Barracuda CloudGen Firewall Protecting ExpressRoute

Download PDF

Enhance ExpressRoute Security

Microsoft Azure ExpressRoute lets you create private connections between Azure data centers and infrastructure on-premises or in a colocation environment. ExpressRoute offers a range of security features which the Barracuda CloudGen Firewall enhances by:

Allowing comprehensive access control for all inbound/outbound traffic

Providing visibility into specific traffic flowing through the ExpressRoute tunnel

Ensuring a safe and reliable connection between MPLS and ExpressRoute

Switching to a baseline in case of MPLS router or line failure

Secure and Protect Endpoints

Create security rules and increase control with the Barracuda CloudGen Firewall F
  • The Barracuda CloudGen Firewall F-Series is deployed on either end of ExpressRoute
  • In the event of an MPLS failure, the Barracuda CloudGen Firewall F-Series automatically creates a VPN tunnel over the internet router and passes it to the Azure gateways

Best Practices

Preserving Low Latency
Maintain a quality of service based on protocol and application to achieve equal or better bandwidth compared to other applications.

Controlling Traffic Access
Monitor and control inbound and outbound traffic based on IP addresses, ports, protocol, user identity, AD security groups, FQDN, Application Detection, and RPC portmapper information.

Enabling End-to-End Line Security
Encrypt traffic from end-to-end and send it through the system, while maintaining full control over keys and algorithms.

Protecting Networks from MPLS Failure
Switch to an internet baseline in the event of MPLS router or line failure, and then automatically use that particular connection. This also provides support for multiple ISP uplinks.

Benefits

Security

  • Encrypts traffic across ExpressRoute
  • Prevents direct traffic flow between applications and the cloud
  • Inspects and logs all inbound and outbound traffic for reporting purposes

Reliability

  • Automatically sets up a VPN for secondary connection in the event of failure
  • Allows multiple ExpressRoutes; one primary and one secondary

Intelligence

  • Prioritizes traffic from any specified application and sends it via a configured link
  • Blocks specific application traffic from going to and from Azure
  • Allows or denies certain users based on credentials and access privileges

User and Application Awareness

The Barracuda CloudGen Firewall F Application Delivery Network:

  • Provides quality of service for all applications hosted in Azure
  • Controls traffic based on protocols and ports, and is user and application aware
  • Offers access control, optimized routing decisions, and traffic prioritization and limits
  • Provides adaptive access to different types of applications hosted in Azure over one multi-transport VPN tunnel
  • Protects ExpressRoute from being clogged with bulk traffic

Choose Barracuda to Complement ExpressRoute

ExpressRoute connections are not transmitted via the public Internet and off er more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet. By deploying the Barracuda CloudGen Firewall both in Azure and in the local network, users improve their visibility into traffi c and are able to apply access control, and traffi c prioritization and limits to their workflow. The Barracuda CloudGen Firewall enhances ExpressRoute to create a secure, reliable, and intelligent connection between Azure and the on-premises infrastructure.

Learn More About Barracuda

Helpful links to learn more about Barraucda Networks and Barracuda CloudGen Firewall F-Series: