Barracuda NextGen Firewall F180 review
Affordable enterprise-level security
Barracuda's latest NextGen F-Series of firewalls is aimed firmly at SMBs and scenarios such as branch office deployments. Four new desktop models join this big family of appliances and are designed to offer enterprise features such as advanced traffic optimisation and cloud app controls.
The F180 on review can handle around 75 users with all security services enabled or up to 150 users if it's deployed purely for secure remote access. Network options look good as it teams up six Gigabit Ethernet ports with an integral 8-port switch and adds 802.11n wireless services.
Barracuda has attempted to streamline its various subscriptions to avoid any hidden costs, but there are still far too many options to plough through. The F180 hardware costs 1,599 ex VAT. This includes the base license' which includes firewall, anti-spam, mail gateway and basic VPN server functions. To get updates for this though, you'll need an Energize Update subscription. A one-year Energize Update subscription costs 299, as does the separate Instant Replacement service which is essentially a next business day replacement warranty service for faulty hardware.
Barracuda has attempted to streamline its various subscriptions to avoid any hidden costs, but there are still far too many options to plough through
Mail gateway and anti-spam services, which are only available on the F180 and larger models, are included in the base license. The web security service costs another 498 per year and includes Barracuda's web filter and malware protection.
You also get IPSec VPN services included in the base license, but if you want Barracuda's slick CudaLaunch SSL VPN portal then you'll need a Premium Remote Access subscription which costs 169 for one year. There's more as Barracuda's new Advanced Threat Detection (ATD) service adds another 299 to the yearly bill.
A steep learning curve
Barracuda claims the NextGen appliances are easy to configure, but we beg to differ. The F180 doesn't have a web interface. You manage individual firewalls using Barracuda's NG Admin portable client (which can be run off a USB flash drive), while multiple firewalls can be managed using the optional NG Control Center VM instead.
Initial deployment is hassle-free as NG Admin fires up a wizard on first contact with the appliance. It creates a transparent bridge across the first two Gigabit Ethernet ports for evaluation purposes or sets it up in routing mode for production environments.
It get a lot trickier from here on in, mainly due to the overwhelming range of security features on offer. Each modification also requires the relevant configuration page to be unlocked for write access. Subsequent modifications have to be saved to the appliance and then activated.
NG Admin can get very busy but its dashboard does provide a lot of useful information
Even so, we were impressed with the dashboard which provides a complete overview of all services and updates, a real-time traffic graph and alerts on major security events. The Firewall tab shows allowed and blocked applications and URL categories as well as the latest threats. The use of widgets means the view can be customised to suit.
Rules for everything
Firewall rules comprise sources, destinations, services plus action policies. Within each one, you can enable application controls, URL filtering, SSL interception and ATD. Barracuda provides around 100 URL filtering categories and we created a range of firewall objects with different sets of blocked categories, enforcing them with application rules.
Barracuda provides a fine choice of URL categories for web filtering policies
Rules also control selected applications and Barracuda offers predefined rules for hundreds of apps, ready for use. Naturally, Twitter and Facebook are present with the latter providing twelve entries for controlling various social networking activities. Application rules can also be used to allow access to apps during specific times and apply QoS profiles to throttle or prioritise their traffic.
Barracuda's controls allow you to fine tune access to a wide range of business cloud apps
For anti-virus scanning, you can globally enable the Avira or ClamAV scanning engines on all policies. If performance isn't an issue, you can have them both active.
Wireless traffic will be subjected to all firewall checks and guest users can be redirected to a custom web portal complete with AUP agreement.
Anti-spam setup takes a little longer as we had to create mail gateway and spam filter services first as they aren't enabled by default. Along with scanning mail and sending it on to an internal mail server, there's also an option in the mail gateway service to transparently scan POP3 traffic.
Advanced Threat Detection
ATD combats the latest malware threats and zero-day exploits by using Barracuda's cloud-based sandbox technology to safely execute and analyse files to determine if they're safe. It's easy enough to configure as you decide whether files, such as Office docs, PDFs and ZIP archives, are uploaded to the cloud and scanned first or delivered and then scanned.
After testing ATD, we were sufficiently impressed to recommend it highly. It has its own dashboard status widget where we could see files being uploaded for scanning and those being blocked. We could also manually upload files and have them checked.
ATD produced a damning report on the suspect email attachment we gave it to check
We tried this out by uploading a suspect email attachment to the ATD cloud server and found its diagnosis chilling. The ATD report concluded that if the file had been opened, it would have run an external program, injected code into Chrome and Firefox, attempted to download executable content the list just went on and on.
We found the complex configuration could be very trying at times, but there's no doubting the F180's credentials. This firewall has some of the best security features available at this price.
The NG Admin dashboard is very informative while ATD and the app controls were particularly impressive. Businesses that rely on cloud applications will find Barracuda's granular approach to network security a good fit.
It’s not the easiest to configure, but Barracuda’s NextGen Firewall F180 is packed to the gills with great security making it good value
Network: 6 x Gigabit Ethernet, 8-port Gigabit Ethernet switch, 802.11n wireless
Other ports: 4 x USB 2, VGA, RJ-45 console port
Power: External PSU
Management: Barracuda NG Admin, NG Control Center
Warranty: Included in Instant Replacement