Barracuda NextGen Firewall X-Series
Simple Cloud-Based Network Management for Small to Midsized BusinessesFree Trial
Table of Contents
Application Visibility and Control
The Barracuda NextGen Firewall X-Series analyzes network traffic up to Layer-7, leveraging advanced fingerprints to identify applications and content traffic. Based on the fingerprints, a flexible set of actions, including allowing, blocking, resetting, and redirecting connection attempts and traffic can be defined. A library of hundreds of applications is currently fingerprinted. Furthermore, granular policies can be set for specific application features (e.g., limiting audio calls on Skype). These fingerprints are dynamically updated so that security policies and signatures remain up-to-date.Back to top
Active Connections and Real-Time Control
An insightful dashboard interface provides an overview of the active connections for a network. With this interface, real-time actions can also be taken. When resource-intensive applications are preventing business-critical activities like VoIP conference calls, administrators can take immediate action to either end a connection or regulate its bandwidth.Back to top
Intrusion Detection and Prevention (IPS)
The Barracuda NextGen Firewall X-Series Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against thousands of network based threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases to prevent network attacks such as:
- SQL injections and arbitrary code executions
- Access control attempts and privilege escalations
- Cross-Site Scripting and buffer overflows
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
- Directory traversal and probing and scanning attempts
- Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
The Barracuda NextGen Firewall X-Series provides advanced attack and threat protection features such as:
- Stream segmentation and packet anomaly protection
- TCP split handshake protection
- IP and RPC defragmentation
- FTP evasion protection
- URL and HTML decoding
The Barracuda NextGen Firewall X-Series is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems. The IPS can also be used in combination with SSL Inspection.
As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NextGen Firewall X-Series is constantly up-to-date.Back to top
Quality of Service (QoS) and Traffic Prioritization
Granular QoS settings enable an organization to set bandwidth policies for applications, services, and users. In addition, traffic prioritization can be set to ensure that latency-sensitive or business-critical applications are always given priority. Pre-built policies enable organizations to immediately begin implementing one of eight pre-defined bandwidth policies. Pre-defined policies can easily be customized to individual customer needs.Back to top
Application-Based Provider Selection
The combination of next-generation security and adaptive WAN routing allows the Barracuda NextGen Firewall X-Series to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications and application categories. This keeps expensive, highly-available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.Back to top
Barracuda’s 24x7 threat operations center analyzes the latest emerging web-based malware and provides real-time updates. This provides zero-hour response time to fast moving, aggressive web threats with no need to maintain up-to-date signature databases on-premises.Back to top
High-Performance Malware and Virus Scanning
Malware scanning is a CPU-intensive operation with a significant performance impact when paired with network packet processing operations on the firewall. By leveraging the cloud for the heavy lifting, the Barracuda NextGen Firewall X-Series maintains high throughput levels when forwarding packets, handling VPN connections, regulating application traffic, and preventing network intrusions. Even the smaller Barracuda NextGen Firewall X-Series units for branch offices benefit from the full power of the cloud and are able to scale easily with increasing traffic volumes.Back to top
Full User Identity Awareness
The Barracuda NextGen Firewall X-Series authenticates users with Active Directory, NTLM, LDAP/LDAPS, RADIUS, and x.509 digital certificates. User and group-specific policies, including time-based access controls, are integrated into the firewall rules, making it easy for administrators to customize network access, application usage, and bandwidth allocation for specific users and groups.
User Identity Awareness includes connections via Microsoft Terminal Servers.Back to top
Integrates with Barracuda Web Security
Barracuda NextGen Firewall X-Series can be easily configured to transparently redirect web traffic to any Barracuda Web Security solution (Barracuda Web Security Gateway or Barracuda Web Security Service) without breaking inline connections. Administrators can use a central management portal to configure user-based content filtering rules across 96 content categories. Administrators can block, accept, warn, or log access to domains along with advanced policies such as remote filtering for off-network users, safe search enforcement on search engines, YouTube for Schools integration, SSL inspection, granular web application monitoring, and domain whitelisting/blacklisting. In addition, Barracuda Web Security products provide more than 70 reports for complete visibility into internet browsing activities.Back to top
Safe Search Enforcement
Enforce Safe Search mode on major search engines like Google, Yahoo, and Bing to ensure users cannot access inappropriate image and video content. Most search engines offer a safe portal where search results are pre-determined to be appropriate for users of all ages. This is commonly utilized in educational organizations to protect students and maintain compliance. The Barracuda NextGen Firewall X-Series can automatically re-route all search entries to the safe portal of a search engine to prevent students from viewing obscene or offensive multimedia content.Back to top
Cloud-Based Central Management
Barracuda NextGen Firewall X-Series are integrated with Barracuda Cloud Control (BCC) – a web-based management portal, which leverages Barracuda’s global cloud infrastructure to enable organizations to centrally manage all their devices through a “single pane of glass” interface. Administrators have a global view of all their devices, as well as the ability to centrally manage policies and configuration. The intuitive interface makes it easy for small and medium-sized organizations to implement and manage their firewalls with minimal IT overhead.Back to top
One Stop for Firewall Rules
The intuitive interface is designed so that a single configuration encompasses every component of a firewall rule. This includes link balancing and QoS configurations necessary to ensure uptime and full control of network traffic. A drag-and-drop interface enables quick-and-easy prioritization of rules.Back to top
Powerful Object-Oriented Design
The Barracuda NextGen Firewall X-Series provides organizations with the ability to aggregate devices, services, and users into management objects. These objects can contain references to other objects, creating a cascading and instantaneous impact across the network when network requirements change.
The power of objects is available to an organization the moment a Barracuda NextGen Firewall X-Series is deployed. A library of network, device, and user objects are pre-packaged for immediate use, or objects can be created to aggregate the ones that are already predefined on the unit.Back to top
Server Load Balancing
Barracuda NextGen Firewall X-Series can be easily configured to provide out-of-box load balancing or fallback functionality. This helps organizations improve the overall availability and performance of their server infrastructure. Administrators have two options in implementing server load balancing on the Barracuda NextGen Firewall X-Series:
Cycle— The destination IP addresses are used sequentially based on the source IP address of the connection.
Fallback — All traffic is forwarded to the first IP address in the list. If the first IP address becomes unavailable, the second IP address in the list is used, etc.Back to top
Link Optimization and Failover
To ensure the best and most cost-efficient connectivity, the Barracuda NextGen Firewall X-Series provides a wide range of built-in uplink options including unlimited leased lines, up to six DHCP, four xDSL, up to two ISDN and a UMTS lines. Administrators can bond multiple low-cost WAN links such as DSL lines to increase bandwidth at reduced costs. Further, by eliminating the need to purchase additional devices for uplink balancing, security-conscious customers will have access to a WAN connection; even if one or two of the existing WAN uplinks are severed.Back to top
Inbound Link Balancing
The Barracuda NextGen Firewall X-Series performs inbound link balancing by distributing inbound traffic across multiple links, leveraging its authoritative DNS services. This ensures that the Authoritative DNS server always provides the IP address of the best link when responding to DNS queries.Back to top
The Barracuda 3G/UMTS Modem provides support for wireless third-generation broadband communication using 3G technologies. This is ideal for remote sites that need a cost-effective, rapidly deployable, and ultra-reliable WAN backup solution to protect it from outages caused by cable or fiber link outages.
It can also serve as a high-quality and cost-effective alternative to traditional uplinks such as DSL, ISDN, and cable lines. The Barracuda 3G/UMTS Modem is suitable as a primary link for temporary sites, in-vehicle deployments, or for businesses requiring connectivity in areas with weak infrastructure such as construction sites, remote areas, mobile businesses, or trade shows.Back to top
Barracuda NextGen Firewall X-Series provides two options to set up guest access to the internet. Both options are available for locally attached networks as well as for Wi-Fi networks on the Barracuda NextGen Firewall X-Series X101 and X201 appliances.
- Confirmation Page: The confirmation page option prompts guests to agree to a configurable Terms of Service page before they can access the network. Guests are subsequently tracked with the assigned IP address since no user information is available.
- Guest Ticketing: The guest ticketing option will display a customizable logon page asking for user and passcode as generated on an admin website served by the Barracuda NextGen Firewall X-Series. Guests are subsequently tracked with their assigned username.
Barracuda NextGen Firewall X-Series models provide VPN capabilities that can be used from within a web browser. Unlike traditional client-to-site VPNs, SSL VPN does not require the installation of client software on the end user's computer. Use SSL VPN to grant remote users access to web applications, client and server applications, and internal network resources such as Outlook Web Access, SMB, RDP, Telnet, SSH, SMTP, POP3, VNC, IMAP4, webDAV, and HTTP and HTTPS web forwards.
SSL VPN is available at no additional cost for an unlimited number of users.Back to top
The Barracuda NextGen Firewall X-Series provides support for a suite of protocols to connect remote employees. The appliance supports IPsec-based VPN, PPTP, and the Barracuda Network Access VPN client. The VPN tunnel can be authenticated using a comprehensive set of mechanisms including NTLM, RADIUS, LDAP/LDAPS, Active Directory, and Local Authentication. Barracuda Networks provides VPN clients for Windows, Mac OS X, Linux, and Debian--downloadable right from the user interface.Back to top
IPsec VPNs ensure secure connectivity to other remote sites or a centralized office. Barracuda includes unlimited site-to-site licenses to connect as many sites as needed to the Barracuda NextGen Firewall X-Series.Back to top
The Barracuda NextGen Firewall X-Series is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection is offered as an all-inclusive subscription without any per-user fees. The Barracuda Cloud Control management portal is included free of charge.Back to top
High Availability and Failover
Two Barracuda NextGen Firewall X-Series units of the same model can easily be joined to act as a high availability setup in Active/Passive configuration. The active device continuously synchronizes its configuration and session information with the passive device. A heartbeat connection between the two identically configured devices ensures seamless failover in case the active device goes down.Back to top
All Barracuda NextGen Firewall X-Series models can apply IPS, Virus Protection, Application Control and URL Filter to SSL encrypted web traffic using the standard ' trusted man-in-the-middle' approach. SSL Inspection can be fine-tuned to exempt local networks, users/groups, URL Filter categories or custom defined domains from SSL Inspection.Back to top
Barracuda NextGen Firewall X-Series’s Virus Protection shields the internal network from malicious content via a fully integrated antivirus engine. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda NextGen Firewall X-Series’s Virus Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation. The Virus Protection can be run either in the Barracuda Cloud infrastructure or on-box.Back to top
Advanced Threat Protection
While traditional solutions usually detect zero-hour network threats after they have breached the network by sending log notifications to the administrator, the Barracuda Advanced Threat Protection (ATP) implements full system emulation, providing deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.
The Barracuda ATP offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization’s network.
The Barracuda Advanced Threat Protection is an optional subscription.Back to top
BYOD (Bring Your Own Device)
The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss.
The remote access app CudaLaunch provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.Back to top
Secure Remote Access
The Barracuda NextGen Firewall X-Series incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every X-Series firewall unit supports an unlimited number of VPN clients at no extra cost.
The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.
Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systemsBack to top
Network Access Control
The Barracuda Network Access Client, when used with the X-Series provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NextGen Firewall X-Series appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NextGen Firewall X-Series units acting as policy servers can be administered, monitored, and reviewed via Barracuda Cloud Control.Back to top
Due to the limitations that come with standard IPsec connections, Barracuda Networks has created several powerful extensions to standard IPsec tunnel management. This core of the Barracuda X-Series VPN engine is called TINA (Transport Independent Network Architecture). The TINA protocol allows the use of TCP, UDP, and ESP for high speed VPN connections, which improves the VPN connectivity substantially by adding:
- Endpoint-to-Endpoint (not network-to-network) connectivity
- NAT friendliness
- Multiple physical transport paths for a logical tunnel
- Multiple tunnels between two locations
- HTTPS and SOCKS4/5 proxy compatibility
- Dynamic Address Support
- Tunnel heartbeat monitoring
CudaLaunch is an application for Windows, macOS, iOS, and Android devices that provides mobile workers secure remote access to their organization’s private cloud applications and other sensitive information through the Barracuda NextGen Firewall X-Series. CudaLaunch provides several benefits over traditional browser-based SSL VPN remote access. As an app, it provides a familiar app store setup and install experience for end users.
Unlike browser-based remote access, CudaLaunch provides a more responsive look and feel that is unified across mobile platforms and avoids the idiosyncrasies of mobile browsers. Once an end user has started the app, a swipeable Launchpad provides quick and easy access to internal applications, favorites, and full TINA VPN connections (which securely connect the device to your corporate network). These richer VPN connections support mobile apps that connect back to the corporate network, such as remote desktop apps.
Designed to be completely self-configuring, CudaLaunch includes easy central management for large deployments and integrates with the powerful security features of the X-Series firewall. For IT administrators, the X-Series firewall provides one place to manage security policies for all types of remote access (CudaLaunch, SSL VPN, Barracuda Network Access Client, and standard IPsec). The end user experience is consistent across platforms and remote access types, making for ease of use and significantly lower support costs. The self-configuration and management of VPN connections makes setup super easy for end users and removes the headache of supporting the manual configuration of IPsec connections on iOS and Android.
to More information on CudaLaunch is available here.
The app is available for free atiTunes App Store,
barracuda.com (for CudaLaunch for Windows)
Please note that CudaLaunch requires Barracuda NextGen Firewall X-Series firmware 7.1 and an active Advanced Remote Access subscription.Back to top