We just raised a $30M Series A: Read our story

Barracuda Web Application Firewall OverviewUNIXBusinessApplication

Barracuda Web Application Firewall is the #7 ranked solution in our list of top Web Application Firewalls. It is most often compared to Microsoft Azure Application Gateway: Barracuda Web Application Firewall vs Microsoft Azure Application Gateway

What is Barracuda Web Application Firewall?

Barracuda Web Application Firewall is the ideal solution for organizations looking to protect web applications from data breaches and defacement. With the Barracuda Web Application Firewall, administrators do not need to wait for clean code or even know how an application works to secure their applications. Organizations can ensure robust security with a Barracuda Web Application Firewall hardware or virtual appliance, deployed either on-premises or in the cloud.

Barracuda Web Application Firewall Buyer's Guide

Download the Barracuda Web Application Firewall Buyer's Guide including reviews and more. Updated: October 2021

Barracuda Web Application Firewall Customers
Oracle, CBS, Pioneer, Hyundai, Publix, Barnes Noble, Calzedonia, Nordstrom, Samsung, Nascar
Barracuda Web Application Firewall Video

Archived Barracuda Web Application Firewall Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Igor-Bashtovyi
Security Engineer at a tech services company
Real User
Gives an understanding of what is happening on your site and any attempts on your source

Pros and Cons

  • "It's very simple and predictable, because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process."
  • "I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. Barracuda has something like this, but not with the same functionality from my point of view."

What is our primary use case?

We use this as public cloud and a virtual appliance based on Azure Cloud.

How has it helped my organization?

It's very simple and predictable because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process.

What is most valuable?

I think the biggest value comes from the ability of Web Application Firewall to perform analysis of attacks that are registered by it, as well as its ability to analyze source code of those attacks and all traffic that is captured by Web Application Firewall. 

The basic functionality of the Web Application Firewall is pretty good. Therefore in comparison with CloudFlare, Barracuda has significant powerful instruments for analysis of main traffic of requests that we get on the application. If however, we try to compare Barracuda and F5, F5 is more powerful than Barracuda. In any case, it's very hard to make these comparisons, because one product has more powerful features from one point of view, while the other product is better from another point of view.

I can say that it's good only in comparison with some products. All products have approximately the same functionality, but some products are more powerful in certain aspects.

What needs improvement?

I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall.

Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area.

A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker.

The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.

For how long have I used the solution?

I've been using Barracuda for two months.

What do I think about the stability of the solution?

If I remember correctly, when applying changes to a policy, the system tries to reward the current system. I didn't check if the site is available, but it seems that certain views could be unavailable during this process. Any changes or configurations submitted demand voiding. This can be a surprise because when you try only to save the configuration but don't commit it, you might think this doesn't take effect. If you don't want to commit this policy exactly at this time the appliance will still start to change it. This might be a quirk of this appliance.

What do I think about the scalability of the solution?

I read that you can scale this system by building redundant schemes and using special appliances to manage certificates, but I didn't try it. Therefore, as a manager I don't know, because I didn't try to make a redundant scheme.

Only a few users at our company implement this, but all visitors to our site are affected by this implementation.

How are customer service and technical support?

I didn't fight with them because all features and implementations that I tried didn't demand any help from technical support.

Which solution did I use previously and why did I switch?

We actually switched to Barracuda because it's cheaper than F5. This might not be the case for others, because there are several solutions that are cloud based. It is a service of a service and in some cases this kind of product would be cheaper than Barracuda. It depends on the implementation scheme and business needs. In some cases, Barracuda is cheaper, in some cases Barracuda is more expensive. In our case it was cheaper.

How was the initial setup?

The initial setup was very easy and straightforward. I don't remember how long deployment took, but it was very quick. If I remember, you just need to assign the address management interface and add additional IP addresses to other interfaces, enable them, etc. After that, your site is available already. It's much easier than F5, for example.

What about the implementation team?

We didn't use a vendor for implementation. I just used standard documentation from their resources and it was enough to roll out this appliance in our infrastructure. It's very easy. I didn't request them, because the documents provided by their site was enough to roll out this product by ourselves without additional help.

What's my experience with pricing, setup cost, and licensing?

Barracuda costs us $8,000 per year. Barracuda costs $20,000 for a full subscription, when you try to protect multi-site infrastructure, in different geographical zones and for different data centers. If you have only one site, Barracuda will be cheaper.

Which other solutions did I evaluate?

We chose Barracuda because in our case it was cheaper.

What other advice do I have?

The biggest lesson I learned is that our site is attacked every day.

I would recommend Barracuda, but this recommendation is based on our particular case. For some cases this solution is good, but for some cases it's not. It's very hard to answer directly because of all the aspects that should be taken into account when you try to answer this question.

I would rate it as eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Carlo Bertini
IT Consultant and Project Manager at Cabar Srl
Consultant
Secure Internet Access with automatic content filtering

Pros and Cons

  • "The most valuable feature is the automatic content filtering."
  • "The usability of the interface could be improved."

What is our primary use case?

We use this solution as the firewall, the security, secure internet access, and protection from outside access.

What is most valuable?

The most valuable feature is the automatic content filtering.

What needs improvement?

The usability of the interface could be improved. 

The interface is not easy to use or to configure.

A feature that could be very powerful would be the capability to provide the monitoring of the security analogies, and proactive alerts in case of potential issues.  

The firewall protects and logs, but does not provide you with an analogy on that data. 

For how long have I used the solution?

I have been using this solution for approximately nine years.

What do I think about the stability of the solution?

The availability and stability are very high.

We have one hundred employees within this company using this solution.

What do I think about the scalability of the solution?

The appliance can grow only in the stack, but it's not an upgradable design, it is a closed appliance. 

It is unadjustable in performance, in growing or increasing.

How are customer service and technical support?

The technical support is provided by the vendor. A ticket is opened with the vendor and they provide support.

We have direct contact via email and phone.

Because we have to repeat the issue more than once before we get support, I would rate them an eight out of ten.

Which solution did I use previously and why did I switch?

Previously with a different vendor, we used many solutions. As a result, I have experience with many different solutions such as WatchGuard, Cisco, Cisco LEAP, Cisco Tools, SELFAS, and Fortinet.

How was the initial setup?

The initial setup was both simple and complex. WatchGuard is easier to set up than Barracuda, but not as complex. It's something that works and you can start. 

The set up is a medium level of complexity, but if I had to choose between simple and hard, then I would say the initial set up is hard.

The implementation was anywhere from one to two days for the full implementation of all services.

It took one technician to deploy this solution. A couple of technicians for maintenance is required approximately four to five days a year.

What about the implementation team?

I am an integrator and the implementation was done by myself with the help of my technicians and colleagues that are certified in different technologies.

What's my experience with pricing, setup cost, and licensing?

Our licensing fees are paid annually and the cost is between €600 and €800 (approximately $665.00 to $885.00 USD).

It's a full-featured set and all of the capabilities are included.

I am not aware of any additional costs.

Which other solutions did I evaluate?

Before choosing Barracuda we evaluated WatchGuard.

What other advice do I have?

One of my previous colleagues suggested this solution, they advised me of the company and the technologies.

I would recommend this solution.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Learn what your peers think about Barracuda Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.
SolomonAwosina
CTO at GCET
Reseller
Top 5Leaderboard
Simple to manage and use, with good technical support

Pros and Cons

  • "The most valuable feature of this solution is the simplicity of configuration."
  • "I would like to see an improved capacity to store logs so that they will be available for a longer time."

What is our primary use case?

I am a system integrator and this is one of the solutions that I implement for my customers.

What is most valuable?

The most valuable feature of this solution is the simplicity of configuration. 

This solution makes management easy.

I really like the firewall weblog that allows me to see what is being blocked, why, and how I can apply a fix.

What needs improvement?

I would like to see an improved capacity to store logs so that they will be available for a longer time. From my experience, and over time, I have noticed that Barracuda appliances do not store logs for a very long time. What this means is that people have to buy the Barracuda Reporting Server. This is quite expensive, at three or four times the price of the equipment. So, if users have only one or two appliances then it doesn't make sense for them to buy a Reporting Server. If they decide to export those logs from the Barracuda appliance to a SIEM then the format of the report gets lost because Barracuda has custom reports.  Where I used to work, our logs would last for about one week. However, where I am now, we do not have logs beyond one day.

For how long have I used the solution?

I have been using this solution for about ten years.

What do I think about the stability of the solution?

This is a very stable appliance.

What do I think about the scalability of the solution?

This physical appliance is not a solution that scales because once I use it at capacity, I have to buy a new one. The virtual appliance is scalable because if I am at capacity then I can increase my license to another plan.

For the WAF, capacity is not a function of the number of users. Rather, it is based on the servers that it is protecting. Two of my current clients and one hundred and fifty, and two hundred and fifty users, respectively.

How are customer service and technical support?

Technical support for this solution is wonderful. It is not just for the firewall, but all of Barracuda has good support. I have been dealing with them since 2009, and in my experience, they attend to you. They take the time to explain things. Even if you want to consider something new, they will guide you on what to do.

Overall, I would rate their support very high.

How was the initial setup?

The initial setup of this solution is very straightforward.

When I first set up this solution in 2009, it was for my company and I didn't require assistance from anybody. I later when for training, and am now an integrator. Today I set this solution up for other companies, and I can say that the initial setup has been straightforward all along.

What other advice do I have?

Definitely, I would recommend Barracuda because of its simplicity. I know that they are now integrating the Web Application Firewall on Prime, in the cloud, as well.

The only thing that is a challenge for me is storage, which limits my reporting.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SM
Senior Operations Manager at samergl
Real User
A stable solution with a straightforward setup and continual updates

Pros and Cons

  • "I find the solution very stable."
  • "The solution could use more reports."

What is our primary use case?

We primarily use this solution for firewalls.

What is most valuable?

The features are all fine. We just fixed some bugs from three months ago, and we're waiting now for a final review. They sent us some features to fix the issue.

What needs improvement?

The solution could use more reports.

For how long have I used the solution?

I've been using the solution for 6 months.

What do I think about the stability of the solution?

I find the solution very stable.

How are customer service and technical support?

Technical support has been good. Currently, we don't have any issues.

Which solution did I use previously and why did I switch?

This is the first solution we are using.

How was the initial setup?

The initial setup was very straightforward. We applied what we needed to use and added different features. Each time we need to use a different feature, we go through configuring it and including more features as necessary. 

What about the implementation team?

I used my own team for the implementation. 

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

I manage and operate the device. We are working with the operation team each time applying manual updates, which is continuous. I'd like to see different information, to help handle issues in an easier way. 

I would rate the solution a 9 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Hamza Ahmed
Assistant to the General Manager at a tech services company with self employed
Real User
Attacks have stopped and all of the traffic is going smoothly to my servers

Pros and Cons

  • "The volumetric DDoS defense is very good because I had a problem with a lot of volumetric DDoS attacks on my servers. After using Barracuda, those attacks have stopped and all the traffic is going smoothly to my servers and the system is working really well."
  • "I would like to see better controlling of the traffic."

What is our primary use case?

The primary use case is to protect from DDoS attacks and to protect my backend servers. That was the main concern for me. Barracuda has been very good. I'm very happy with the product.

How has it helped my organization?

Previously, attacks would make the systems go down and we couldn't connect with our customers and other things. We need our servers to be online 24-7 which is why I chose Barracuda. Now our servers are running smoothly and I have no problem running my servers.

What is most valuable?

The volumetric DDoS defense is very good because I had a problem with a lot of volumetric DDoS attacks on my servers. After using Barracuda, those attacks have stopped, all of the traffic is going smoothly to my servers and the system is working really well.

What needs improvement?

I would like to see better controlling of the traffic. 

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The stability is very good. I would give it four and a half stars out of five.

How was the initial setup?

The initial setup was straightforward. It was easy to deploy. It took six to seven hours of work a day to deploy every policy that I wanted. The initial setup went well, there weren't any issues with it. 

What other advice do I have?

I would rate it a nine out of ten. The attacks that we used to get on servers are gone. My servers are now running 24-7 and I have no problems with them.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Alireza Ghahrood
Consultant & Instructor -Cyber Security,GovernanceRIskCompliance (CISO as a Services) at Independent
Real User
Top 10
Strong updating features but the tech support is weak

What is our primary use case?

The updating and signature features are my primary use case for the solution. These features are beneficial to my organization.

What needs improvement?

I would like this solution to be more detective of the needs of the organization.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I encountered issues with the stability of the product.

What do I think about the scalability of the solution?

I encountered issues with scalability.

How is customer service and technical support?

I would rate the level of tech support a six out of ten. 

How was the initial setup?

I would suggest that someone implementing this product is knowledgeable in the IT field and with the network needs.…

What is our primary use case?

The updating and signature features are my primary use case for the solution. These features are beneficial to my organization.

What needs improvement?

I would like this solution to be more detective of the needs of the organization.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I encountered issues with the stability of the product.

What do I think about the scalability of the solution?

I encountered issues with scalability.

How is customer service and technical support?

I would rate the level of tech support a six out of ten. 

How was the initial setup?

I would suggest that someone implementing this product is knowledgeable in the IT field and with the network needs. It is complex.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JB
Director of Systems Infrastructure at a tech vendor
Real User
Allows us to scale out to multiple phase servers

What is our primary use case?

We use it for low balancing phase servers.

How has it helped my organization?

It allows us to scale out to multiple phase servers. It is a great product. We are very pleased with it.

What is most valuable?

It works exactly by design. It works very well.

What do I think about the stability of the solution?

There are no stability issues.

What do I think about the scalability of the solution?

There are no scalability issues.

How is customer service and technical support?

Their technical support is great.

How was the initial setup?

If you are a networking guy, the initial setup is straightforward. If you know nothing about networks, then you can't set it up.

What's my experience with pricing, setup cost, and licensing?

They have…

What is our primary use case?

We use it for low balancing phase servers.

How has it helped my organization?

It allows us to scale out to multiple phase servers.

It is a great product. We are very pleased with it.

What is most valuable?

It works exactly by design. It works very well.

What do I think about the stability of the solution?

There are no stability issues.

What do I think about the scalability of the solution?

There are no scalability issues.

How is customer service and technical support?

Their technical support is great.

How was the initial setup?

If you are a networking guy, the initial setup is straightforward. If you know nothing about networks, then you can't set it up.

What's my experience with pricing, setup cost, and licensing?

They have competitive pricing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
NN
IT Security Administrator at a tech services company with 10,001+ employees
Real User
We run it with no downtime, because it has good support

What is our primary use case?

We use it for mail protection.

How has it helped my organization?

It has helped the organizational function because we do not have an application hosted product. 

What is most valuable?

It mainly provides good support, and it is a good web application for us.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is not stable nor mature, though it is not a problem for us.

What do I think about the scalability of the solution?

We have had scalability issues. However, since we do not have that many applications, it is not an issue for us.

How are customer service and technical support?

Technical support is very good.

Which solution did I use previously and why did I switch?

What is our primary use case?

We use it for mail protection.

How has it helped my organization?

It has helped the organizational function because we do not have an application hosted product. 

What is most valuable?

It mainly provides good support, and it is a good web application for us.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is not stable nor mature, though it is not a problem for us.

What do I think about the scalability of the solution?

We have had scalability issues. However, since we do not have that many applications, it is not an issue for us.

How are customer service and technical support?

Technical support is very good.

Which solution did I use previously and why did I switch?

We did not previously use another solution.

How was the initial setup?

The initial setup was very straightforward.

What's my experience with pricing, setup cost, and licensing?

The pricing is less compared to other web applications, which is important to us.

Which other solutions did I evaluate?

We compared the solution to Imperva because of the support. Support is important to us.

What other advice do I have?

Just do it. We run it with no downtime, because it has good support.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user848259
Network & Security Engineer at a tech services company with 11-50 employees
Real User
Give us visibility into server connections/sessions, real-time alerts, KPIs

Pros and Cons

  • "This product gives us visibility into what is going on in two servers, including connections and sessions, real-time alerts, very good reporting, and KPIs. It makes managing security of a critical server very easy, with a friendly GUI."
  • "There is no one special feature, but the WAF itself is valuable: user-friendly protection against web attacks etc., authentication, reporting, accountability, alerting, and hardened OS."
  • "This product could easily progress to be among the industry leaders. I think they need to improve enterprise level automation. It integrates with a small number of vulnerability scanners, so report results should be imported manually; same for SIEM integration."

What is our primary use case?

I have two primary use cases, one for a bank and the other one for an operator. I will speak about the bank case. The environment is very critical: securing an e-banking server and SMS banking.

How has it helped my organization?

This product gives us visibility into what is going on in two servers, including connections and sessions, real-time alerts, very good reporting, and KPIs.

It makes managing security of a critical server very easy with a friendly GUI.

What is most valuable?

There is no one special feature, but the WAF itself is valuable: user-friendly protection against web attacks etc., authentication, reporting, accountability, alerting, and hardened OS.

What needs improvement?

This product could easily progress to be among the industry leaders. I think they need to improve enterprise level automation. It integrates with a small number of vulnerability scanners, so report results should be imported manually; same for SIEM integration.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Very stable product.

What do I think about the scalability of the solution?

No issues with scalability.

How is customer service and technical support?

Best support I have ever seen. I have experience with several products and their support. Barracuda support is very special: efficient, quick replies.

How was the initial setup?

There was some complexity because it requires special configuration in addition to some network changes.

What's my experience with pricing, setup cost, and licensing?

Very good price compared to other products. Some products, like Fortinet, give you good performance as well, and their price is probably lower than Barracuda, but you should pay attention to renewal prices and options. The BWAF license includes everything, even cloud control, which requires a license in other products.

OPEX/CAPEX should be looked at closely.

Which other solutions did I evaluate?

Fortinet, but BWAF was much better.

What other advice do I have?

I would rate it a 10 out of 10 because all requirements from a product are there: very good performance, robust equipment, pentest/vul scan success, very good support. The cost to value ratio is tops.

If you have a limited budget it’s the best, and if you have an open budget why spend more since BWAF can do the job.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user1194
Head of Infrastructure at a tech services company with 501-1,000 employees
Consultant
Very good Web Application filter to protect your web applications from various hacker exploits

Valuable Features:

1) The Barracuda Networks Web Application Firewall can protect your vital web applications from various exploits by hackers. 2) Can be easily deployed and configured. 3) Can be used to protect many applications, like Microsoft Outlook Web Access, Oracle, FTP, SharePoint, XML, etc. It can also protect custom applications deployed within the environment. 4) Can be very easily integrated with Active Directory and various 2-factor authentication systems. 5) Has a built in virus scanner for any data uploads. 6) Reasonably priced 7) Checks both Inbound and Outbound traffic to ensure protection against any type of data leakage and theft. 8) Barracuda Web Application Firewall has a built in load balancer, which can easily distribute traffic to multiple backend servers.

Room for Improvement:

1) Generally speaking, the more complex your web application is, the greater the risk. Older sites are highly vulnerable to application layer security threats. Barracuda Networks Web Application Firewall is not tightly equipped to handle application layer security threats. 2) For SSL enabled sites, Barracuda Networks Web Application Firewall requires the duplication of the SSL certificate. This can pose SSL penetration and also significant scalability challenges. 3) Customer service and online support system is a bit slow and needs improvement.

Other Advice:

One of the best Web Application Filters to protect your web applications, like FTP, Microsoft Outlook Access, Sharepoint, etc. from hackers. Ease of integration, with various 2-factor authentication systems, is one of the highly sought after features. It needs improvement in the way that it handles various SSL enabled sites.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Barracuda Web Application Firewall Report and get advice and tips from experienced pros sharing their opinions.