Harga Barracuda NG Firewall F10
Harga Price List : Rp 17.600.000,-
Harga Spesial : (REQUEST QUOTE)
Harga di atas mencakup komponen:
♦ Barracuda NG Firewall F10 Hardware Appliance
♦ Energize Update (EU) License – 1 Year
♦ Instant Replacement (IR) License – 1 Year
Barracuda NG Firewall F10
- Powerful next-generation network firewall
- Intelligent traffic regulation and profiling
- Centralized management of all functionality
- Deep application control
- Comprehensive, built-in IDS/IPS
- Tightly integrated QoS and link balancing
- Template-based and role-based configuration
- Built-in web security (model F100 and higher)
The Barracuda NG Firewall is a family of hardware and virtual appliances designed to protect network infrastructure, improve site-to-site connectivity and simplify administration of network operations. Beyond its powerful network firewall, IPS and VPN technologies, the Barracuda NG Firewall integrates a comprehensive set of next generation firewall technologies, including Layer 7 application control, WAN optimization, Web filtering, anti-virus, anti-spam and network access control enforcement.
Central Management Across the Enterprise
With hardware models ranging from the micro branch office up to the large headquarters and datacenters, and a corresponding offering of virtual appliances, the Barracuda NG Firewall is designed for deployment across the entire enterprise. Through the Barracuda NG Control Center, administrators can manage security, content and traffic management policies from a single interface. Centralized management of security and content policy provides a number of benefits, including:
- Consistent security posture and policy enforcement across the enterprise
- Real-time accounting and reporting across multiple gateways
- Comprehensive history and rollback of configuration and policy changes across the network
- Centralized version control of anti-spam, anti-virus, Web filter and network access control updates
Improving Performance, Availability, and Security of Distributed Networks
The Barracuda NG Firewall is an enterprise-grade next-generation firewall that was purpose-built for efficient deployment and operation within dispersed, highly dynamic, and security-critical network environments
In addition to next-generation firewall protection, it provides industry-leading operations efficiency and added business value by safe-guarding network traffic against line outages and link quality degradation.
User identity and application awareness are used to select the best network path, traffic priority, and available bandwidth for business-critical traffic. In case of line failure, the Barracuda NG Firewall can transparently move traffic to alternative lines and keep traffic flowing.
The Barracuda NG Firewall meets enterprise requirements of massive scalability, efficient configuration and lifecycle management across dispersed networks, and performance guarantees for business-critical applications. The concept of integrated WAN optimization coupled with industry-leading centralized management results in significantly lower overall operational cost for multi-site deployments.
All policies, client, and device settings are centrally managed and tracked by the Barracuda NG Control Center.
Scalable Security for the Enterprise
Enterprise networks grow larger and more complex every day – and more critical to key business operations. The Barracuda NG Firewall is an essential tool to optimize the performance, security, and availability of today’s dispersed enterprise WANs.
1) Application Control 2.0
The Barracuda NG Firewall provides a powerful and extremely reliable detection and classification of more than 1,200 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:
- Block unwanted applications for certain users or groups
- Control and throttle acceptable traffic
- Preserve bandwidth and speed-up business-critical applications to ensure business continuity
- Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube Postings, or MSN file transfers)
- Intercept SSL-encrypted application traffic
The Barracuda NG Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.
For rich reporting and drill-down capabilities, the Barracuda NG Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial for QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.
2) Deep Application Context
The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.
3) Personalized Application Control
On top of the 1,200+ applications that are delivered out of the box and constantly updated, the Barracuda NG Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization’s specific needs.
4) User Identity Awareness
Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to. Barracuda NG Firewalls are fully user identity aware by linking a user to one or several IP addresses. Any role assignments that result from identity and device posture checks communicated to the firewall by our health agents can be used within the firewall to facilitate role-based access control (RBAC). Barracuda NG Firewalls support authentication of users and enforcement of user-aware firewall rules, web filter settings, and Application Control 2.0 using Active Directory, NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.
The Barracuda NG Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda NG Firewall units and to create easy-to-read reports in pdf format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email. Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.
For auditing reasons IP addresses can be anonymized.
6) Intrusion Detection and Prevention
The Barracuda NG Firewall Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:
- SQL injections and arbitrary code executions
- Access control attempts and privilege escalations
- Cross-Site Scripting and buffer overflows
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
- Directory traversal and probing and scanning attempts
- Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda NG Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.
As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NG Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NG Control Center.
7) Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection
In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda NG Firewall effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network. Additionally, the Barracuda NG Firewall allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda NG Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.
8) Web Filtering
The Barracuda Web Filter enables highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.
9) Malware Protection
Barracuda NG Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda NG Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.
10) Application-Based Link Selection
The combination of next-generation security and adaptive WAN routing allows the Barracuda NG Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.
11) Traffic Shaping and Quality of Service
Limited network resources make bandwidth prioritization a necessity. The Barracuda NG Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. The Barracuda NG Firewall provides a large set of QoS techniques, such as traffic shaping, traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.
12) Failover and Link Balancing
To ensure the best and most cost-efficient connectivity, the Barracuda NG Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.
13) WAN Optimization
The Barracuda NG Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of business-critical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of the Barracuda NG Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprise-grade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, the Barracuda NG Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications – at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.
14) Windows Azure
Besides VMware, KVM, and XenServer, the Barracuda NG Firewall is fully compatible for use in Windows Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer.
As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances to help organizations.
Barracuda NG Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring, and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualized environments.
15) Amazon EC2
Besides VMware, KVM, and XenServer, the Barracuda NG Firewall is fully compatible for use in Amazon Elastic Compute Cloud (EC2).
As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances.
Barracuda NG Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda Networks virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualization environments.
16) BYOD (Bring Your Own Device)
The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The Barracuda NG Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.
17) Secure Remote Access
The Barracuda NG Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every Barracuda NG Firewall unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.
Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.
18) Network Access Control
The optional Barracuda NG Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.
The Barracuda Network Access Client, when used with the Barracuda NG Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NG Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NG Firewall units acting as policy servers can be administered, monitored, and reviewed from a single Barracuda NG Control Center.
19) Scalable Deployment
Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With the Barracuda NG Control Center, managing mulitple Barracuda NG Firewalls takes the same amount of time as managing one.
- Create pre-configured templates for easy-rollout.
- Have all information about the enterprise security deployment available in real time.
- Create reports of either one or all Barracuda NG Firewalls.
20) Lifecycle Management
Scalable Barracuda NG Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.
21) Revision Control System, Audit, and Reporting
The integrated revision control system increases auditing ease for the infrastructure and cuts overhead.
Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements.
Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable, and easy to read.
Barracuda NG Firewall F10 Spesification & Comparison
There are eleven hardware models of the Barracuda NG Firewall that can handle up to 21 Gbps of firewall and 4 Gbps of VPN throughput. All models are centrally manageable through the Barracuda NG Control Center.
|Model:||F10||F100 / F101||F200 / F201||F280||F300 / F301|
|Firewall throughput2||300 Mbps||300 Mbps||400 Mbps||1.3 Gbps||550 Mbps|
|VPN throughput3||85 Mbps||85 Mbps||120 Mbps||310 Mbps||160 Mbps|
|IPS throughput2||60 Mbps||60 Mbps||80 Mbps||450 Mbps||90 Mbps|
|Form factor||Desktop mini||Desktop||Desktop||Desktop||1U Rack Mount|
|Dimensions (in)||9.5 x 6.5 x 1.9||14.8 x 7.5 x 2.0||14.8 x 7.5 x 2.0||10.7 x 7.7 x 1.7||16.8 x 13.0 x 1.7|
|Copper Ethernet NICs (std/max)||4x1GbE||4x1GbE||4x1GbE||4x1GbE||4x1GbE +
|Power Supply||Single, external||Single, external||Single, external||Single, external||Single, internal|
|3G USB Modem||Optional||Optional||Optional||Optional||Optional|
|Intelligent Traffic Flow Control|
|Firewall throughput2||3.9 Gbps||5.7 Gbps||10 Gbps||21 Gbps|
|VPN throughput3||700 Mbps||1.6 Gbps||2.2 Gbps||3.7 Gbps|
|IPS throughput2||900 Mbps||2.6 Gbps||3.1 Gbps||4.6 Gbps|
|Form factor||1U Rack Mount||1U Rack Mount||1U Rack Mount||2U Rack Mount|
|Dimensions (in)||16.8 x 17.7 x 1.7||16.8 x 17.7 x 1.7||17.0 x 20.5 x 1.7||17.4 x 26.0 x 3.5|
|Copper Ethernet NICs (std/max)||8x1GbE||12×1 GbE Cooper6||12/20x1GbE||0/24x1GbE +
|1Gb Fiber SFP NICs||–||8×1 GbE Copper +
4×1 Gb Fiber SFP 7
|0 (std.) 4 (opt.)||0 (std.) 12 (opt.)|
|10Gb Fiber SFP+ NICs||–||8×1 GbE Copper +
2×1 Gb Fiber SFP+ 8
|0 (std.) 2 (opt.)||0 (std.) 6 (opt.)|
|Power Supply||Single, internal||Single, internal (std)
Dual, internal (opt)
|Dual, internal||Dual, internal|
|3G USB Modem||Optional||Optional||Optional||Optional|
|Intelligent Traffic Flow Control|
1 With external link balancer only
2 Measured with large packets (MTU1500)
3 VPN throughput using AES128 NOHASH
4 With Barracuda Web Security Service subscription
5 Measured with jumbo frames (MTU9000)
6 F600 Standard model including single power supply
7 F600 1GbE SFP model including single power supply
8 F600 10GbE SFP+ model including dual power supply
Barracuda NG Firewall F10 Deployment Model
The Barracuda NG Firewall F10 offers comprehensive protection of distributed networks through a combination of hardware and virtual appliances at each office location and comprehensive VPN access options for remote users.
To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.
Barracuda NG Firewall F10 appliances are available for locations of all sizes, ranging from the very small remote location to the headquarters or even data center.
For on the go users, the Barracuda NG Network Access Clients provide secure and convenient VPN access to the network. For internet kiosks or home computers where client software deployment is not appropriate, the Barracuda NG SSL VPN & NAC option provides secure access to vital network resources from any Web browser.
Barracuda NG Firewall Technology
Application Control – Regain Control of the Network
By integrating Application Control into its core firewall engine, the Barracuda NG Firewall F10 can identify and enforce security policies on more sophisticated applications that may hide their traffic inside otherwise “safe” port/protocols such as HTTP. Instant messaging (IM) and and peer-to-peer (P2P) applications are particularly notorious for opening backdoors into the network and spreading malicious content, thus ultra-reliable application control for policy enforcement is required.
The Barracuda NG Firewall F10 provides a powerful and extremely reliable detection and classification of network traffic-based applications and protocols by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – even if the protocols are using advanced obfuscation, port hopping techniques, or encryption.
Granular Application Control
The Barracuda NG Firewall allows the creation of dynamic application policies and allows establishing acceptable use policies for users and groups by application, application category, location, and time of day. In a nutshell it enables administrators to:
- Block unwanted applications for certain users or groups
- Control and throttle acceptable traffic
- Preserve bandwidth and speed-up business critical applications to ensure business continuity
- Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube postings, or MSN file transfers)
- Intercept SSL-encrypted application traffic
Create granular application usage polices based on applications, users, groups, and time, regardless of source, destination, port or protocol
Intuitive configuration of applications objects allows easy control and enforcement of more than 1,200 Web 2.0 and business applications
Achieve Full User-Based Visibility and Control
The Barracuda NG Firewall provides seamless integration with all authentication methods (e.g. Active Directory, RADIUS, LDAP/s, etc.) to facilitate policy configuration based on the actual user and group information and not just IP addresses.
Rich Reporting and Drill-Down Capabilities
Real-time and historical application visibility shows application traffic on the corporate network for intelligent adjustment of the corporate application use policies.
New protocol and application definition updates are provided via Energize Updates to ensure continuous effectiveness of the Application Control capabilities.
The live view provides real-time visibility of application usage, current sessions, and user activity. Any network traffic can be immediately terminated or reprioritized by changing the respective QoS class.
Intrusion Detection & Prevention System – Complete and Comprehensive Real-Time Network Protection
The Barracuda NG Firewall Intrusion Detection and Prevention System (IDS/IPS) can strongly enhance network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as SQL injections or buffer overflows. In addition, the IDS/IPS keeps spyware and worms out of the corporate network to prevent fraud and maintain strict privacy. By constantly monitoring network and system activities for malicious or suspicious behavior, the Barracuda NG Firewall can react in real-time to block and prevent such activities. In case an attack is detected, the Barracuda NG Firewall can drop the offending packets while still allowing all other traffic to pass, or just detect and log the intrusion attempt. Depending on the severity of the threat, highly granular actions can be assigned on a per firewall rule base enabling the Barracuda NG Firewall to allow, block, or log questionable traffic based on severity, location, user/group, type, and application.
Robust Protection Against a Multitude of Threats & Exploits
The Barracuda NG Firewall provides immediate out-of-the box protection against a vast number of exploits and vulnerabilities in operating systems, applications, and databases to prevent network attacks such as:
Countering IPS Evasion and Obfuscation Techniques
The Barracuda NG Firewall is able to identify and to block the advanced evasion attempts and obfuscation techniques that are widely used by attackers to circumvent and trick traditional signature based intrusion prevention systems such as
Additional Network Protection Techniques
In addition to the comprehensive intrusion pattern database and the advanced anti-evasion countermeasures, the Barracuda NG Firewall offers a wide range of transport layer protection mechanisms such as:
- IP Spoofing Protection
- Portscan and Sniffing Protection
- TCP SYN Flood Protection
- ICMP Flood Protection
- Duplicate Local IP Detection
- Resource Exhaustion Protection
- ARP Spoofing and Trashing Protection
The threat scan view displays all events related to IDS/IPS and Application Control
Management Concept of Barracuda NG Firewall
Barracuda NG Admin is a simple and easy-to-use graphical configuration and management application that operates on all current Microsoft operating systems (Windows XP, Windows Vista, Windows 7, and Windows 8 – requires .NET). All configuration changes are collected locally and only need to be activated when needed. With Barracuda NG Admin, it is possible to manage and configure multiple Barracuda NG Firewalls simultaneously by directly connecting to the appliance and executing configuration changes locally.
The dashboard displays a live view on a selection of important status and statistics data such as top application usage, detected intrusion events, number of active sessions, etc.
The Status Map displays an overview of all centrally managed Barracuda NG Firewall gateways.