets changed. You can integrate all your passwords from a single console. The admin doesn't has to change your password, it's a single sign-on.

Room for Improvement

It's a little bit complex in terms of handling. If you implement a change, there is a specific point where you have to commit it. It's not like you just push a button and it's always committed. If you don't know to check whether your commit command has been executed or not... that is something Barracuda needs to work on.

Secondly, when you do any commit, it locks your next access. If you are making a change to the device, from the security standpoint it's fine, but from the admin side it's not good. When you make changes, after each and every one it becomes locked.

Use of Solution

Three to five years.

Stability Issues

It's really a good and stable product. I have worked with multiple firewall products and I can say that this is really very robust, good hardware. It's also good on the cloud side. I have deployed it on both sides, either on the public cloud or a virtual space, or a physical environment.

Scalability Issues

No scalability issues at all. When you buy this product it gives you multiple options: What can the maximum number of employees be, what can the number of concurrent users be. It's really good, there is no problem with the usability.

One of the most important parts is that there is auto-upgrade of the hardware every fourth year.

Customer Service and Technical Support

I would say technical support is lacking. They don't have strong technical support; their abilities are not so good. The support is not fabulous, it's okay. They need to improve their support.

Previous Solutions

I have used Cisco, Fortinet, Check Point, Palo Alto, Sophos Cyberoam, Dell SonicWall, and Juniper (both SRX and NetScreen).

One of the reasons I switched to Barracuda is that I was looking for real-time monitoring and Barracuda is good for that.

Secondly, SD-WAN. The first time I used this a question which occurred to me was regarding software-defined WAN technology. I wanted to go to a software-defined WAN and Barracuda have a specific protocol called TINA (Transport Independent Network Architecture). You can create a master policy over the internet and it allows you to do Quality of Services on top of it. It's really helpful for me.

When I saw that this box comes with software-defined WAN technology, along with all the firewall options, the specific user-level deep monitoring and real-time monitoring, that made me more curious about it.

Initial Setup

Initially, it's complex when no one is familiar with it. The first time you use it, it is a really complex solution.

We have spent a good amount of time to "get in" to this box.

Pricing, Setup Cost and Licensing

Pricing and licensing are fine. It's worth the value because if I buy any other product, every four years I have to replace my hardware. But with Barracuda I get a free hardware upgrade. Today I'm using Xbox. After four years I can take another Xbox or a Ybox.

Other Advice

When I initially started using it I was just an end-user, a technical consultant. And one of my customers said to me, "I want these and these features." I searched a number of products with respect to the customer's requirements and we chose Barracuda. I then signed on to be an OEM partner with Barracuda, about four years ago.

It's good to go with Barracuda. If your work is only on the internet, you can go with this product. If you want to create your own MPLS network, or you are more focused on application performance over the internet, you can go with Barracuda.

I would not blindly say go with any given product because there are multiple factors to consider. For example, there is no license for SSL. When you have a greater number of remote users, and you don't know what kind of scalability you will need, that is another thing. If you have multiple offices, all inter-connected via the internet, you want a single management console through which you can manage all you firewalls. In that case, Barracuda could be a good option.

If you want to buy a product which can challenge the industry-recognized leaders, like Palo Alto or Check Point, you should consider this product.

I rated it at nine out of 10. It's not a 10 because of their training - it takes a long time to understand this product. Also, it locks after each and every change, which is problematic. Also, when you login from some sources, there is no feature which can log you out after a certain timeout.

Disclosure: My company has a business relationship with this vendor other than being a customer: OEM Partner.
1 visitor found this review helpful

Add a Comment

Guest
Why do you like it?

Sign Up with Email