Barracuda NextGen Firewall F

The Next-Generation Firewall for the Cloud-Era

Download PDF


As you integrate a growing number of public-cloud platforms and environments into your network, your firewalls have to do more than just secure your perimeter. They also have to serve as the linchpin of your IT communications flow, ensuring highly reliable and cost-effective connections. The Barracuda NextGen Firewall F was designed to optimize performance, security, and availability of today's dispersed enterprise SD-WANs.

The Barracuda Advantage

  • Simple pricing with no per-application or per-user/group licensing fees.
  • Unlimited site-to-site and client-to-site VPN included
  • Deploy the way you want: hardware, virtual, or cloud
  • Configuration and lifecycle management via one graphical user interface without the need for a command-line interface

Product Spotlight

  • Full user/group awareness
  • Full application visibility and granular access control
  • Advanced Threat Protection (incl. sandboxing)
  • Built-in web security and IDS/IPS
  • Full SD-WAN capabilities included
  • Cloud-ready application-based provider selection

Full Next-Generation Security

The Barracuda NextGen Firewall F-Series is designed and built from the ground up to provide comprehensive, nextgeneration firewall protection. Firewalling, IPS, URL filtering, dual antivirus and application control take place directly in the data path. More resource-intensive tasks like sandboxing — required for protecting against ransomware—are seamlessly integrated in the cloud. All NextGen Firewall platforms and models provide the same level of security, maintaining maximum security from branch offices to headquarters.

Connecting The Dots

The NextGen Firewall F-Series combines next-generation security and SD-WAN capabilities in one product that that you can manage centrally using an intuitive, singlepane-of-glass solution. This lets you access the benefits of the cloud safely, and to optimize cloud access from anywhere in the network. Low line costs and efficient administration help to reduce operating costs significantly.

Full SD-WAN Capability

In the cloud era, you need to connect branch offices with the cloud in a direct and secure way. Backhauling traffic to the central Internet gateway using MPLS can be very costintensive. Barracuda NextGen Firewalls let you replace costly MPLS connections with cost-efficient broadband connections. You can utilize up to 24 broadband connections per VPN tunnel for increased bandwidth at lower cost.

The Barracuda NextGen Firewall F-Series' dashboard provides real-time information and summaries of what is going on in an organization's network
"Recently I tried one of these dedicated products to protect of advanced persistent threats. After one month of extensive monitoring it turned out that our Barracuda NextGen Firewall F protects our infrastructure so well, that we can continue to focus on actual business problems. Having chosen the right firewall still saves us money and time every day."

- Chief Information Officer, Union of Turkish Bar Associations

Technical Specs

Technical Specs


  • Stateful packet inspection and forwarding
  • Full user-identity awareness
  • Application control and granular application enforcement
  • Interception and decryption of SSL/TLS encrypted applications
  • Antivirus and web filtering in single pass mode
  • Email security
  • SafeSearch enforcement
  • Google Accounts Enforcement
  • Denial of Service protection (DoS/DDoS)
  • Spoofing and flooding protection
  • ARP spoofing and trashing protection
  • DNS reputation filtering
  • Dynamic rules / timer triggers
  • Single object-oriented rule set for routing, bridging, and routed bridging
  • Virtual rule test environment

Protocol Support

  • IPv4, IPv6
  • VoIP (H.323, SIP, SCCP [skinny])
  • RPC protocols (ONC-RPC, DCE-RPC)
  • 802.1q VLAN

Intrusion Detection and Prevention

  • Protection against exploits, threats and vulnerabilities
  • Packet anomaly and fragmentation protection
  • Advanced anti-evasion and obfuscation techniques
  • Automatic signature updates

Advanced Threat Protection

  • Dynamic, on-demand analysis of malware programs (sandboxing)
  • Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
  • Detailed forensic analysis
  • Botnet and spyware protection
  • TypoSquatting and link protection for email

Central Management Options via Barracuda NextGen Control Center

  • Unlimited firewalls
  • Support for multi-tenancy
  • Multi-administrator support & RCS
  • Zero-Touch Deployment
  • Pool license management
  • Template & repository-based management

High Availability

  • Active-active (requires external load balancer) or active-passive
  • Transparent failover without session loss
  • Encrypted HA communication

Traffic Intelligence & SD-WAN

  • Simultaneous use of multiple uplinks (transports) per VPN tunnel
  • FIPS 140-2 certified cryptography
  • Auto-VPN tunnel creation between remote spoke locations based on application type
  • Dynamic bandwidth detection
  • Performance-based transport selection
  • Application-aware traffic routing
  • Adaptive session balancing across multiple uplinks
  • Traffic Replication (forward error correction)
  • Application-based provider selection
  • Application-aware traffic routing (VPN)
  • Traffic shaping and QoS
  • Built-in data deduplication


  • Drag & drop VPN tunnel configuration
  • VPNC certified (basic interoperability)
  • Network Access Contro
  • iOS and Android mobile device VPN support
  • Multi-factor authentication for SSL VPN and CudaLaunch

Infrastructure Services

  • DHCP server, relay
  • SIP, HTTP, SSH, FTP proxies
  • SNMP and IPFIX support
  • DNS Cache
  • Wi-Fi (802.11n) on selected models

Models & Options


All performance values are measured under optimized conditions and are to be considered as „up to“ values and may vary depending on system configuration and infrastructure:
1. Firewall throughput measured with large packets (MTU1500) UDP packets, bi-directional across multiple ports, if applicable measured with 10Gbps ports.
2. VPN performance is based on Barracuda TINA VPN protocol, 1415 Byte UDP packets using AES128 NOHASH, bidirectional using BreakingPoint traffic generator.
3. IPS throughput is measured using large packets (MTU1500) UDP traffic and across multiple ports, if applicable measured with 10Gbps ports.
4. NGFW throughput is measured with IPS, application control, and web filter enabled, based on BreakingPoint Realworld-IPS-Enterprise-Traffic-Mix, bidirectional across multiple ports, if applicable measured with 10Gbps ports.
Specifications subject to change without notice.

Available Bundles

Advanced Threat and Malware Protection

combines gateway-based protection against malware, viruses with Advanced Threat Protection's sandboxing to protect against network breaches, zero-day malware exploits and other advanced malware like ransomware

Total Protect

bundles the hardware unit with Energize Updates, Application Control, IPS, Web Filter, Malware Protection, Email Security, Warranty Extension, and 8x5 basic support.

Total Protect PLUS

bundles the hardware unit with Energize Updates, Application Control, IPS, Web Filter, Email Security, Advanced Threat and Malware Protection, Advanced Remote Access, and 24x7 support.

Support Options

Barracuda Energize Updates

  • Standard technical support
  • Firmware updates
  • IPS signature updates
  • Application control definition updates
  • Web filter updates

Instant Replacement Service

  • Replacement unit shipped next business day
  • 24/7 technical support
  • Free hardware refresh every four years