Home / Barracuda NG Firewall F101 (WiFi Bundled)

Barracuda NG Firewall F101 (WiFi Bundled)

Barracuda Networks NG Firewall F101 (WiFi Bundled) Overview:

Product Spotlight

  • Powerful next-generation network firewallWatch The Demo
  • Intelligent traffic regulation and profiling
  • Centralized management of all functionality
  • Deep application control
  • Comprehensive, built-in IDS/IPS
  • Tightly integrated QoS and link balancing
  • Template-based and role-based configuration
  • Built-in web security (model F100 and higher)

The Barracuda NG Firewall F101 is a family of hardware and virtual appliances designed to protect network infrastructure, improve site-to-site connectivity and simplify administration of network operations. Beyond its powerful network firewall, IPS and VPN technologies, the Barracuda NG Firewall F101 integrates a comprehensive set of next generation firewall technologies, including Layer 7 application control, WAN optimization, Web filtering, anti-virus, anti-spam and network access control enforcement.

Central Management Across the Enterprise

With hardware models ranging from the micro branch office up to the large headquarters and datacenters, and a corresponding offering of virtual appliances, the Barracuda NG Firewall F101 is designed for deployment across the entire enterprise. Through the Barracuda NG Control Center, administrators can manage security, content and traffic management policies from a single interface. Centralized management of security and content policy provides a number of benefits, including:

  • Consistent security posture and policy enforcement across the enterprise
  • Real-time accounting and reporting across multiple gateways
  • Comprehensive history and rollback of configuration and policy changes across the network
  • Centralized version control of anti-spam, anti-virus, Web filter and network access control updates

Improving Performance, Availability, and Security of Distributed Networks

The Barracuda NG Firewall F101  is an enterprise-grade next-generation firewall that was purpose-built for efficient deployment and operation within dispersed, highly dynamic, and security-critical network environments

In addition to next-generation firewall protection, it provides industry-leading operations efficiency and added business value by safe-guarding network traffic against line outages and link quality degradation.

User identity and application awareness are used to select the best network path, traffic priority, and available bandwidth for business-critical traffic. In case of line failure, the Barracuda NG Firewall F100 can transparently move traffic to alternative lines and keep traffic flowing.

The Barracuda NG Firewall F101 meets enterprise requirements of massive scalability, efficient configuration and lifecycle management across dispersed networks, and performance guarantees for business-critical applications. The concept of integrated WAN optimization coupled with industry-leading centralized management results in significantly lower overall operational cost for multi-site deployments.

All policies, client, and device settings are centrally managed and tracked by the Barracuda NG Control Center.

Scalable Security for the Enterprise

Enterprise networks grow larger and more complex every day – and more critical to key business operations. The Barracuda NG Firewall F101 is an essential tool to optimize the performance, security, and availability of today’s dispersed enterprise WANs.

The Barracuda Advantage

  • Effective WAN Management
    • Application-based traffic prioritization across the WAN
    • Intelligent uplink balancing
    • Intelligent traffic reprioritization on uplink loss
  • Enterprise Readiness
    • Industry-leading centralized management
    • WAN optimization
    • Global WAN monitoring with Barracuda NG Earth
  • Scalable Security
    • Drag-and-drop VPN graphical tunnel interface
    • Integrates with cloud-based Barracuda Web Security Service

Integrated Next-Generation SecurityIntegrated Next-Generation Security

The Barracuda NG Firewall F101 is designed and built from the ground up to provide comprehensive, next-generation firewall capabilities. Cloud-hosted content filtering and reporting offload computeintensive tasks to the cloud for greater resource efficiency and throughput. Based on application visibility, user-identity awareness, intrusion prevention, and centralized management, the Barracuda NG Firewall F101 is the ideal solution for today’s dynamic enterprises.

Regaining Control of User ActivityRegaining Control of User Activity

The Barracuda NG Firewall F101 restores control to networks made opaque and unmanageable by mobile devices at work, Web 2.0 applications, increasing dispersion, and the growing integration and dependence on cloud-based resources. It extends security coverage beyond network boundaries, and makes it easy to monitor and regulate everything the network and its users are doing.

True Enterprise ReadinessTrue Enterprise Readiness

The Barracuda NG Firewall F101 meets the enterprise requirements for massive scalability and efficient management across distributed networks. Integrated WAN optimization and dedicated centralized management appliances enable organizations to increase system availability while keeping administrative time and operation costs low.

Monitor WAN activity in real time with Barracuda NG EarthMonitor WAN activity in real time with Barracuda NG Earth

Barracuda NG Firewall F101 Benefits

Controlling Application Usage

Controlling Application UsageThe Barracuda NG Firewall F101 gives administrators granular control over applications, allowing them to define rules for forwarding data traffic using the best respective transmission channels based on type of application, user, content, time of day, and geographical location. Mobile devices, online applications, social networks, and streaming media have caused an enormous increase in non-business network data traffic, pushing bandwidth capacities to their limits and causing degradation in performance of business-critical applications. The Barracuda NG Firewall F101 allows organizations to prioritize traffic by limiting or restricting access to non-business-related applications and network traffic, even when encrypted.
Key Features: Application Control 2.0, Deep Application Context, Personalized Application Control, User Identity Awareness, Reporting, Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection, Web Filtering, Malware Protection

Cloud Enablement and WAN Virtualization

Cloud Enablement and WAN VirtualizationOne way to greatly increase the capacity of site-to-site links is to simply pay more for extra bandwidth. A better way is to take advantage of the Barracuda NG Firewall’s advanced WAN optimization and cloud-enablement capabilities.

Cloud offerings like Amazon EC2 and Windows Azure depend on highly secure environments within the cloud. The Barracuda NG Firewall F101 is ideal for securing use of these cloud services – connecting on-premises networks to the cloud and connecting logically separated components within the cloud datacenters.
Key Features: Application-Based Link Selection, Traffic Shaping and Quality of Service, Failover and Link Balancing, WAN Optimization, Windows Azure, Amazon EC2

Secure Remote Access and Access Control

Secure Remote Access and Access ControlThe Barracuda NG Firewall F101 incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without time-consuming client configuration and management. The communication protocols used with our VPN clients has been optimized to be fully roaming-capable by quickly reconnecting upon loss of communication. Smart pathfinder technology determines the nearest point of entry to the corporate network. Advanced NAT traversal technology can use different encapsulation ports in either TCP or UDP and is able to mimic SSL to cut through intermittent proxies.
Key Features: BYOD (Bring Your Own Device), Secure Remote Access, Network Access Control

Operations Cost Control

Operations Cost ControlMaintaining and trouble-shooting security devices within enterprise networks can take a lot of time and IT resources. To mitigate operational costs, the Barracuda NG Firewall F101 provides advanced trouble-shooting and analysis through the intuitive web interface so that information such as activity history, complete logs, and graphical accounting can be obtained from powerful drill down views with just one click. Problem resolution times can be reduced from hours to just minutes.

With affordable, all-inclusive pricing (no per-feature or per-user license fees), the Barracuda NG Firewall F101 can converge multiple point solutions into just one appliance to deliver impressive upfront and running cost savings. Ease of use keeps training and administrative costs low, while traffic intelligence and WAN optimization extend the capacity of existing infrastructure to deliver additional long-term direct cost savings.
Key Features: Scalable Deployment, Lifecycle Management, Revision Control System, Audit, and Reporting

Barracuda NG Firewall Features

Application Control 2.0

The Barracuda NG Firewall F101 provides a powerful and extremely reliable detection and classification of more than 1,200 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:

  • Block unwanted applications for certain users or groups
  • Control and throttle acceptable traffic
  • Preserve bandwidth and speed-up business-critical applications to ensure business continuity
  • Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube Postings, or MSN file transfers)
  • Intercept SSL-encrypted application traffic

The Barracuda NG Firewall F101 features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, the Barracuda NG Firewall F101 comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial for QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Deep Application Context

The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.

Personalized Application Control

On top of the 1,200+ applications that are delivered out of the box and constantly updated, the Barracuda NG Firewall F101 provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization’s specific needs.

User Identity Awareness

Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to. Barracuda NG Firewalls F101 are fully user identity aware by linking a user to one or several IP addresses. Any role assignments that result from identity and device posture checks communicated to the firewall by our health agents can be used within the firewall to facilitate role-based access control (RBAC). Barracuda NG Firewalls support authentication of users and enforcement of user-aware firewall rules, web filter settings, and Application Control 2.0 using Active Directory, NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.

Reporting

The Barracuda NG Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda NG Firewall units and to create easy-to-read reports in pdf format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email. Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.

For auditing reasons IP addresses can be anonymized.

Intrusion Detection and Prevention

The Barracuda NG Firewall F101 Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda NG Firewall F100 is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NG Firewall F101 is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NG Control Center.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection

In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda NG Firewall F100 effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network. Additionally, the Barracuda NG Firewall F100 allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda NG Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.

Web Filtering

The Barracuda Web Filter enables highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.

Malware Protection

Barracuda NG Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda NG Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

Application-Based Link Selection

The combination of next-generation security and adaptive WAN routing allows the Barracuda NG Firewall F101 to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

Traffic Shaping and Quality of Service

Limited network resources make bandwidth prioritization a necessity. The Barracuda NG Firewall F101 provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. The Barracuda NG Firewall provides a large set of QoS techniques, such as traffic shaping, traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.

Failover and Link Balancing

To ensure the best and most cost-efficient connectivity, the Barracuda NG Firewall F101 provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.

WAN Optimization

The Barracuda NG Firewall F101 can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of business-critical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of the Barracuda NG Firewall F101 provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprise-grade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, the Barracuda NG Firewall F101 can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications – at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.

Windows Azure

Besides VMware, KVM, and XenServer, the Barracuda NG Firewall F101 is fully compatible for use in Windows Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer.

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances to help organizations.

Barracuda NG Firewall F101 virtual appliances are complete solutions, eliminating the need for installing, configuring, and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualized environments.

Amazon EC2

Besides VMware, KVM, and XenServer, the Barracuda NG Firewall F101 is fully compatible for use in Amazon Elastic Compute Cloud (EC2).

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances.

Barracuda NG Firewall F101 virtual appliances are complete solutions, eliminating the need for installing, configuring and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda Networks virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualization environments.

BYOD (Bring Your Own Device)

The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The Barracuda NG Firewall F101 provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Secure Remote Access

The Barracuda NG Firewall F101 incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every Barracuda NG Firewall F101 unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.

Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.

Network Access Control

The optional Barracuda NG Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.

The Barracuda Network Access Client, when used with the Barracuda NG Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NG Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NG Firewall units acting as policy servers can be administered, monitored, and reviewed from a single Barracuda NG Control Center.

Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With the Barracuda NG Control Center, managing mulitple Barracuda NG Firewalls takes the same amount of time as managing one.

  • Create pre-configured templates for easy-rollout.
  • Have all information about the enterprise security deployment available in real time.
  • Create reports of either one or all Barracuda NG Firewalls.

Lifecycle Management

Scalable Barracuda NG Firewalls F101 offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Revision Control System, Audit, and Reporting

The integrated revision control system increases auditing ease for the infrastructure and cuts overhead.

Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements.

Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable, and easy to read.

Barracuda NG Firewall F101 (WiFi Bundled) Specifications:

Barracuda NG Firewall F100 / F101
Interface
Copper Ethernet NICs 4×1 GbE
USB 2.0 2
Serial / console 1 [RJ45]
Integrated WiFi access point (802.11 b/g) Model F101 only
Performance (as of firmware release 5.4.X)
Firewall throughput 1 300 Mbps
Firewall throughput, Jumbo Frames N/A
VPN throughput [AES-128, NOHASH] 85 Mbps
VPN throughput [AES-128, MD5] 80 Mbps
VPN throughput [AES-128, SHA] 78 Mbps
VPN throughput [AES-256, MD5] 70 Mbps
IPS throughput 1 60 Mbps
Concurrent sessions 8,000
New sessions/s 2 1,500
Memory
RAM 2 GB
Mass Storage
Type Flash
Size 4 GB or better
Dimensions
Weight appliance 3.5 kg
Weight carton with appliance 5.5 kg
Appliance size: width x depth x height 374 x 190 x 50 mm
Carton size: width x depth x height 470 x 355 x 180 mm
Form factor Compact
Hardware
Hardware crypto accelerator Yes, built-in
Cooling Fanless3
Power supply Single, external
Environmental
Noise emission < 32 / 45 db/A5
Operating temperature 0 to +40 °C
Storage temperature -20 to +70 °C
Operating humidity 5% to 95% non-condensing
MTBF [System]
MTBF > 5 years
Certifications & Compliance
CE emissions Yes
CE electrical safety Yes
FCC emissions Yes
ROHS compliant Yes
Power & Efficiency
Power supply type External brick
Power type [AC/DC] AC
Input rating 100 – 240 Volts
Input frequency 50 – 60 Hz
Auto sense Yes
Wattage / max. power draw 60 W
Max. power draw 1.6 Amps.
Max. heat dissipation [W] 60 W
Max. heat dissipation [BTU] 205 BTU
Energy efficiency [average] > 83%
Packaging Content
Appliance Yes
Serial cable Yes
Straight network cable Yes
Cross network cable Yes
External power brick & cables Yes
USB flash drive for recovery & installation Yes
Quick start guide Yes
Wireless antenna Yes, for F101 only
Barracuda 19″ rackmount shelf kit Optional

1 Measured with large packets (MTU1500)
2 Measured with TCP
3 If model F101 is ordered with the Barracuda ISDN PCI Modem M20, a low noise fan will be installed to make sure the heat generated by the data card during extended operation can be dissipated.

Model Comparison:

There are eleven hardware models of the Barracuda NG Firewall that can handle up to 21 Gbps of firewall and 4 Gbps of VPN throughput. All models are centrally manageable through the Barracuda NG Control Center.

Model F10 – F300
Model F400 – F900

Model: F10 F100 / F101 F200 / F201 F280 F300 / F301
CAPACITY
Firewall throughput2 300 Mbps 300 Mbps 400 Mbps 1.3 Gbps 550 Mbps
VPN throughput3 85 Mbps 85 Mbps 120 Mbps 310 Mbps 160 Mbps
IPS throughput2 60 Mbps 60 Mbps 80 Mbps 450 Mbps 90 Mbps
Concurrent sessions 2,000 8,000 35,000 100,000 70,000
New Session/sec 1,000 1,500 2,500 8,500 2,500
HARDWARE
Form factor Desktop mini Desktop Desktop Desktop 1U Rack Mount
Dimensions (in) 9.5 x 6.5 x 1.9 14.8 x 7.5 x 2.0 14.8 x 7.5 x 2.0 10.7 x 7.7 x 1.7 16.8 x 13.0 x 1.7
Weight (lb) 4.4 7.7 7.9 5.1 9.9
Copper Ethernet NICs (std/max) 4x1GbE 4x1GbE 4x1GbE 4x1GbE 4x1GbE + 4×10/100
Power Supply Single, external Single, external Single, external Single, external Single, internal
3G USB Modem Optional Optional Optional Optional Optional
FEATURES
Firewall Yes Yes Yes Yes Yes
Application Control Yes Yes Yes Yes Yes
IPS Yes Yes Yes Yes Yes
Web Security Yes4 Yes Yes Yes Yes
Intelligent Traffic Flow Control Yes Yes Yes Yes Yes
IPsec VPN Yes Yes Yes Yes Yes
WAN Optimization Yes Yes Yes
Spam Filter Yes Yes Yes

Model: F400 F600 F800 F900
CAPACITY*
Firewall throughput2 3.9 Gbps 5.7 Gbps 10 Gbps 21 Gbps
VPN throughput3 700 Mbps 1.6 Gbps 2.2 Gbps 3.7 Gbps
IPS throughput2 900 Mbps 2.6 Gbps 3.1 Gbps 4.6 Gbps
Concurrent sessions 300,000 100,000 500,000 1,000,000
New Session/sec 16,000 35,000 45,000 100,000
HARDWARE
Form factor 1U Rack Mount 1U Rack Mount 1U Rack Mount 2U Rack Mount
Dimensions (in) 16.8 x 17.7 x 1.7 16.8 x 17.7 x 1.7 17.0 x 20.5 x 1.7 17.4 x 26.0 x 3.5
Weight (lb) 18.8 18.8 28.6 39.6
Copper Ethernet NICs (std/max) 8x1GbE 12×1 GbE Cooper6 12/20x1GbE 0/24x1GbE+ 1x1GbE Mgmt
1Gb Fiber SFP NICs 8×1 GbE Copper + 4×1 Gb Fiber SFP 7 0 (std.) 4 (opt.) 0 (std.) 12 (opt.)
10Gb Fiber SFP+ NICs 8×1 GbE Copper + 2×1 Gb Fiber SFP+ 8 0 (std.) 2 (opt.) 0 (std.) 6 (opt.)
Power Supply Single, internal Single, internal (std) Dual, internal (opt) Dual, internal Dual, internal
3G USB Modem Optional Optional Optional Optional
FEATURES
Firewall Yes Yes Yes Yes
Application Control Yes Yes Yes Yes
IPS Yes Yes Yes Yes
Web Security Yes Yes Yes Yes
Intelligent Traffic Flow Control Yes Yes Yes Yes
IPsec VPN Yes Yes Yes Yes
WAN Optimization Yes Yes Yes Yes
Spam Filter Yes Yes Yes Yes

1 With external link balancer only
2 Measured with large packets (MTU1500)
3 VPN throughput using AES128 NOHASH
4 With Barracuda Web Security Service subscription
5 Measured with jumbo frames (MTU9000)
6 F600 Standard model including single power supply
7 F600 1GbE SFP model including single power supply
8 F600 10GbE SFP+ model including dual power supply

Technical Specs

 FirewallFirewall

  • Stateful packet inspection and forwarding
  • Intrusion Detection and Prevention System (IDS/IPS)
  • Application control and granular application enforcement
  • Interception and decryption of SSL/TLS encrypted applications
  • Denial of Service protection (DoS/DDoS)
  • Spoofing and flooding protection
  • ARP spoofing and trashing protection
  • DNS reputation filtering
  • TCP stream reassembly
  • Transparent proxying (TCP)
  • NAT (SNAT, DNAT), PAT
  • Dynamic rules/timer triggers
  • Single object-oriented rule set for routing, bridging, and routed bridging
  • Virtual rule test environment

Intrusion Detection & PreventionIntrusion Detection & Prevention

  • Protection against exploits, threats, and vulnerabilities
  • Packet anomaly and fragmentation protection
  • Advanced anti-evasion and obfuscation techniques
  • Automatic signature updates

Traffic OptimizationTraffic Optimization

  • Link monitoring, aggregation, and failover
  • Source-based routing
  • Traffic shaping and QoS
  • On-the-fly flow reprioritization
  • Stream and packet compression
  • Byte-level data deduplication
  • Protocol optimization (SMBv2)

Mobile ConnectivityMobile Connectivity

  • iOS and Android mobile device VPN support

VPNVPN

  • Drag & drop VPN tunnel configuration
  • Secure site-to-site, client-to-site VPN
  • Supports AES-128/256, 3DES, DES, null ciphers
  • Private CA or external PKI
  • IPsec VPN/SSL VPN
  • VPNC certified (basic interoperability)
  • Application-aware traffic routing
  • PPTP/L2TP (IPsec)
  • Network Access Control
High AvailabilityHigh Availability

  • Active-active or active-passive
  • Transparent failover without session loss
  • Network notification of failover
  • Encrypted HA communication

Central Management OptionsCentral Management Options

  • Barracuda NG Control Center
    – Unlimited firewalls
    – Support for multitenancy
    – Multi-administrator support and RCS

Infrastructure ServicesInfrastructure Services

  • DHCP server, relay
  • SIP, HTTP, SSH, FTP proxies
  • SNMP and IPFIX support
  • DNS Cache
  • SMTP gateway and spam filter
  • Wi-Fi (802.11n) access point on selected models
  • User authentication via Captive Portal
  • Windows Active Directory agent for transparent user to IP mapping
  • Authentication – supports x.509, NTLM, RADIUS, RSA SecurID, LDAP/ LDAPS, Active Directory, TACACS+, SMS Passcode (VPN), local authentication database

Protocol SupportProtocol Support

  • IPv4, IPv6, ARP
  • BGP/OSPF/RIP
  • VoIP (H.323, SIP, SCCP [skinny])
  • RPC protocols (ONC-RPC, DCE-RPC)
  • 802.1q VLAN

 

 

 

 

 

 

 

 

 

 

 

Support Options

Barracuda Energize UpdatesBarracuda Energize Updates

  • Standard technical support
  • Firmware updates
  • IPS signature updates
  • Application control definition updates

Instant Replacement ServiceInstant Replacement Service

  • Replacement unit shipped next business day
  • 24×7 technical support
  • Hardware refresh every four years

Security Options

  • Barracuda Web Security Service (Cloud-based web security)
  • Barracuda NG Web Security (F100 and higher)
    • Barracuda NG Web Filter
    • Barracuda NG Malware Protection
  • Barracuda NG SSL VPN and NAC
    • Clientless access
    • Network Access Control validates client security access

 

 

Barracuda NG Firewall F101 Deployment:

The Barracuda NG Firewall F101 offers comprehensive protection of distributed networks through a combination of hardware and virtual appliances at each office location and comprehensive VPN access options for remote users.

To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

Barracuda NG Firewall F101 appliances are available for locations of all sizes, ranging from the very small remote location to the headquarters or even data center.

For on the go users, the Barracuda NG Network Access Clients provide secure and convenient VPN access to the network. For internet kiosks or home computers where client software deployment is not appropriate, the Barracuda NG SSL VPN & NAC option provides secure access to vital network resources from any Web browser.

NG Firewall Typical Deployment

Barracuda NG Firewall F101 Technology:

Application Control – Regain Control of the Network

By integrating Application Control into its core firewall engine, the Barracuda NG Firewall F101 can identify and enforce security policies on more sophisticated applications that may hide their traffic inside otherwise “safe” port/protocols such as HTTP. Instant messaging (IM) and and peer-to-peer (P2P) applications are particularly notorious for opening backdoors into the network and spreading malicious content, thus ultra-reliable application control for policy enforcement is required.

The Barracuda NG Firewall F101 provides a powerful and extremely reliable detection and classification of network traffic-based applications and protocols by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – even if the protocols are using advanced obfuscation, port hopping techniques, or encryption.

Granular Application Control

The Barracuda NG Firewall F101 allows the creation of dynamic application policies and allows establishing acceptable use policies for users and groups by application, application category, location, and time of day. In a nutshell it enables administrators to:

  • block unwanted applications for certain users or groups
  • control and throttle acceptable traffic
  • preserve bandwidth and speed-up business critical applications to ensure business continuity
  • enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube postings, or MSN file transfers)
  • intercept SSL-encrypted application traffic

Create granular application usage polices based on applications, users, groups, and time, regardless of source, destination, port or protocol
Create granular application usage polices based on applications, users, groups, and time, regardless of source, destination, port or protocol

Intuitive configuration of applications objects allows easy control and enforcement of more than 1,200 Web 2.0 and business applications
Intuitive configuration of applications objects allows easy control and enforcement of more than 1,200 Web 2.0 and business applications

Achieve Full User-Based Visibility and Control

The Barracuda NG Firewall provides seamless integration with all authentication methods (e.g. Active Directory, RADIUS, LDAP/s, etc.) to facilitate policy configuration based on the actual user and group information and not just IP addresses.

Achieve Full User-Based Visibility and Control

Rich Reporting and Drill-Down Capabilities

Real-time and historical application visibility shows application traffic on the corporate network for intelligent adjustment of the corporate application use policies.

New protocol and application definition updates are provided via Energize Updates to ensure continuous effectiveness of the Application Control capabilities.
New protocol and application definition updates are provided via Energize Updates to ensure continuous effectiveness of the Application Control capabilities.

The live view provides real-time visibility of application usage, current sessions, and user activity. Any network traffic can be immediately terminated or reprioritized by changing the respective QoS class.
The live view provides real-time visibility of application usage, current sessions, and user activity. Any network traffic can be immediately terminated or reprioritized by changing the respective QoS class.

Intrusion Detection & Prevention System – Complete and Comprehensive Real-Time Network Protection

Easy-to-use IDS/IPS policy settings

The Barracuda NG Firewall F101 Intrusion Detection and Prevention System (IDS/IPS) can strongly enhance network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as SQL injections or buffer overflows. In addition, the IDS/IPS keeps spyware and worms out of the corporate network to prevent fraud and maintain strict privacy. By constantly monitoring network and system activities for malicious or suspicious behavior, the Barracuda NG Firewall F101 can react in real-time to block and prevent such activities. In case an attack is detected, the Barracuda NG Firewall F101 can drop the offending packets while still allowing all other traffic to pass, or just detect and log the intrusion attempt. Depending on the severity of the threat, highly granular actions can be assigned on a per firewall rule base enabling the Barracuda NG Firewall to allow, block, or log questionable traffic based on severity, location, user/group, type, and application.

Robust Protection Against a Multitude of Threats & Exploits

The Barracuda NG Firewall F101 provides immediate out-of-the box protection against a vast number of exploits and vulnerabilities in operating systems, applications, and databases to prevent network attacks such as:

  • SQL Injections
  • Arbitrary Code Executions
  • Access Control Attempts and Privilege Escalations
  • Cross-Site Scripting
  • Buffer Overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDos) Attacks
  • Directory Traversal Attempts
  • Probing and Scanning Attempts
  • Backdoor Attacks, Trojans, Rootkits, Viruses, Worms and Spywares

Countering IPS Evasion and Obfuscation Techniques

The Barracuda NG Firewall F101 is able to identify and to block the advanced evasion attempts and obfuscation techniques that are widely used by attackers to circumvent and trick traditional signature based intrusion prevention systems such as

  • Packet Anomalies
  • IP Fragmentation
  • TCP Stream Reassembly
  • RPC Defragmentation
  • FTP Evasion Protection
  • URL Decoding
  • HTML Decoding and Decompression
  • TCP Split Handshake Protection

Additional Network Protection Techniques

In addition to the comprehensive intrusion pattern database and the advanced anti-evasion countermeasures, the Barracuda NG Firewall offers a wide range of transport layer protection mechanisms such as:

  • IP Spoofing Protection
  • Portscan and Sniffing Protection
  • TCP SYN Flood Protection
  • ICMP Flood Protection
  • Duplicate Local IP Detection
  • Resource Exhaustion Protection
  • ARP Spoofing and Trashing Protection

The threat scan view displays all events related to IDS/IPS and Application Control
The threat scan view displays all events related to IDS/IPS and Application Control

Management Concept of Barracuda NG Firewall

Barracuda NG Admin is a simple and easy-to-use graphical configuration and management application that operates on all current Microsoft operating systems (Windows XP, Windows Vista, Windows 7, and Windows 8 – requires .NET). All configuration changes are collected locally and only need to be activated when needed. With Barracuda NG Admin, it is possible to manage and configure multiple Barracuda NG Firewalls simultaneously by directly connecting to the appliance and executing configuration changes locally.

Key Benefits

  • No installation needed
  • All functions of the Barracuda NG Firewall F101 can be configured and managed via the graphical user interface
  • Same look and feel whether a single Barracuda NG Firewall or thousands managed via Barracuda NG Control Centers
  • Simultaneous access to multiple gateways
  • Admin private key management
  • Trust verification of accessed boxes

 

 

 

  • Integrated SSH/SCP client
  • Integrated web interface for access of other Barracuda products
  • Integrated command-line interface for optional scripting purposes
  • Encrypted communication (SSL, AES-128)
  • Fast user interface that responds without lag allowing quick and efficient configuration
  • Configuration changes may be collected and applied in bulk at a later time

The dashboard displays a live view on a selection of important status and statistics data such as top application usage, detected intrusion events, number of active sessions, etc.
The dashboard displays a live view on a selection of important status and statistics data such as top application usage, detected intrusion events, number of active sessions, etc.

The Status Map displays an overview of all centrally managed Barracuda NG Firewall gateways.
The Status Map displays an overview of all centrally managed Barracuda NG Firewall gateways.

Barracuda NG Firewall FAQ:

What is a Next Generation Firewall?

Next generation firewalls are the successors of traditional firewall and unified threat management (UTM) devices. Traditional firewalls generally perform packet forwarding and blocking functions and often incorporate packet inspection techniques. UTM devices usually add content security functions but typically fail to tightly integrate those functions tightly with network management, network access and WAN connectivity capabilities of enterprise-class firewalls.

To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application profiling and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).

Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda NG Firewall is the most advanced next generation firewall on the market today.

What is a Network Security Gateway?

Network security gateways are the successors of traditional firewalls, unified threat management (UTM) devices, and the latest cycle of “next-generation” firewalls. Traditional firewalls forward packets and block functions often employing packet inspection. UTM devices usually add content security functions. Next-generation firewalls add detection and control of social media and Web 2.0 applications, but typically fail to integrate these functions tightly with link management, WAN management, and SSL VPN remote connectivity.

In comparison, the Barracuda NG Firewall, the first true network security gateway, starts by integrating an advanced network firewall with Layer 7 application recognition and user awareness, content security, malware protection, plus IPS in a suite of security technologies. It tightly integrates these features with intelligent network link aggregation and traffic management, VPN WAN management, and optimization for seamless remote office integration and SSL VPN for remote client security. As a network security gateway, the Barracuda NG Firewall weaves a seamless fabric of security, performance optimization, high-availability, and centralized management into network infrastructures while simplifying network architecture.

Why do I need a Next Generation Firewall?

Absent application awareness, existing firewall and UTM solutions will generally prove ineffective at dealing with a growing category of current and emerging threats. Even when best-of-breed point solutions can be utilized to provide protection along all threat vectors, such as email, Web, remote access, and IM, operational costs can typically be reduced through consolidation.

Beyond threat protection, application-awareness can dramatically improve traffic prioritization and routing decisions over site-to-site connections, resulting in cost reductions of MPLS, leased line, bandwidth, or 3G data charges associated with maintaining reliable WANs.

Through the Barracuda NG Control Center, the Barracuda NG Firewall delivers next generation firewall features with industry-leading centralized management, capable of scaling to thousands of firewalls with very little administrative overhead.

What are the major capabilities of the Barracuda NG Firewall?

The Barracuda NG Firewall is a next generation firewall and VPN that provides:

  • Integrated content security and network access control
  • Optimization of intelligent traffic flow across the WAN
  • Industry-leading centralized management capabilities

Integrated content security and network access control:

Barracuda NG Firewall integrates a comprehensive set of next generation firewall technologies, including Web filtering, malware protection, intrusion prevention, anti-spam protection and Layer 7 application profiling.

Barracuda NG Firewalls include licenses for an unlimited number of IPSec site-to-site connections and IPSec clients through the Barracuda NG VPN Client. The Barracuda NG Firewall SSL VPN and NAC option adds a customizable and easy-to-use Web portal-based SSL VPN as well as sophisticated network access control (NAC) functionality. NAC allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of anti-virus and/or anti-spyware and user ID. The Barracuda NG Network Access Client also adds support for 802.1x port based security for 802.1x enabled routers and switches.

Optimization of intelligent traffic flow across the WAN:

The Barracuda NG Firewall provides application-aware traffic management and prioritization across the WAN, featuring adaptive routing based on network traffic conditions and link status. In addition, through Barracuda NG Control Center, administrators can efficiently monitor VPN tunnels and firewall status.

Industry Leading Centralized Management Capabilities:

To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NG Control Center supports multiple administrators simultaneously – even within the same configuration tree. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

What are the differences in levels between the Barracuda NG Control Center editions?

The Barracuda NG Control Center is offered at three levels – Standard Edition, Enterprise Edition and Global Edition. All Barracuda NG Control Center levels enable administration of an unlimited number of Barracuda NG Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or “range.” The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each “range.”

What application proxies are included?

Barracuda NG Firewalls include application layer proxies for HTTP, HTTPS (optional), FTP, SSH, as well as a generic TCP and SOCKS proxy.

What is Layer 7 application profiling?

Application identification techniques in traditional firewalls typically rely on Layer 3 (destination IP address) or Layer 4 (TCP port / protocol) definitions.

Next-generation firewalls utilizing Layer 7 Application Control can identify and enforce policy on more sophisticated applications that may hide their traffic inside otherwise “safe” port/protocols such as HTTP. Skype and peer-to-peer (P2P) applications are particularly notorious for requiring Layer 7 Application Control for policy enforcement.

The Barracuda NG Firewall integrates Layer 7 Application Control into its core firewall functions, enabling enforcement of policy based on user ID, security policy, location, and time of day. Policy actions can include blocking, allowing, throttling, or even enabling or disabling of specific application features.

What user authentication methods are supported?

The Barracuda NG Firewall can authenticate users and enforce user-aware policy using Active Directory, NTLM, MC CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, built-in local authentication, as well as x.509 certificates.

Does the Barracuda NG Firewall help my organization troubleshoot network problems?

All Barracuda NG Control Center and Barracuda NG Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.

What if I am not looking to replace my entire firewall infrastructure?

In addition to the Barracuda NG Firewall, Barracuda Networks offers a set of best-of-breed point solutions to address your needs if you are not looking yet to replace your entire firewall infrastructure. Relevant point solutions include:

  • Email security: Barracuda Spam & Virus Firewall
  • Web filtering: Barracuda Web Filter or Barracuda Purewire Web Security Service
  • Layer 7 application profiling: Barracuda Web Filter
  • SSL VPN: Barracuda SSL VPN
  • Site-to-site IPSec VPN: Barracuda Link Balancer
  • Link load balancing: Barracuda Link Balancer

What appliance models are recommended for my organization?

The Barracuda NG Firewall is a family of hardware and virtual appliances designed to service next generation firewall capabilities to all office locations of enterprise networks. This includes very small remote locations, home offices, branch offices, headquarters and data centers. Typically, Barracuda NG Firewall models are sized based on firewall throughput, VPN throughput, concurrent connections, and the features selected. For more information, please contact your Barracuda Networks systems engineer.

Does the Barracuda NG Firewall involve per user fees for VPN client or SSL VPN client usage?

No. The Barracuda NG Firewall models include a license to an unlimited number of Barracuda NG VPN clients. With the purchase of the Barracuda SSL VPN and NAC option, there is no licensed limit to the number of Barracuda NG Network Access clients or Barracuda NG SSL VPN users.

What is the pricing?

The Barracuda NG Firewall comes in seven base hardware configurations, ranging from very small office to data center locations. Entry level pricing for the Barracuda NG Firewall F10 starts at $599.

What is included in the Energize Updates subscription for the Barracuda NG Firewall?

Energize Updates from Barracuda Central deliver updates on the extensive library of definitions for intrusion prevention and Layer 7 application profiling. In addition, Energize Updates subscriptions also provide access to Basic Support, Firmware Maintenance and optional participation in the Barracuda Early Release Firmware program.

What does the warranty cover?

There is a one year warranty against manufacturing defects in the USA and Canada.

When will the Barracuda NG Firewall be available?

The Barracuda NG Firewall is available immediately for sale in North America with the ability to ship to remote customer locations across the world. Please contact your Barracuda Networks sales representative for more information.

What if I have more questions about the Barracuda NG Firewall?

For additional assistance or for a product demonstration of the Barracuda NG Firewall, please contact us.

Harga Price List Barracuda NG Firewall F101 (WiFi Bundled)

Barracuda NG Firewall F101 (WiFi Bundled) Base Appliance

Barracuda NG Firewall F101 (WiFi Bundled)
*Please Note: The purchase of at least 1 Year of Energize Update & Instant Replacement is required
Part Number Price List Harga Kami
BNGF101a  Rp 17.690.000,- (REQUEST QUOTE)

Barracuda NG Firewall F100 Energize Update (EU) Subscription

Barracuda NG Firewall F101 Energize Update (EU), 1 Year
Part Number Price List Harga Kami
BNGIF101a-e1  Rp 4.195.000,- (REQUEST QUOTE)
Barracuda NG Firewall F101 Energize Update (EU), 3 Year
Part Number Price List Harga Kami
BNGIF101a-e3  Rp 9.435.000,- (REQUEST QUOTE)
Barracuda NG Firewall F101 Energize Update (EU), 5 Year
Part Number Price List Harga Kami
BNGIF101a-e5  Rp 14.675.000,- (REQUEST QUOTE)

Barracuda NG Firewall F101 Instant Replacement (IR) Subscription

Barracuda NG Firewall F101 Instant Replacement (IR), 1 Year
Part Number Price List Harga Kami
BNGF101a-h1  Rp 4.195.000,- (REQUEST QUOTE)
Barracuda NG Firewall F101 Instant Replacement (IR), 3 Year
Part Number Price List Harga Kami
BNGF101a-h3  Rp 9.435.000,- (REQUEST QUOTE)
Barracuda NG Firewall F101 Instant Replacement (IR), 5 Year
Part Number Price List Harga Kami
BNGF101a-h5  Rp 14.675.000,- (REQUEST QUOTE)