Barracuda Firewall

Barracuda Firewall yeni jenerasyon uygulama kontrolü yapabilen uygun fiyatlı ve kolay kullanımlı ağ güvenlik duvarıdır.


Application Visibility and Control
The Barracuda Firewall analyzes network traffic up to Layer 7, leveraging advanced fingerprints to identify applications and content traffic. Based on the fingerprints, a flexible set of actions, including allowing, blocking, resetting, and redirecting connection attempts and traffic can be defined. A library of hundreds of applications is currently fingerprinted. Furthermore, granular policies can be set for specific application features (e.g., limiting audio calls on Skype). These fingerprints are dynamically updated so that security policies and signatures remain up to date.

Active Connections and Real-Time Control
An insightful dashboard interface provides an overview of the active connections for a network. With this interface, real-time actions can also be taken. When resource-intensive applications are preventing business-critical activities like VoIP conference calls, administrators can take immediate action to either end a connection or regulate its bandwidth.

Intrusion Detection and Prevention (IPS)
The Barracuda Firewall Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against thousands of network based threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases to prevent network attacks such as:

SQL injections and arbitrary code executions
Access control attempts and privilege escalations
Cross-Site Scripting and buffer overflows
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
Directory traversal and probing and scanning attempts
Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda Firewall is constantly up-to-date.

Quality of Service (QoS) and Traffic Prioritization
Granular QoS settings enable an organization to set bandwidth policies for applications, services, and users. In addition, traffic prioritization can be set to ensure that latency-sensitive or business-critical applications are always given priority. Pre-built policies enable organizations to immediately begin implementing one of eight pre-defined bandwidth policies. Pre-defined policies can easily be customized to individual customer needs.

Advanced Threat Detection
The Barracuda Firewall provides advanced malware protection capabilities through multiple layers of scanning in the cloud for inbound and outbound threats. The anti-malware engine is powered by threat intelligence gathered from multiple sources of data including data sharing partnerships, commercial security data, real-time email, and web scans from more than 150,000 data sensors worldwide. Antivirus signatures are continuously updated to provide rapid response to new and known security threats. Additionally, unknown and emerging web-based viruses and spyware are detected using object-based techniques and advanced heuristics. The service also protects against malicious web applications and script-based attacks through AJAX-aware analysis and sandboxing. HTTP-focused behavior analysis and intrusion detection are used to block botnet communication, spyware, and rogue viruses.

Real-Time Updates
Barracuda’s 24×7 threat operations center analyzes the latest emerging web-based malware and provides real-time updates. This provides zero-hour response time to fast moving, aggressive web threats with no need to maintain up-to-date signature databases on-premises.

High-Performance Malware and Virus Scanning
Malware scanning is a CPU-intensive operation with a significant performance impact when paired with network packet processing operations on the firewall. By leveraging the cloud for the heavy lifting, the Barracuda Firewall maintains high throughput levels when forwarding packets, handling VPN connections, regulating application traffic, and preventing network intrusions. Even the smaller Barracuda Firewall units for branch offices benefit from the full power of the cloud and are able to scale easily with increasing traffic volumes.

User Awareness
The Barracuda Firewall authenticates users with Active Directory, NTLM, LDAP/LDAPS, RADIUS, and x.509 digital certificates. User- and group-specific policies, including time-based access controls, are integrated into the firewall rules, making it easy for administrators to customize network access, application usage, and bandwidth allocation for specific users and groups.

Cloud-Based URL Filtering and Reporting
Barracuda Firewalls can be easily configured to transparently redirect web traffic tagged with user identity information to the cloud-based Barracuda Web Security Service. Administrators can use a central management portal to configure user/group-based content filtering rules across 95 content categories. Administrators can block, accept, warn, or log access to domains along with advanced policies such as “safe search” enforcement on search engines, YouTube for Schools integration, HTTPS filtering, and domain whitelisting/blacklisting. In addition, the service leverages the elasticity and scalability of the cloud to provide more than 50 reports on all aspects of Internet browsing without any on-premises storage and performance limitations.

Cloud-Based Central Management
Barracuda Firewalls are integrated with the Barracuda Cloud Control (BCC) web-based management portal, which leverages Barracuda’s global cloud infrastructure to enable organizations to centrally manage all their devices through a “single pane of glass” interface. Administrators have a global view of all their devices, as well as the ability to centrally manage policies and configuration. The intuitive interface makes it easy for small and medium-sized organizations to implement and manage their firewalls with minimal IT overhead.

One Stop for Firewall Rules
The intuitive interface is designed so that a single configuration encompasses every component of a firewall rule. This includes link balancing and QoS configurations necessary to ensure uptime and full control of network traffic. A drag-and-drop interface enables quick-and-easy prioritization of rules.

Powerful Object-Oriented Design
The Barracuda Firewall provides organizations with the ability to aggregate devices, services, and users into management objects. These objects can contain references to other objects, creating a cascading and instantaneous impact across the network when network requirements change.

The power of objects is available to an organization the moment a Barracuda Firewall is deployed. A library of network, device, and user objects are pre-packaged for immediate use, or objects can be created to aggregate the ones that are already predefined on the unit.

Link Optimization and Failover
To ensure the best and most cost-efficient connectivity, the Barracuda Firewall provides a wide range of built-in uplink options including unlimited leased lines, up to six DHCP, four xDSL, up to two ISDN and a UMTS lines. Administrators can bond multiple low-cost WAN links such as DSL lines to increase bandwidth at reduced costs. Further, by eliminating the need to purchase additional devices for uplink balancing, security-conscious customers will have access to a WAN connection; even if one or two of the existing WAN uplinks are severed.

Inbound Link Balancing
The Barracuda Firewall performs inbound link balancing by distributing inbound traffic across multiple links, leveraging its authoritative DNS services. This ensures that the Authoritative DNS server always provides the IP address of the best link when responding to DNS queries.

3G Connectivity
The Barracuda 3G/UMTS Modem provides support for wireless third-generation broadband communication using 3G technologies. This is ideal for remote sites that need a cost-effective, rapidly deployable, and ultra-reliable WAN backup solution to protect it from outages caused by cable or fiber link outages.

It can also serve as a high-quality and cost-effective alternative to traditional uplinks such as DSL, ISDN, and cable lines. The Barracuda 3G/UMTS Modem is suitable as a primary link for temporary sites, in-vehicle deployments, or for businesses requiring connectivity in areas with weak infrastructure such as construction sites, remote areas, mobile businesses, or trade shows.

Guest Networking
Barracuda Firewall provides two options to set up guest access to the internet. Both options are available for locally attached networks as well as for Wi-Fi networks on the Barracuda Firewall X101 and X201 appliances.

Confirmation Page: The confirmation page option prompts guests to agree to a configurable Terms of Service page before they can access the network. Guests are subsequently tracked with the assigned IP address since no user information is available.
Guest Ticketing: The guest ticketing option will display a customizable logon page asking for user and passcode as set up on an admin website served by the Barracuda Firewall. Guests are subsequently tracked with their assigned username.
Barracuda Firewalls X200 and higher provide VPN capabilities that can be used from within a web browser, the so called SSL VPN. Unlike traditional client-to-site VPN, SSL VPN does not require the installation of client software on the end user’s computer. Use SSL VPN to grant remote users access to web applications, client and server applications, as well as internal network resources like Outlook Web Access, SMB, RDP, Telnet, SSH, SMTP, POP3, VNC, IMAP4, webDAV, and HTTP and HTTPS web forwards.

SSL VPN is available at no additional cost for an unlimited amount of users for Barracuda Firewall X200 and higher.

Client-to-Site VPN
The Barracuda Firewall provides support for a suite of protocols to connect remote employees. The appliance supports IPsec-based VPN, PPTP, and the Barracuda Network Access VPN client. The VPN tunnel can be authenticated using a comprehensive set of mechanisms including NTLM, RADIUS, LDAP/LDAPS, Active Directory, and Local Authentication. Barracuda Networks provides VPN clients for Windows, Mac OS X, Linux, and Debian–downloadable right from the user interface.

Site-to-Site Connectivity
IPsec VPNs ensure secure connectivity to other remote sites or a centralized office. Barracuda includes unlimited site-to-site licenses to connect as many sites as needed to the Barracuda Firewall.

Simple Pricing
The Barracuda Firewall is delivered with all features and capabilities fully enabled. Content filtering and advanced malware protection is offered as an all-inclusive subscription without any per-user fees. The Barracuda Cloud Control management portal is included free of charge.

Leave a Reply

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir