In the cloud age, network firewalls must do more than secure your network. It must also guarantee the uninterrupted availability of the network and strong access to applications hosted in the cloud.

Barracuda CloudGen Firewall is a family of hardware-based virtual cloud devices that protect and enhance dispersed network infrastructure. Provides advanced security by tightly integrating a full suite of next-generation firewall technologies, including the Layer 7 profiling application, intrusion prevention, web filtering, malware, advanced threat protection ATP, anti-spam protection, and access control net.

In addition, Barracuda CloudGen Firewall combines VPN technology with highly flexible intelligent WAN optimization and traffic management capabilities. This allows you to reduce line costs, increase network availability in general, improve connectivity between sites and ensure that your applications hosted in the cloud are not interrupted. Scalable central management helps you reduce administrative costs while identifying and applying granular policies throughout the deployed network.

The security models change, and ensuring the perimeter of the network is no longer good enough. In the cloud age, workloads occur everywhere, users are increasingly mobile, and potential attack surfaces multiply. Barracuda CloudGen Firewall is built with a purpose to face the challenges of securing widely distributed networks.

In the current scenario of constantly evolving threats, your organization is being faced with the exploitation of zero-hour malware and persistent threats that routinely bypass traditional, signature- based IPS and anti-virus engines. Barracuda Advanced Threat Protection (ATP) gives your security infrastructure the ability to identify and prevent new and changing threats without affecting the performance and productivity of the network.

Advanced protection against threats is available on all models of Barracuda CloudGen Firewall.

Barracuda CloudGen Firewalls include the cloud-generation of complete security paired with all network management and optimization functions now known as Safe SD-WAN. This includes zero touch deployment (ZTD), dynamic bandwidth measurement, performance-based transport selection, specific routing application and even data optimization and WAN optimization technology. VPN tunnels can benefit from multiple simultaneous connections and dynamically establish the best route for the application.

This allows:

• Balancing Internet traffic through multiple connections to reduce downtime and improve performance
• VPN through multiple broadband connections and MPLs replacement
• Up to 24 physical uplinks to create redundant VPN tunnels
• Replace the network infrastructure policy enforcement with the direct interruption of the Internet
• Faster access to applications in the cloud, such as office365, by dynamically prioritizing them in non-critical traffic
• Ensure users access to critical applications through granular policy controls
• Increase available bandwidth with built-in data redundancy and traffic compression
• VPN tunnels, can be created automatically, between spokes in a hub and spoke architecture to improve the quality of connection for latency-sensitive traffic

When choosing security technology, it is crucial that your products are compatible with people who take the security of their data seriously. Barracuda CloudGen Firewall is backed by our award-winning 24×7 technical support staff by in house security engineers with no phone trees. Help is always a call away. Hundreds of thousands of organizations around the world trust Barracuda to protect their applications, networks and data. Barracuda CloudGen Firewall is part of a complete line of data protection, network firewall and security products and services designed for organizations seeking robust but affordable protection from ever-increasing cyber threats.

Security

Advanced Threat Protection

Although conventional solutions usually reveal network threats after they have broken the network by sending registration notifications to the administrator, Barracuda Advanced Threat Protection (ATP) performs a full simulation of the system, providing insight into the behavior of the malware. The files are compared to the cryptographic hash database that is constantly updated. If the file is not known, it is simulated in virtual sandbox where a malicious behavior can be detected.
The Barracuda ATP provides Administrators granular, based on file type control, including automatic quarantine and blacklist features to maintain the highest level of protection for the company’s network.
The Barracuda Advanced Threat Protection is an optional subscription.

Protection of Botnet and Spyware

Botnet and spyware protect against infections by preventing robots from accessing malicious sites and servers, and by detecting potential infected clients based on DNS Sinkholing technology. DNS Sinkholing blocks clients from accessing malicious domains by monitoring outgoing DNS requests that pass through the firewall. DNS requests to malicious domains are redirected in an internal sinkhole, which prevents data leaks and identifies the victim. Once the infected client is detected, it can be automatically isolated. Barracuda Report Creator can also create or report an alert.

Intrusion Prevention and detection

The CloudGen Firewall intrusion detection and protection system (IDS/IPS) improves network security by providing complete network protection in real time against a wide range of network threats, vulnerabilities, exploitation, exposure to operating systems and network attacks such as:

• Arbitrary code execution and SQL injections
• Try to control access and escalate privileges
• Buffer overflows and Cross-Site Scripting
• Attacks of Denial of service (DOS) and distributed denial of service (DDOS)
• Go through the directory and try to probe and scan
• Backdoor attacks, Trojans, rootkits, spyware, worms and viruses

Barracuda CloudGen Firewall provides advanced protection against attacks and threats such as:

• Protections for stream segmentation and packet anomaly protection
• TCP split handshake protection
• RPC and IP are defragmented
• Protection for FTP evasion
• URL and HTML decoding

As a result, Barracuda CloudGen Firewall, capable of identifying and preventing advanced evasion attempts and interference techniques used by attackers to bypass and degrade traditional intrusion prevention systems.

As part of the Barracuda Energies updates subscription, automatic signature updates are delivered on a regular or emergency schedule to ensure that the Barracuda CloudGen Firewall is constantly updated. If the firewall module is managed centrally, the updates are distributed appropriately by the control center in the Barracuda F series.

Protection from Denial of service (DOS) and Distributed Denial of Service (DDOS)

In today’s world of botnets everywhere, one of the main tasks of perimeter protection is to ensure that the network continues to provide legitimate requests to detect and block the denial of service of malicious attacks. With TCP SYN Flood Protection, Barracuda CloudGen Firewall works effectively as generic TCP proxy, redirecting only legitimate TCP traffic to the network.

In addition, F-Series allows you to define a speed limit that is applied to the maximum number of sessions per source address that will be handled by the firewall. Packages that arrive at a faster rate than those allowed will simply be discarded. In a large-scale DOS attack, attackers can simply try to saturate the link by moving large numbers of UDP packets. The integrated environmental monitoring feature of Barracuda CloudGen Firewall diagnoses these cases by linking and monitoring the destination address. Once the response from the destination remote address to regular ICMP probing fails, the system can be configured to activate different methods and uplink connections (eg, backup line, ISDN, xDSL). With this feature, traffic will not be impeded on unaffected lines, and site-to-site and site-to-internet remains operational.

Protection against malware

The protection against malware included in Barracuda NG Firewall F-Series (NGFW) protects the intranet from malicious content by scanning web content (HTP and HTTPS), email (SMTP, POP3) and file transfer (FTP) through two fully integrated antivirus engines. Malware protection is based on updates from regular signatures, as well as advanced detection of inferences for malware or other unwanted software, even before available signatures. Protection against malware includes viruses, worms, trojans, malicious java applets and programs that use well-known vulnerabilities in PDF files, images, offices, macro viruses and many more, even when using techniques of stealth or distortion.

SSL Interceptor

All Barracuda CloudGen Firewall models can implement IPS, Virus Protection, Application Control and URL Filtering and even protect encrypted web traffic using the standard “Trusted man in the middle” approach from Advanced Threat. SSL interception can be adjusted to disassemble local networks, users / groups, custom defined domains, URL filter categories from SSL Inspection.

Stateful  Deep Packet Inspection Firewall

At the heart of all Barracuda CloudGen Firewall is a high performance deep inspection engine package that thoroughly checks the header and data part of each passing packet. Discarded packets are ignored and the infrastructure behind the Barracuda device is protected against attacks at the network level. Packages that comply with the protocol are scanned to match any of the specified firewall rules.

Single Pass Architecture

Once the firewall opens the data packet for inspection, all other security inspection mechanisms, such as IPS/IDS, Anti-Virus can also be applied to the packet or sequence of consecutive packets. The security inspection is performed in a single serious mode without having to be delivered to a separate proxy.

SD-WAN & Connectivity

Adaptive bandwidth protection

If the dynamic bandwidth and latency detection indicate that the measured bandwidth of the uplink is not sufficient to maintain the necessary traffic for the required business (such as VoIP), the F series automatically converts the sessions for non-commercial traffic to Secondary links to edit the bandwidth for Critical traffic.

Balance Adaptive Session

The Barracuda CloudGen Firewall uses Dynamic bandwidth and latency detection to automatically balance the existing sessions inside logical VPN tunnels on all available interfaces. This real-time balance improves the efficiency of the network and the use of bandwidth at any time.

Application-based routing

The combination of security and next-generation adaptation of the Wan Router technology allows the Barracuda CloudGen Firewall to dynamically set the bandwidth, link and routing information available not only in protocol, user, location, content, but also in applications, application categories, and even Web content categories. This keeps expensive lines, available free for commercial applications and critical missions, while significantly reducing response time and editing additional bandwidth.

For a complete list of applications and sub-applications covered by application-based routing, see the Online Application Browser.

Safe SD-WAN

The Barracuda CloudGen Firewall combines a wide range of advanced security features with capabilities that support the Software-Defined Wide-Area Network (SD-WAN). SD-WAN allows CloudGen Firewall to create secure routes through multiple WAN connections and multiple carriers, without the participation of high profile public administration. Advanced download sharing allows you to use multiple Wan connections simultaneously and distribute encrypted VPN tunnels over multiple Wan connections. Compression and integrated caching, optimization techniques have greatly increased the available bandwidth. These capabilities reduce the need for expensive leased lines, consolidate multiple security functions into a single device and create a unified management framework, all of which translates into significant cost savings for your company.

Dynamic detection of bandwidth and latency

In order to achieve the best possible user experience across the WAN, all Barracuda CloudGen Firewall models effectively measure the available bandwidth and latency between VPN endpoints. The results are directly available to the firewall policy engine to determine the best appropriate uplink for each application or to remove an uplink if the bandwidth or latency is fell outside of acceptable limits.

Traffic Duplication

Barracuda CloudGen Firewall copies and sends packages simultaneously through the selected primary and secondary VPN transports. Each packet is reassembled at the other end of the logical VPN tunnel. This greatly reduces packet loss for applications such as VoIP or video streaming. It also provides immediate failures, without eliminated packets in the case that a single VPN transport of a logical VPN decreases.

Transport selection based on performance

In order to achieve the best possible user experience across your WAN, all models of Barracuda CloudGen Firewalls are able to detect the available bandwidths and latency between VPN endpoints in real time. A firewall policy engine can dynamically choose the most appropriate uplink for each application, or exclude an uplink if the bandwidth or latency exceeds the specified limits. In addition, if the uplink bandwidth is insufficient to maintain critical business traffic (e.g. VoIP), the CloudGen Firewall automatically converts the sessions for non-critical traffic to secondary links, to free up a high bandwidth for critical traffic.

Transport Independent Network Architecture (TINA) VPN

Due to the limitations that come with standard IPsec connections, Barracuda Networks has created several powerful accessories for standard IPsec tunnel management. This Key feature of the Barracuda F-Series VPN engine is called TINA (Transport Independent Network Architecture). The Tina protocol allows the use of TCP, UDP and ESP for high-speed connections to VPN, which considerably improves VPN connectivity by adding:

• Endpoint-to-Endpoint (not network-to-network) connectivity
• Multiple tunnels between two locations
• NAT friendliness
• HTTPS and SOCKS4 /5 proxy compatibility
• Multiple physical transport routes for the logical tunnel
• Dynamic Address Support
• Tunnel heartbeat monitoring

Site-to-Site Connectivity

Create reliable and highly secure site-to-site connections between on-premises F-series firewalls (all hardware and virtual machines). It also includes the ability to connect from one location to another along with public cloud offerings, such as Amazon Web and Microsoft Azure. But it’s not just about maintaining static site-to-site VPN tunnels. The VPN configuration allows you to create tunnels automatically and on demand between the connected nodes to avoid turning the hub into a bottleneck. Therefore, it guarantees low latency connections for VoIP applications, for example. Once the connection is no longer needed, the VPN tunnel closes automatically. Administrators have complete visibility in real time in the dynamic mesh VPN setup.

Failover and Link Balancing

To ensure that connectivity is unbeatable and profitable, it offers the Barracuda CloudGen Firewall wide range of built-in uplink including leased lines unlimited options, up to 12 DHCP uplinks, and up to four xDSL uplinks. By eliminating the need to purchase additional devices to balance the link, customers who have a security knowledge can access a Wan connection that never goes down, even if one or two current WAN uplinks are disconnected. In addition, the traffic intelligence mechanisms ensure that the preconfigured uplink is operated on the fly and that all traffic is redirected to take full advantage of the remaining lines. If the backup lines provide less bandwidth, the intelligent traffic configuration automatically prioritizes applications, networks or commercial endpoints.

Traffic shaping and Quality of Service

Limited network resources make it a priority to establish bandwidth priorities Barracuda CloudGen Firewall provides strong Quality of Service (QoS) that allows the administrator to apply quality aspects and service guarantees to specific traffic flows within Wan. Quality of service is often used to prioritize network traffic from critical applications and should not be affected by network traffic in other applications.

The F series provides a wide range of QoS, such as traffic configuration, traffic prioritization and bandwidth division, which sets a bandwidth limit for certain types of traffic. To determine traffic for different priority categories, you can use the available real-time traffic analysis to determine if network traffic was sent by applications of commercial interest or unwanted applications.

WAN Caching and Compression

The Barracuda CloudGen Firewall can greatly improve the WAN performance and functionality of distributed networks by improving availability, performance, and response time for critical business applications by reducing throughput and delays in transmission, affecting urgent decisions and business profitability. The next generation concept of the F-series provides a range of powerful functions to efficiently reduce and compensate for the negative impacts of high latencies and response times.

Through the implementation of enterprise-grade WAN acceleration functions such as data deduplication, traffic compression, and improve the protocol, the CloudGen Firewalls can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications – without any additional charges. WAN traffic can effectively compress up to 95%, which greatly reduces the bandwidth required in remote locations with greater network response.

Machine-to-Machine and IoT techniques

In the age of the Internet of things, you need more and more companies to a secure and economical link in many remote devices, such as ATMs, point-of-sale kiosks, wind power stations, and connected industrial machinery to the network, or even very small offices. Managing and protecting network traffic between these remote devices is often a logistical nightmare involving many different firewalls, a VPN software, and routing steps.

Barracuda CloudGen Firewalls are also available as a super small and Secure Connector appliance (FSC1), which can reliably connect each remote device with multiple uplinks and even failover automatically takes place in the case of a single transmission failure.

The FSC1 provides zone-based firewalling, Wi-Fi and full VPN connection to the connected device. Then redirect network traffic to ensure access CloudGen Firewall Secure Access Concentrator(FSAC), which operates in a central office or in the cloud, inspection, and other security features that require many resources, such as URL filtering, intrusion prevention (IPS), virus protection and application detection.

The perimeter of the intelligent network

Application control

Barracuda CloudGen Firewall assembled Deep Packet Inspection (DPI) and behavioral traffic analysis to reliably detect and classify thousands of applications and sub-applications, regardless of advanced obfuscation, port hopping techniques, or encryption. Enables dynamic policies and facilitates the configuration and implementation of access and use policies for users and groups by application, application category, location and time of day. Administrators can now:

• Blocks unwanted applications for some users or groups
• Control and acceleration of traffic are acceptable
• Maintain bandwidth and accelerate important business applications to ensure business continuity
• Enable or disable application-specific subfunctions (for example, Facebook chat, YouTube posts or MSN files transfer)
• Intercept the application of encrypted traffic

The Barracuda CloudGen Firewall is characterized by its advanced routing based on application and quality of service (QoS) capability. They provide additional commercial value and security by significantly improving the quality and availability of the network, as well as reducing the cost of the direct line due to the saved bandwidth.

In terms of rich reporting and exploration capabilities, CloudGen Firewall comes with the applications of real-time vision and that offer application traffic on the corporate network, which provides a basis to determine which Communications must have a priority bandwidth, which is important to improve the quality of critical business services applications. In addition, it allows the modification and refinement of the policies for the use of companies’ applications.

Deep application Context

The deep analysis of the context of the application allows a deeper examination of the data flow through the continuous evaluation of the real intention of the applications and the users involved. Administrators can get a detailed view of what was used for a particular application or if the user was trying to circumvent the business application’s usage policy.

File Content Enforcement

Barracuda CloudGen Firewall includes True file type detection and application capabilities based not only on the extension and MIME type, but also on sophisticated true-file detection algorithms. An excess of executable files is detected by name change or compression and blocking. In addition to blocking / enabling connections, the NG firewall F-series also allows administrators to change download priorities. For example, if an ISO image starts downloading with normal web traffic priority, the administrator can increase or decrease the custom bandwidth, although the user started downloading through a regular web browsing session.

Definitions Of Custom Applications

In addition to thousands of pre-loaded applications in the Application Control, Barracuda CloudGen Firewall makes it easy for you to create your own application definitions tailored to your specific needs.

To see a complete list of applications and sub-applications integrated under the Application Control, please check the Online Application Explorer.

Awareness Of User Identity

Different network users may need different rules to use bandwidth. Access to certain network resources is often limited to some users or groups of users. The preferential allocation of a greater bandwidth to specific users or groups of users and the bandwidth limits available to others is a common requirement. It requires a network device to see what the user an IP really belongs to.

Barracuda CloudGen Firewall is fully aware of the user when connecting a user or multiple IP addresses. All the roles that result from the identity that is sent to the firewall can be used by our health agents within the firewall to facilitate role-based access control (RBAC). Barracuda CloudGen Firewalls support authentication of users and enforcement of user-aware firewall rule, and web security gateway settings and Application Control 2.0 using Active Directory NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.

Web filtering

The Web Security Gateway option of the F-Series firewall enables to view real-time, high-resolution online activity broken down by individual users and applications, allowing administrators to create and implement effective policies for accessing and content. It protects user productivity, blocks the download of malware and other web-based threats, and allows compliance by blocking access to unwanted sites and servers, providing an important additional layer of security, as well as control of the application.

Remote access

BYOD (Bring your own device)

The flow of private computing devices, from smartphones to laptops and tablets, to the workplace can increase productivity, flexibility and convenience. However, BYOD adds new challenges and security risks, such as enabling and controlling access, as well as preventing data loss.

Barracuda CloudGen Firewall provides powerful capabilities to provide users the maximum benefit from their devices and reduce potential risks to the business. BYOD block unwanted applications, through LAN segmentation confidential data can be protected, and access control to the network can verify the health status of each device connected to the corporate network.

Secure remote access

Barracuda CloudGen Firewall includes advanced site-to-site and client-to-site VPN functions, using SSL and IPsec protocols to ensure that remote users can easily and securely access network resources without complex configuration and management of the network. Each CloudGen Firewall module supports an unlimited number of VPN clients at no additional cost.

The Barracuda Finn client also offers the possibility to apply the Windows Security Center settings on Windows client machines. This allows administrators to implement the usage of Windows security settings on computers. These policies can include enabling Microsoft Network Firewall, Windows updates, Windows virus protection, Windows spyware protection, and Internet security settings.

Barracuda VPN clients are available for Microsoft Windows, Mac OS and various Linux systems.

Network Access Control

The Optional Barracuda Advanced Remote Access subscription for the Barracuda CloudGen Firewall adds a Network Access Control (NAC) functionality as well as customizable and easy-to-use portal-based SSL VPN.

When used with the F-series firewall, Barracuda Network Access Client provides centrally managed Network access Control (NAC) and advanced personal firewall. This allows you to enforce the minimum security requirements of the Windows client before allowing access to the network or access to the quarantine network. The security status can be determined according to the level of Windows debugging available, the availability of antivirus and/ or antispyware, and the identification of the user. Access restrictions are applied locally on the client through a centrally managed Windows Firewall, as well as at the gateway. With existing Barracuda CloudGen Firewall devices, Barracuda Networks provides a ready-to-use framework for network access without costly investments in basic network infrastructure. All Barracuda network access clients, as well as all Barracuda NG Firewall F-Series modules (NGFW), act as policy servers that can be managed, monitored and reviewed by the Barracuda CloudGen Firewall control center.

Barracuda’s Mobile Portal

An easy access to your organization’s application via SSL VPN connections. Barracuda’s Mobile Portal.

It supports most commonly used devices e.g., Apple iOS, Blackberry and Android devices.

It is an optional feature in which you have optional Barracuda Advanced Remote Access subscription.

CudaLaunch

Cudalaunch is an application for all commonly used operating systems devices (Windows, macOS, iOS, and Android devices) that provides mobile workers safe remote access through Barracuda CloudGen Firewall for sensitive information and organization’s private cloud applications. Cudalaunch provides several perks over conventional browser-based SSL VPN remote access.

Different from browser-based remote access, CudaLaunch offers a more responsive appearance that is standardized on mobile platforms and avoids idiosyncrasies of mobile browsers. As soon as the end user starts the application, the Quick Displacement Accessibility fusion_togglel receives quick and easy access to internal and favorite applications and TINA VPN connections (which securely connect the device to your corporate network). This connection supports faster applications that are linked to the corporate company.

CudaLaunch is designed to be fully self-configured and includes easy centralized management for large deployments and is integrated with the security of the CloudGen Firewall. For IT administrators, the F-series firewall provides a unique place to administer Security policies for all types of remote access (Cudalaunch, Cellphone, Barracuda Network Associates and IPSec Standard). The end-user experience is constant in all platforms and types of remote access, which greatly facilitates the use and reduces support costs dramatically. The elimination of self-management VPN connections eliminates the need to manually configure IPsec connections is on Windows, macOS, iOS and Android, making the speed fast and easy.

Application available for free at:

Mac App Store (macOS)

Barracuda Cloud Control (Windows Universal Installer (32-bit / 64-bit))

(Also available as a standalone application with no need for installation, therefore, there is no local administrator rights. This version is available on the Barracuda Cloud Control only for windows version

App Stores (iOS)

Google Play (Android)

Note that Cudalaunch requires Barracuda NG firewall F-series (NGFW) firmware 6.1.1 and an active Barracuda Advanced Remote Access subscription.

Central administration

100% scalability

Barracuda Firewall Control Centers provides a 100% centralized management of all CloudGen Firewalls functions, regardless of security, content, traffic management, networks, access policies or software updates.

Barracuda Firewall Control Center helps reduce the costs associated with security and lifecycle management while providing improved troubleshooting and connectivity functions, both centrally and locally, in the managed portal.

Networking without IP

Barracuda CloudGen Firewalls can automatically translate IP addresses and red addresses into a human readable form. For example, ” EMEA:UK:OXFORD:MARKETING:PRINTER ” clearly refers to the location and the device in question at a glance.

Object-based management

The Barracuda Firewall Control Center allows you to create reusable elements for every imaginable element: IP addresses, networks, domains, DNS names, content security policies, network security policies, etc. These objects can be created once and reused in the nodes of subsequent users.

Repositories

When configuring many CloudGen Firewalls across the WAN, there will always be common firewall components, such as domain names, DNS servers, NTP servers, application security settings, URL filtering settings, etc. The Barracuda Firewall Control Center combines all of these into a repository (global configuration node) connected to the multiple Barracuda CloudGen Firewalls. Using repositories in the Firewall Control Center, an administrator can update thousands of firewalls with only one change in the storage repository.

Repositories still provide flexibility to override specific configurations in specific firewalls. For example, if a site uses a different DNS server, you can create explicit overwrite for this configuration only in this firewall.

Centralized Software Updates

The Barracuda Firewall Control Center provides centralized software updates for all CloudGen Firewalls centrally managed firewall modules. Updates can be scheduled for a specific period and even only for subsets of remote CloudGen Firewalls modules. If the software updates are not successful, they are automatically returned and reported.

Multi-Administrator Login

As with the CloudGen Firewalls, the Barracuda Firewall control center allows many administrators to start a simultaneous session in “write mode”. This is useful in MSSP and multiple administration environments where administrators are more likely to manage systems on computers. Once a change is made, you should only protect the custom configuration node to be changed by the administrator who causes the change. The rest of the settings outside the locked configuration node are still visible and modified by other administrators who logged into the system.

Role-based administrator capabilities

The Barracuda Firewall Control Center provides role-based management benefits. Supervisors can assign specific functions such as: – MSSP Admin – Customer Admin – Log Viewer – Auditor Content Filter Supervisor In addition, you can create custom roles for special needs with special privileges.

Multi-Tenancy

The Barracuda CloudGen Firewalls Control Center modules in the C610 / VC610 firewall and above provide special management of multiple tenant management, allowing the MSSP to easily manage multiple clients in the same control center as Barracuda Firewall. For example, the administrators of Client 1 will not be able to see anything from client 2 and vice versa. There is no limit to the number of customers that can be managed with a one Barracuda Firewall Control Center.

Status Map

The default screen of each Barracuda Firewall control center provides an overview of the status of all centrally managed Barracuda CloudGen Firewalls modules. The situation is visualized by the traffic light concept (red, yellow and green) and is provided for individual units, sets and complete tenant installations (called “ranges”). The “worst” situation always wins, which allows the administrator to have a centralized vision of the general situation and can deepen with just a few clicks of the mouse.

Distributed firewall

Barracuda Firewall Control Center allows you to create a set of global firewall rules installed on all the devices to which it applies. In addition, local and private rule sets can only be installed in specific boxes. For example: MSSP has a Network Operation Center (NOC) to monitor all services provided to the client. In this environment, there are global firewall rules that allow each type of monitoring connection and local firewall rules specific to the client. The specifier can determine if the global or local rules are predetermined by the client. This provides an additional level of configuration precision because there are specific rules specific to each client that allow traffic to pass through the firewall. With this feature, the probe can be sure that there is reliable monitoring and a log flow. This is necessary to provide, as well as test proof of service level agreements to clients.

Multi-Revision Management

The security scope simply never stops changing. This is the reason why Barracuda Networks constantly offers new releases and interesting features and improved security functionality for all CloudGen Firewalls through subscription activation updates. But when you have tens or even thousands of managed devices in a Wan network company, some devices, networks or even branches will inevitably run older firmware versions level than certain devices that require the most up-to-date technology. Fortunately, the Barracuda Firewall Control Center is compatible with old and previous versions that have been implemented for at least three years, effectively facilitating the update process throughout the organization.

Revision Control System (RCS)

In both the Barracuda Firewall Control Center and all Barracuda CloudGen Firewalls units, all administrator actions can be recorded and changes can be done and rolled back selectively if necessary. If you need to undo, the administrator has the option to undo all changes or specific changes only (such as firewall rules) while leaving the network settings untouched.

Drag & Drop VPN GTI Editor

Barracuda Firewall Control Center VPN Graphical Tunnel Interface (GTI) provides a graphical interface for the creation and management of VPN tunnels. When you manually configure the VPN tunnel, there are several identical steps and configurations. But since the GTI Editor eliminates many of these redundant steps, you can configure VPN tunnels faster and with fewer errors.

Pool license

With a pool license, Barracuda CloudGen Firewall is connected to the Firewall Control Center, not the serial number and combination devices. Even if the hardware fails, a new device can be deployed without being relicensed. This is ideal for managed security service providers, as they can improve the use of the license.

For more details, please refer to the White Paper Barracuda Enterprise and Service Provider Licensing.

Zero Touch Deployment (ZTD)

Zero-touch deployment allows you to implement hardware units directly from the factory to the required remote location without the need for on-site IT personnel. Simply plug the unit in and turn it on, it will automatically select the appropriate link for the Internet and retrieve the proper settings from the Firewall Control Center. Without the need for manual configuration on the site, Zero-touch deployment allows you to deploy CloudGen Firewalls across widely distributed organizations at very low cost.