Barracuda CloudGen Firewall For Azure

Protecting your Digital Assets in Microsoft Azure

Download PDF

Overview

Growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures cannot reach; specifically, data centers not owned by your corporate IT group. Barracuda CloudGen Firewall provides centralized management and highly secure, encrypted traffic to, from, and within Microsoft Azure deployments.

The Barracuda Advantage

  • A true Cloud Generation Firewall: deployed how you need it, leverages all built-in Azure features, and license models ensure frictionless commerce
  • Simplicity of operation, bridging on-premises and cloud security in a single interface
  • Secure and reliable connectivity between on-premises and Azure deployments as well as between Azure deployments
  • Central management of all functionality for both, on-premises and Azure deployments
  • Unrivaled Quality of Service capabilities

Product Spotlight

  • Full user/group awareness
  • Full application visibility and granular access control
  • Advanced Threat Protection (incl. sandboxing)
  • Built-in web security and IDS/IPS
  • Full SD-WAN capabilities included
  • Application-based provider selection
  • Full support for Azure ExpressRoute
  • True license flexibility with Bring-Your-Own-License or Pay-as-You-Go (time- or volume-based)

Secure Connectivity

For an optimum Azure deployment, it is crucial to initiate the deployment in a highly secure and reliable way. Deploying a Barracuda CloudGen Firewall in Microsoft Azure provides comprehensive, secure connectivity capabilities, starting with high-performance TINA VPN tunnels for site-to-site and client-to-site connections. Deployment includes robust WAN optimization features to maintain the highest quality of service possible.

Central Management

Barracuda CloudGen Firewall benefits from the same industry-leading central management as onpremises deployments. Easily manage the secure VPN connections to, from, and within Microsoft Azure and the Barracuda CloudGen Firewall deployment itself.

Integrated Next-Generation Security

Barracuda CloudGen Firewall is designed and built from the ground up to provide comprehensive, next-generation firewall capabilities. Based on application visibility, user-identity awareness, intrusion prevention, and centralized management, Barracuda CloudGen Firewall is the ideal solution for today’s dynamic enterprises that are adding Microsoft Azure into their company network.

Barracuda CloudGen Firewall's dashboard provides real-time information and summaries of what is going on in an organization's network
"Barracuda provided the solution that enabled us to react to our fast-changing business and IT environments – the speed and flexibility of reaction, the simplicity of implementation, meant we could maintain and enhance this solution going forward very easily."

- Pascal Wenders, ICT Team Leader, Aevitae

Technical Specs

Technical Specs

Firewall

  • Stateful packet inspection and forwarding
  • Full user-identity awareness
  • IDS/IPS
  • Application control and granular application enforcement
  • Interception and decryption of SSL/TLS encrypted applications
  • Antivirus and web filtering in single pass mode
  • Email security
  • SafeSearch enforcement
  • Google Accounts Enforcement
  • Denial of Service protection (DoS/DDoS)
  • Spoofing and flooding protection
  • ARP spoofing and trashing protection
  • DNS reputation filtering
  • NAT (SNAT, DNAT), PAT
  • Dynamic rules / timer triggers
  • Single object-oriented rule set for routing, bridging, and routed bridging
  • Virtual rule test environment

Protocol Support

  • IPv4, IPv6
  • BGP/OSPF/RIP
  • VoIP (H.323, SIP, SCCP [skinny])
  • RPC protocols (ONC-RPC, DCE-RPC)
  • 802.1q VLAN

Intrusion Detection and Prevention

  • Protection against exploits, threats and vulnerabilities
  • Packet anomaly and fragmentation protection
  • Advanced anti-evasion and obfuscation techniques
  • Automatic signature updates

Advanced Threat Protection

  • Dynamic, on-demand analysis of malware programs (sandboxing)
  • Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
  • Detailed forensic analysis
  • Botnet and spyware protection
  • TypoSquatting and link protection for email

Central Management Options via Barracuda Firewall Control Center

  • Unlimited firewalls
  • Support for multi-tenancy
  • Multi-administrator support & RCS
  • Pool license management
  • Template & repository-based management
  • REST API

Traffic Intelligence & SD-WAN

  • Simultaneous use of multiple uplinks (transports) per VPN tunnel
  • FIPS 140-2 certified cryptography
  • Auto-VPN tunnel creation between remote spoke locations based on application type
  • Dynamic bandwidth detection
  • Performance-based transport selection
  • Application-aware traffic routing
  • Adaptive session balancing across multiple uplinks
  • Traffic Replication (forward error correction)
  • Application-based provider selection
  • Application-aware traffic routing (VPN, Azure ExpressRoute)
  • Traffic shaping and QoS
  • Built-in data deduplication

VPN

  • Drag & drop VPN tunnel configuration
  • VPNC certified (basic interoperability)
  • Network Access Contro
  • iOS and Android mobile device VPN support
  • Multi-factor authentication for SSL VPN and CudaLaunch

Infrastructure Services

  • DHCP server, relay
  • SIP, HTTP, SSH, FTP proxies
  • SNMP and IPFIX support
  • DNS Cache

Barracuda Energize Updates

  • Standard technical support
  • Firmware updates
  • IPS signature updates
  • Application control definition updates
  • Web filter updates

Models & Options

Models

Level 1

  • Capacity
  • 1 Virtual Cores
  • 10 Number of protected IP addresses
  • BYOL Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Threat Protection Optional
  • Premium Support Optional
  • Advanced Remote Access Optional

Level 2

  • Capacity
  • 1 Virtual Cores
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Threat Protection Optional
  • Premium Support Optional
  • Advanced Remote Access Optional

Level 4

  • Capacity
  • 2 Virtual Cores
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Threat Protection Optional
  • Premium Support Optional
  • Advanced Remote Access Optional

Level 6

  • Capacity
  • 4 Virtual Cores
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Threat Protection Optional
  • Premium Support Optional
  • Advanced Remote Access Optional

Level 8

  • Capacity
  • 8 Virtual Cores
  • Number of protected IP addresses
  • BYOL, PAYG Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Threat Protection Optional
  • Premium Support Optional
  • Advanced Remote Access Optional

PAYG

  • Capacity
  • n/a Virtual Cores
  • unlimited Number of protected IP addresses
  • PAYG (time-based) Consumption model

+ Show more - Show less

  • Features

  • Firewall incl.IPS
  • Application Control
  • VPN (Site-to-Site and Client-to-Site)
  • SSL Interception
  • SD-WAN
  • Network Access Control for VPN client-to-site connections
  • Advanced Threat Protection -
  • Premium Support -
  • Advanced Remote Access

Security Options

  • Advanced Threat Protection prevents from network breaches, identi es zero-day malware exploits, targeted attacks, advanced persistent threats and other advanced malware.
  • Malware Protection provides gateway- based protection against malware, viruses, spyware, and other unwanted programs inside SMTP/S, HTTP/S, and FTP traffic.
  • Advanced Remote Access subscription provides remote access via the CudaLaunch app for Windows, macOS, iOS, and Android devices