Barracuda NextGen Firewall F80 review

A fine range of network security measures for the price, but tempered by a steep learning curve

IT Pro Recommended
  • Buckets of application rules; Good real-time monitoring;
  • Dense, cluttered admin console; No anti-spam protection;

Barracuda's latest NextGen F-Series firewalls look like the perfect choice for small and medium-sized businesses that require the toughest network security, while sophisticated traffic shaping and quality-of-service (QoS) features put the focus firmly on optimising access to cloud-based apps.

The NextGen Firewall F80 on review has a claimed 500Mbits/sec IPS throughput that should be sufficient for the recommended 50-user limit. Moreover, the price includes one-year subscriptions to Barracuda's full web security, advanced threat protection, Energize Updates and instant replacement services.

The integral wireless access point (AP) is of the single-band 2.4GHz 802.11n variety, capable of presenting multiple virtual SSIDs. Anti-spam protection isn't available on this model - if you need this, look instead at the F180 and models above that.

However, Barracuda's Advanced Threat Detection (ATD) feature does combat the latest malware and zero-day exploits. It checks hashes of incoming files to confirm they're safe and, if any are unknown, it uses cloud-based sandbox technology to safely analyse them before they can pass through.

Advertisement - Article continues below
Advertisement - Article continues below

The device doesn't have a web interface and is managed individually through Barracuda's NG Admin portable client, or through the optional NG Control Center, which provides a single interface for multiple appliances.

The NG Admin wizard either creates a transparent bridge across the first two Gigabit ports for evaluation purposes, or sets it up in routing mode for production environments. Both modes only take a few seconds to configure - but take a deep breath, as it gets much harder from here on in.

The NG Admin console isn't very intuitive, and the sheer range of security features on offer makes some of them hard to find. Furthermore, each change requires the relevant configuration page to be unlocked for write access and subsequent modifications saved to the appliance and then activated.

The dashboard provides a complete status of all services and plenty of real-time activity graphs. Its Firewall tab shows the primary permitted and blocked applications, as well as URL categories and the latest threats. Courtesy of a vector chart, you can also see the geolocations from which they emanated.

The real-time views provide impressive levels of detail on traffic and apps, and PDF reports can be easily generated using the free NG Report Creator tool. We linked it to our appliance and scheduled regular reports to be emailed on topics such as the most frequently blocked apps and the latest detected threats.

Firewall rules comprise sources, destinations, services and action policies, in each of which we enabled application controls, URL filtering, SSL interception and ATD. For URL filtering, Barracuda provides around 100 categories.

Advertisement - Article continues below

We created a range of firewall objects with different sets of blocked categories, which we enforced using application rules, of which there are hundreds. Facebook alone has 12 options for controlling logins and allowing or denying access to chat, file transfer, video calls, posts and more.

For mobile users, the CudaLaunch app comes with the optional Remote Access subscription and provides an SSL VPN portal for iOS and Android, with quick links to favoured apps. Moreover, guest wireless users can be redirected to a custom web portal complete with an acceptable-use policy (AUP) agreement.

Antivirus settings are applied globally, through which we enabled both the Avira and ClamAV engines (they can also run separately). Global ATD policies are configured from here, and it was up to us whether Office documents, PDFs and ZIP archives were uploaded to the cloud and scanned first, or delivered first and then scanned.

The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.

Advertisement - Article continues below

This review originally appeared in PC Pro issue 259


The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.

Advertisement - Article continues below

Desktop chassis

1.7GHz Intel Atom C2358


4 x Gigabit Ethernet

802.11n wireless


4 x USB 2

RJ45 serial

External PSU

NG Admin and Control Center management

274 x 162 x 44mm (WDH)

Options: appliance and all services/3yr, £2,274 exc VAT

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020