Barracuda CloudGen Firewall for AWS

Protecting Your Digital Assets in Amazon Web Services

Download PDF

Overview

The growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures cannot reach - into data centers not owned by your corporate IT group. Beyond its powerful network firewall, IPS, and VPN technologies, the Barracuda CloudGen Firewall integrates a comprehensive set of next-generation firewall technologies, including comprehensive Application Control, Availability, and Quality of Services (QoS) features.

The Barracuda Advantage

  • A true Cloud Generation Firewall: deployed how you need it, leverages all built-in AWS features, and license models ensure frictionless commerce
  • Simplicity of operation, bridging on-premises and cloud security in a single interface
  • Secure and reliable connectivity between onpremises and Amazon Web Services deployments
  • Central management of all functionality for both, onpremises and Amazon Web Services deployments
  • Unrivaled Quality of Service capabilities

Product Spotlight

  • Full user/group awareness
  • Full application visibility and granular access control
  • Advanced Threat Protection (incl. sandboxing)
  • Built-in web security and IDS/IPS
  • Full SD-WAN capabilities included
  • Application-based provider selection
  • Full support for AWS Direct Connect
  • True license flexibility with Bring-Your-Own-License or Pay-as-You-Go (time- or volume-based)

Granular Application Control

Barracuda CloudGen Firewall gives administrators granular control over applications, allowing them to define rules for forwarding data traffic using the best respective transmission channels based on type of application, user, content, time of day, and geographical location. Barracuda CloudGen Firewall F-Series allows organizations to prioritize traffic by limiting or restricting access to non-business-related applications and network traffic, even when encrypted.

Central Management

Barracuda CloudGen Firewall benefits of the same industry-leading single-pane-of-glass central management as on-premises deployments do. Easily manage the secure VPN connections to, from, and within Amazon Web Services and the Barracuda CloudGen Firewall deployment itself.

Integrated Next-Generation Security and Connectivity

Barracuda CloudGen Firewall Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as SQL injections and arbitrary code executions.


Barracuda CloudGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management.

Barracuda CloudGen Firewall's dashboard provides real-time information and summaries of what is going on in an organization's network
"We are using Barracuda CloudGen Firewalls, provisioned through the AWS Marketplace, to effectively guard our application against web-based attacks and application layer attacks. The Barracuda solution plugs in seamlessly to our AWS environment, and it is doing its job of minimizing the attack surface area and helping our customers keep club member cardholder data protected."

- Max Longin, Founding Partner, Club Automation

Technical Specs

Technical Specs

Firewall

  • Stateful packet inspection and forwarding
  • Full user-identity awareness
  • IDS/IPS
  • Application control and granular application enforcement
  • Interception and decryption of SSL/TLS encrypted applications
  • Antivirus and web filtering in single pass mode
  • Email security
  • SafeSearch enforcement
  • Google Accounts Enforcement
  • Denial of Service protection (DoS/DDoS)
  • Spoofing and flooding protection
  • ARP spoofing and trashing protection
  • DNS reputation filtering
  • NAT (SNAT, DNAT), PAT
  • Dynamic rules / timer triggers
  • Single object-oriented rule set for routing, bridging, and routed bridging
  • Virtual rule test environment

Protocol Support

  • IPv4, IPv6
  • BGP/OSPF/RIP
  • VoIP (H.323, SIP, SCCP [skinny])
  • RPC protocols (ONC-RPC, DCE-RPC)
  • 802.1q VLAN

Intrusion Detection and Prevention

  • Protection against exploits, threats and vulnerabilities
  • Packet anomaly and fragmentation protection
  • Advanced anti-evasion and obfuscation techniques
  • Automatic signature updates

Advanced Threat Protection

  • Dynamic, on-demand analysis of malware programs (sandboxing)
  • Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
  • Detailed forensic analysis
  • Botnet and spyware protection
  • TypoSquatting and link protection for email

Central Management Options via Barracuda CloudGen Control Center

  • Unlimited firewalls
  • Support for multi-tenancy
  • Multi-administrator support & RCS
  • Pool license management
  • Template & repository-based management
  • REST API

Traffic Intelligence & SD-WAN

  • Simultaneous use of multiple uplinks (transports) per VPN tunnel
  • FIPS 140-2 certified cryptography
  • Auto-VPN tunnel creation between remote spoke locations based on application type
  • Dynamic bandwidth detection
  • Performance-based transport selection
  • Adaptive session balancing across multiple uplinks
  • Traffic Replication (forward error correction)
  • Application-based provider selection
  • Application-aware traffic routing (VPN, Direct Connect)
  • Traffic shaping and QoS
  • Built-in data deduplication

VPN

  • Drag & drop VPN tunnel configuration
  • VPNC certified (basic interoperability)
  • Network Access Contro
  • iOS and Android mobile device VPN support
  • Multi-factor authentication for SSL VPN and CudaLaunch

Infrastructure Services

  • DHCP server, relay
  • SIP, HTTP, SSH, FTP proxies
  • SNMP and IPFIX support
  • DNS Cache

Barracuda Energize Updates

  • Standard technical support
  • Firmware updates
  • IPS signature updates
  • Application control definition updates
  • Web filter updates

Models & Options

Models

Level 1

  • Capacity
  • 1 Virtual Cores
  • 2 Max Number of Interfaces
  • 10 Number of protected IP addresses
  • BYOL Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Remote Access Optional
  • Advanced Threat Protection Optional
  • Premium Support Optional

Level 2

  • Capacity
  • 1 Virtual Cores
  • 2 Max Number of Interfaces
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Remote Access Optional
  • Advanced Threat Protection Optional
  • Premium Support Optional

Level 4

  • Capacity
  • 2 Virtual Cores
  • 2 Max Number of Interfaces
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Remote Access Optional
  • Advanced Threat Protection Optional
  • Premium Support Optional

Level 6

  • Capacity
  • 4 Virtual Cores
  • 4 Max Number of Interfaces
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Remote Access Optional
  • Advanced Threat Protection Optional
  • Premium Support Optional

Level 8

  • Capacity
  • 8 Virtual Cores
  • 4 Max Number of Interfaces
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Remote Access Optional
  • Advanced Threat Protection Optional
  • Premium Support Optional

PAYG

  • Capacity
  • n/a Virtual Cores
  • n/a Max Number of Interfaces
  • unlimited Number of protected IP addresses
  • PAYG (time- or volume-based) Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Remote Access
  • Advanced Threat Protection -
  • Premium Support -

Security Options

  • Advanced Threat Protection prevents from network breaches, identi es zero-day malware exploits, targeted attacks, advanced persistent threats and other advanced malware.
  • Malware Protection provides gateway- based protection against malware, viruses, spyware, and other unwanted programs inside SMTP/S, HTTP/S, and FTP traffic.
  • Advanced Remote Access subscription provides remote access via the CudaLaunch app for Windows, macOS, iOS, and Android devices