Secure Remote Access for Mobile Users with Barracuda CloudGen Firewalls

Download PDF

Introduction

Mobile and remote workers are a fixture of today’s work environments. Work can be done anytime and anywhere, using a wide variety of devices—including employee-owned devices over which your IT staff has little control. With the freedom to complete their day-to-day work independent from physical locations or fixed office hours, your employees can be more productive. But this new reality comes with a challenge: How do you make it easy for remote workers to reliably access critical business applications and data via poorly secured public Wi-Fi hotspots—without putting those assets at risk from cyber criminals and online threats?

Network Access Clients for Corporate-Owned Devices

Barracuda Network Access Client uses Barracuda’s proprietary Transport-Independent Network Architecture (TINA) VPN protocol to provide superior performance, always-on stability, and greater ease of use compared to standard IPsec client software. Additional benefits include quick restoration of VPN tunnels, redundant VPN gateway support, selective routing of network traffic through the VPN tunnel, and optimal VPN gateway detection based on location. The Barracuda Network Access Client also provides centrally managed Network Access Control (NAC) and a centrally-managed advanced Personal Firewall. This enforces client health and security policies for remote users connecting to the corporate network.

The Network Access Client is available free of charge with Barracuda CloudGen Firewalls for an unlimited number of client-to-site users for Windows, macOS, Linux, and OpenBSD devices. For Android and Apple iOS devices, Barracuda CloudGen Firewalls provide standard IPSec-based compatibility or the option to use CudaLaunch (see below).

CudaLaunch for Employee-Owned Devices

Bring-your-own-device (BYOD) arrangements have become a standard feature of many workplaces. They increase productivity, employee satisfaction, and cost savings for the company. Unfortunately, BYOD opens additional attack surfaces as devices with unknown security controls are granted access to the network.

CudaLaunch is a free app for Windows, macOS, Apple iOS, and Android devices that end users can install without elevated privileges on the device. CudaLaunch looks and feels the same on every platform, and provides fast, Java-independent access to commonly used applications in the company network, whether hosted on-premises or in the cloud. CudaLaunch checks and updates new client configurations when it starts up, streamlining initial setup and simplifying ongoing maintenance of VPN connections on client devices. Every Barracuda CloudGen Firewall supports an unlimited number of VPN clients at no extra cost. And with consistent interfaces across client types IT helpdesk support is simplified despite rapidly changing mobile and BYOD devices.

Browser-Based Access

Another way to deal with remote access is browser-based access via SSL VPN. This is the most versatile way to handle remote access, since it only requires a web browser application. Remote users connect via an SSL-encrypted VPN to the centrally administered mobile portal. There, users can browse apps, network folders, and files as if they were directly connected to the office network.

Simple Deployment, Configuration, and Management

Access control policies are inherited from the Barracuda CloudGen Firewalls, which provide a single place to manage unified security policy across all types of remote access, including CudaLaunch, SSL VPN, Barracuda Network Access Client, and standard IPsec VPN connections.

Barracuda offers Zero-Touch Provisioning (ZTP) for remote access. ZTP enables administrators to roll out even large numbers of clients with ease.

Barracuda Remote Access in Summary

Barracuda provides all the connectivity features required to ensure that remote workers can securely and reliably access corporate resources at any time from anywhere with internet access:

  • TINA VPN
  • Mobile Portal
  • Network Access Control
  • Wide Platform Support
  • Central Management
  • Zero-Touch Provisioning
  • Self-Configuring

Conclusion

All Barracuda CloudGen Firewalls include VPN remote access capabilities, using SSL-VPN, IPsec, and the proprietary high-performance TINA protocol. This ensures that remote users can easily and securely access corporate applications without time-consuming client configuration and management.

The communication protocols used are optimized to be fully roaming-capable, and transparently reconnect in case the connection is temporarily broken. Smart pathfinder technology determines the nearest point of entry to the corporate network.