Barracuda NextGen Firewalls

Protection and Performance for the Cloud Era

Free Trial

Cloud Readiness

Branch to Cloud

Unlike traditional next-generation firewalls that are mainly designed to be deployed at the gateway in backhauled network environments, Barracuda NextGen Firewalls are designed from the ground up to enable direct access to cloud applications in dispersed networks where quality of service, network reliability, and secure connectivity are required at every single location. Barracuda NextGen Firewalls combine the full security feature set expected from a top-line next-gen firewall with uplink bonding, load balancing and traffic compression capabilities, and cloud access optimization from every branch office. Barracuda’s fully integrated central management, which is scalable from a few dozen to thousands of remote locations, ensures security and compliance at every branch office and remote site without the need to backhaul traffic.

Back to top

Ransomware & Advanced Persistent Threats


Ransomware is a distinct type of cyberattack that extorts payment from the victim in exchange for access to data encrypted in the attack. The most prevalent type of malware used in this kind of crime is crypto-ransomware, which normally encrypts the files on the compromised system and then demands a ransom in return for the ability to decrypt and recover the files. Cybercriminals do not seem to care who they target with a ransomware attack, as long as the victim is willing to pay. All sizes of organizations have been targeted. Ransomware starts out like most other malware: as a drive-by download or an email attachment. You are safest if you can stop it at this level. Unfortunately, ransomware consistently makes use of zero-day exploits and is custom created for every infection.

So what is a zero-day exploit, exactly? A zero-day exploit takes advantage of vulnerabilities of an operating system or an application that was discovered on the very same day (“Zero day”) or very recently. As a matter of fact, fixing a vulnerability takes time, which knowledgeable attackers make use of. And so, having AV and IPS in place is still a must, but an organization needs to add another security layer to ensure that such exploits or advanced persistent threats do not cause severe security breaches. We refer to this new security layer as Advanced Threat Protection.

Advanced Threat Protection (ATP)

With Advanced Threat Protection, available on many Barracuda Networks products including the NextGen Firewalls, suspicious or unknown files are executed in a sandbox environment prior to being forwarded to the user. Aside from thereby being able to determine if a file is benign or malicious, Barracuda NextGen Firewall customers also have access to full reports on every test executed that explain why a file is regarded to be malicious. Because the emulation is done in a sandbox environment in the Barracuda ATP cloud, no new hardware is needed. Advanced Threat Protection can easily be deployed across the corporate WAN network.

Advanced Persistent Threats

While Advance Threat Protection technology prevents customers from being infected in the first place, existing equipment is sometimes already infected or existing security mechanisms, like client antivirus or IPS systems, are unable to detect the infection because it was designed from the ground up to exfiltrate information on an ongoing basis and never be detected. This is usually referred to as an Advanced Persistent Threat, a piece of malware designed not to be detected. Barracuda NextGen Firewalls detect these types of infections by monitoring and intercepting DNS traffic to known malicious sites, immediately stopping data exfiltration, and alerting the network administrator.

Back to top

Continuity Gaps

Avoid disruptions due to Internet outages

Barracuda NextGen Firewalls load balance and failover up to 24 Internet access lines to increase WAN performance and boost reliability. With instantaneous failover and application-based uplink selection, Barracuda NextGen Firewalls provide increased bandwidth while significantly reducing bandwidth expenditure. When connecting multiple locations, our NextGen VPN technology with built-in compression and traffic optimization, provides better virtual bandwidth between two VPN endpoints than physically available.

Maintain secure, reliable, and optimized connectivity between all your sites

Your business relies more than ever on connectivity – either for branch offices, datacenters, or public cloud offerings. Creating and maintaining secure and sturdy connectivity with Barracuda NextGen Firewalls is as simple as drag-and-drop. The high performance VPN connections can even be created automatically on-demand. This ensures that latency is as low as possible and administrators have full real-time visibility into what is going on.

Prepare your organization for cloud-based business applications

Besides safely enabling Software-as-a-Service (SaaS) applications, Barracuda’s NextGen Firewalls ensure a high Quality-of-Service for cloud applications such as Office 365, Salesforce, and other productivity applications. By link-balancing traffic, administrators can ensure that business-critical data has priority over non-essential data. Granular visibility into user activity helps administrators create traffic-shaping policies that are appropriate for their organization.

Ensure remote users have access to corporate resources

Having access to corporate information can be essential when on-the-road. Barracuda NextGen Firewalls offer several options for fast and secure access to corporate resources and still benefit from the same high performance VPN tunnels that are used for site-to-site tunnels. The options range from clientless SSL VPN for Windows, Mac, and Linux devices, to a remote access app for mobile devices running iOS or Android – the choice is yours.

Back to top

Data Loss

Protect assets from advanced malware and zero-hour attacks

The threat landscape is constantly evolving. Despite significant investments in traditional security mechanisms, your organization still faces zero-hour malware exploits, targeted attacks, and advanced persistent threats that routinely bypass signature-based IPS and antivirus engines. Barracuda Advanced Threat Protection (ATP) is a cloud-based malware analysis environment that uses next-generation sandbox technology powered by full-system emulation to catch not only persistent threats and zero-day exploits, but also advanced malware designed to evade detection.

Secure all attack surfaces

In the cloud age, modern networks are highly distributed across multiple physical locations as well as private and public clouds making unified security policies across all network locations a challenge. Barracuda NextGen Firewalls are available as hardware appliances, virtual appliances for all major hypervisors, and public cloud environments, providing the same feature set across all models. This allows you to use a single, centrally manageable policy everywhere - from local branch offices, to datacenters and the cloud. Personal firewall modules of the Barracuda Network Access Client extend security policy coverage even to mobile users’ individual laptops, effectively securing all network attack surfaces.

Monitor and regulate what users do on your network

All Barracuda NextGen Firewalls inspect network traffic by leveraging advanced fingerprint and deep SSL Inspection to identify applications and content. Based on the results, a flexible set of actions can be defined for connection attempts and traffic using a library of thousands of fingerprinted applications. Set granular policies for specific application features (e.g., limiting audio calls on Skype), users, and even user groups.

Back to top

Resource Constraints

Simplify IT by managing security policies across all locations from one pane of glass

The scalability of central policy management helps contain costs while improving your security posture. The scalable F-series product line comes with a dedicated multitenant-capable central management server that provides object and policy sharing across hundreds to thousands of next-generation firewalls. The X-series appliances can easily be integrated into Barracuda Cloud Control along with most other Barracuda products for remote access to all your Barracuda products from a single pane of glass.

Reduce line costs by removing expensive MPLS connections

Reliability and quality have long forced you to use pricey MPLS lines as the means to connect your datacenter to remote locations. Barracuda NextGen Firewalls provide increased fault tolerance using the intelligent and adaptive link balancing to provide more bandwidth for less money. Multiple Internet uplinks can be aggregated or used in an application-selective fashion. Each link can be used to establish an individual VPN connections with sub-second failover so that outages of uplinks will not cause any service disruptions. VPN connections between remote locations can be brought up on-the-fly to optimize response times for certain applications like voice calls. (F-Series only)

Back to top

IoT & Machine-2-Machine connectivity

In the age of the Internet of Things, more and more companies need to securely and economically connect large numbers of remote devices like automated teller machines (ATMs), point-of-sale kiosks, wind power stations, networked industrial machines, or even very small offices. Managing and protecting network traffic among these remote machines is often a logistical nightmare involving many different firewalls, VPN software, and routing steps.

Barracuda NextGen Firewalls are available as ultra-small appliances, the Secure Connector appliance (FSC1), which reliably connect each remote device with multiple uplinks and even an automated failover in case one uplink fails.

The FSC1 provides zone-based firewalling, Wi-Fi, and full VPN connectivity for the connected device. The network traffic is then backhauled to a NextGen Firewall Secure Access Concentrator(FSAC), running at a central office or in the cloud, for inspection and other resource-intensive security tasks such as URL filtering, intrusion prevention (IPS), antivirus protection and application detection.

More on what Barracuda provides to protect your Internet of Things is available here.


Back to top