Azure ExpressRoute and Barracuda CloudGen Firewall for Azure - Better Flexibility Together

Achieve Consistent Performance and Improved Security for a Seamless Cloud Experience

Download PDF

High throughput, low latencies, redundant connections, consistent performance, and improved security is what you are looking for when you expand your data center to the public cloud or when you build hybrid applications. Azure ExpressRoute provides all of this and enables you to establish private connections between Azure data centers and infrastructure that’s on your premises.

Barracuda CloudGen Firewall is designed to provide a seamless cloud experience by building an optimized next-generation application delivery network, affording adaptive access to different types of applications hosted in Microsoft Azure. By doing so, it is guaranteed that the ExpressRoute link is not occupied by bulk traffic but by traffic an organization’s business continuity depends on.

Barracuda CloudGen Firewall’s multi-transport VPN technology allows combining different types of connectivity media to build a hybrid, adaptive virtual link between remote locations. Applying the same technology to connections between Microsoft Azure public cloud and an on-premise network, it becomes possible to take full advantage of Azure ExpressRoute and protect it from being clogged with bulk traffic, which does not require high-quality lines.

Next-Generation Application Delivery Network

Being a fully featured next-generation firewall, Barracuda CloudGen Firewall controls traffic not only basing on protocols and ports, but is also user and application aware. Information gained from user identification and Deep Packet Inspection is used for access control, routing decisions (whether traffic should be directed over high-quality or bulk transport), and traffic prioritization and limits.

Combining application awareness with traffic shaping as well as the ability to combine multiple VPN transports between locations allows building optimized and highly redundant nextgeneration application delivery networks. This provides adaptive access to different types of applications hosted in Azure over one multi-transport VPN tunnel. Additional optimization can be gained using built-in compression and block-level caching

Multi-transport Tunneling and Dynamic Path Selection

Unlike most of VPN solutions on the market and thanks to its unique proprietary VPN protocol, Barracuda CloudGen Firewall is able to establish up to 24 concurrent secure VPN transports between each pair of locations. Enabling multitransport site-to-Azure VPN provides not only resiliency against MPLS failures, but also allows intelligent bonding of ExpressRoute and all Internet uplinks available at a physical location to achieve most of total network bandwidth.

But there is more about Barracuda’s VPN than just multitransport tunneling: Dynamic Path Selection.

Deploying Barracuda CloudGen Firewalls at both ends of ExpressRoute brings optimum visibility into what is going across the wire (incl. real-time trouble shooting and modifi cation of allocated bandwidth).

The firewalls actively filter for malware and exploits as well as undesired activities. It will allocate adequate bandwidth and priority to more important flows over less important ones.

Finally, dynamic path selection allows for extra safeguards against MPLS outages where a complementary Internetbased VPN can be put in place to step in instantaneously if the MPLS go down. Likewise, network load can be reduced by using compression, data deduplication on each link, as well as by balancing traffic between MPLS and Intern VPN in order to free up available bandwidth for mission critical traffic.

Security and Troubleshooting

Whether it’s users accessing Azure-hosted applications or Azure VM instances using resources located in a remote onpremises network, full access control based on location, identity, application and system health is crucial for network security. Deploying Barracuda CloudGen Firewalls both in Azure cloud and in the local network additionally enforces access controls on both ends of a VPN tunnel, ensuring that no bandwidth is wasted due to traffi c being blocked on the wrong end of the tunnel.

Synchronized configuration across multiple locations, realtime view, and aggregated logs minimize configuration effort and time needed for troubleshooting.

Conclusion

Microsoft Azure feels like a natural extension to your data center—you enjoy the scale and economics of the public cloud without having to compromise on network performance. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies and higher security than typical connections over the Internet.

Deploying Barracuda CloudGen Firewalls both in Azure cloud and in the local network additionally enforces best-of-breed traffi c control, access control, traffi c prioritization and limits.