Using Barracuda NextGen Firewall F-Series for WAN Optimization

Intelligent traffic analysis, link aggregation, and rule-based data stream assignment at application level

Download PDF

Executive Summary

Many organizations have branch offices around the globe and need to connect their business accordingly. Communication and data transfer between branches, headquarters, and road warriors is usually done over the wide area network (WAN).

WAN optimization does not only affect large organizations. Every organization with multiple sites must incorporate them into the network. Bandwidth and availability demands remain low as long as the offices only need email and Internet access. However, the use of Cloud applications, IP telephony, Unified Communications, and high-bandwidth applications can strain the network. Critical company applications need to be accessible at all times from any location. If the data line fails, work in the branch office comes to a standstill. MPLS lines are the ideal solution for data transfer when it comes to high availability and capacity. However, these are often expensive and not always available outside metropolitan areas. Therefore, IT managers look for other ways to optimize their wide area networks (WANs).

One example is to use alternative links, such as DSL, with an additional link balancer. But, just like every element that is added to the IT infrastructure, this also has to be installed, set up, managed, and maintained. Having multiple disparate products generates more work, requires more resources, and creates bigger risk of incompatibility than having one, centrally managed product for security, content control, and optimization.

With a Barracuda NextGen Firewall F-Series, all bandwidth can be used much more effectively, making investments in expensive lines unnecessary. They do far more than just link balancing and content control. Thanks to the enhanced diagnosis features in a Barracuda NextGen Firewall F, it’s possible, not only to define Quality of Service (QoS), but also to determine the optimum route for each data connection. Since the choice of route is complemented by information about the route’s availability or quality, the available bandwidth with the highest fail-safe levels can be used (reserved) for timesensitive traffic. A centrally-managed F-Series saves the IT staff time because many diverse functions can be managed with a single, consistent interface. It also saves resources as IT specialists don’t need to be present at every location.

Traffic Prioritization

With a NextGen Firewall, time-sensitive traffic can be given priority over less urgent traffic. To save connection costs, particularly in international businesses operations, Internetbased channels can be used instead of expensive MPLS or telephone connections. A delay of one minute for an email transmission is usually inconsequential, but is a problem with real-time or near real-time interactive communication. When an IT administrator uses a NextGen Firewall F-unit to give connection priority to a voice-over-IP (VoIP) application, this traffic shaping is a first step towards WAN optimization.

Offloading Compute-intensive Tasks to The Cloud

IT security in particular benefits from cloud services, because the mechanisms for protecting against attacks precede the company network. Web filtering, malware, and spam detection in the Cloud have several advantages: offloading compute-intensive tasks to the Cloud, reducing local resources, reaching almost unlimited scalability, and benefitting from higher flexibility.

Distributed organizations with several small branches, can experience high WAN traffic because each branch must query the HQ for web security tasks.

Delegating such tasks to the Cloud eliminates this traffic since each branch can offload processor-intensive web security tasks directly to the Cloud. In addition to freeing up the HQ network and processing capacity, central management in the Cloud ensures secure, policy-compliant direct Internet break outs.

WAN (Link) Management

Not all types of data are of equal importance, as the example of telephony vs. email traffic shows. With their varying priority levels, costs can be saved by intelligent distribution to all available lines.

Instead of connecting the branch offices with a powerful MPLS line, a less expensive alternative often suffices too. With a NextGen Firewall F this can be complemented by combining several of less reliable links to form a Virtual Private Network (VPN). This variation can achieve availability rates in the 99.999 percent range, which corresponds to an approximate downtime of five minutes per year.

An IT administrator could also fall back on corresponding stand-alone solutions to combine several links to form a VPN. However, this requires more resources for installation, management, and maintenance, which is why the F-Series of the Barracuda NextGen Firewall family, an all-in-one solution, also saves costs. But the primary advantage is the synergy of the analysis functions.

Optimizing Data

Of course, the classic techniques like deduplication and compression, caching, optimization, and bundling of queries for specific protocols (e.g., file sharing, forward error correction, etc.) improve overall WAN performance and are a critical in a Barracuda NextGen F device. The benefit of integration is that the analytical functions make the firewall better suited to optimize the WAN. In addition, centralized management saves the IT team time and effort.

Application Control and Traffic Intelligence

Barracuda NextGen Firewall F-Series ensures security by analyzing the incoming and outgoing data, filtering out malicious links, and blocking suspicious data packages. Their performance is directly related to their analysis abilities. The tightly integrated application control is capable of assigning data packages to individual applications, of determining the content, as well as either blocking or granting passage according to rules defined by the administrator. Individual functions within an application can even be controlled using the SSL interception and content breakdown, as well as deep application content detection. For example, F-Series deplyoments can allow general access to a socialnetworking application like Facebook, but only let employees from the marketing department post there. This can decrease wasted bandwidth and increase productivity.

Barracuda NextGen Firewall F-Series analyzes the data traffic to identify the applications wanting to send data across the WAN, the protocol, and the user. If it decides not to block the data, it determines the amount of bandwidth that should be made available on each of the various data lines. This decision is based on rules that have been defined by the firewall administrator. If one of the lines fails or has performance problems, then a failover mechanism ensures that the remaining connections take over transparently. To make this work, the F-Series devices at all locations monitor the status of the lines at regular intervals.

The Evolution of the Firewall to a Guarantor of Connections

Barracuda’s NextGen Firewall F-Series is far more than a gatekeeper with just a security role. It manages and guarantees the communication within the WAN. It analyzes, coordinates, and optimizes the various connections to increase performance and save the IT budget. It also contributes to WAN optimization by outsourcing its classic security features to the Cloud.

About Barracuda NextGen Firewall F-Series

As your organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda NextGen Firewall F-Series combines powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.

Unlike other firewalls in the industry, Barracuda’s NextGen Firewall F-Series was designed with the modern network in mind. As organizations grew in the number of remote offices and employees, secure remote access (both site-to-site and client-to-site) became critical. Our proprietary TINA protocol allows us to provide powerful capabilities such as traffic shaping within VPN tunnels, tunnel encapsulation, traffic compression, NAT reversal, and much more.

Barracuda’s NextGen Firewall F-Series allows customers to leverage the latest in virtualization, cloud applications and mobile technologies while accommodating for rapid growth. They are more than just security devices, they make the network smarter, ensure access to critical network resources and improve productivity across the organization.