Barracuda NG Firewall The Next Generation Firewall for the Distributed Enterprise Barracuda NG Firewall is a next-gen firewall that was purpose built for efficient deployment and operations in dispersed, highly dynamic, and security-critical environments. In addition to security, it provides industry-leading operations effectiveness and added business value by protecting traffic against outages and link congestion. It employs user and application awareness to select network path, priority, and bandwidth. In case of line failure, it transparently adjusts and keeps traffic flowing. All policies are centrally managed. Version 5.4.3 | July 2014

Why today‘s Firewalls are broken Visibility No visibility into user behavior No control over applications Manageability No centralized management No centralized deployment Intelligence No network optimization No traffic prioritization Security No Network Access Control No IDS/IPS No Secure Remote Access

Regaining Control is Essential Control Application Usage Cloud enablement & WAN virtualization Access Control & Mobility Operations cost control Controlling Application Usage: Block unwanted application Throttle tolerated applications Application-based link selection Speed-up business-critical tools Always-on Connectivity: Integrated QoS and intelligent traffic shaping (dynamic path routing and application-based link selection) Multiple uplinks and redundancy Intelligent link failover and business critical traffic priorization in case of link loss Access Control and Mobility: Network Access Control and VPN Simple guest networking and WiFi Integrated SSL VPN Excellent Value: No per user fees Single appliance with fully integrated functionality Single pane of glass Cost-effective central management and lifecycle management

Introducing the Barracuda NG Firewall Powerful network firewall Full application control Full user awareness Intelligent traffic management Comprehensive IDS/IPS Centrally manage all functionality

The Evolution of the Firewall WAN optimization Centralized management Scalability Remote network access Reporting/Audit capabilities Quality of Service (QoS) Application control Identity awareness Ports, packets, protocols Anti-virus scanning Traditional Firewall/UTM Barracuda NG Firewall Next Generation Firewall

Regain Control – Application Awareness Business Critical? Acceptable? Security Flaw? Block unwanted applications Control and throttle acceptable traffic Preserve bandwidth and speed-up business critical applications Intercept SSL encrypted application traffic Besides state-of-the-art application control, BNG lets you preserve bandwidth and speed up business applications.

Traditional Use Case – Block Traffic Block unwanted applications for certain users or groups Based on specific authentication mechanisms (e.g. DC agent, MSAD, LDAP, RADIUS, ...) specific traffic for specific users/groups can be blocked.

Get Smarter – Selective Blocking Block unwanted applications for certain users or groups Enable or disable application specific sub-functions (e.g. Facebook Mail) In addition to basic user/group blocking, you can allow subapplications/subfunctions for specific users and specific time frames. At the same time, you can enforce QoS for the allowed connections (more on QoS on the next slide).

Improving Overall Network Quality Control and throttle acceptable traffic Throttle unimportant traffic (bulk traffic)

Protect and Support the Business Control and throttle acceptable traffic Preserve bandwidth and speed up business-critical applications Throttle unimportant traffic (bulk traffic) and speed up business-critical applications.

Traffic Analysis and Live Application Control

Application-Based Link Selection ISP 1 ISP 2 Application-Based Link Selection The combination of next-generation security and adaptive WAN routing lets the Barracuda NG Firewall dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

All You Need to Know with Just One Click Real-time information and quick history drill downs Live (active connections)

Application Context Discover the actual intentions of users & applications

Full User Awareness DC Agent (Domain Control Agent) Automatic user-IP mapping Exclude IP addresses manually (e.g. HTTP proxies and Terminal Servers) Monitor Active Directory remotely TS Agent (Terminal Server Agent) Map users to specific port ranges TS Agent connections are SSL encrypted Mapping information is sent only after successful connection establishment Debug log of identifying connection issues DC Agent: User-IP-Mapping The Barracuda DC Agent is the connector between various Barracuda Networks products and Microsoft® domain controllers to transparently monitor user authentication. With the DC Agent, Barracuda Networks systems can monitor domain controllers to automatically detect when users log into their Windows domains. The Barracuda DC Agent lets you manually exclude IP addresses of user client PCs or known multi-user computer systems and provides a "learning mode" that proposes the exclusion of suspicious systems. Due to the complexity of today's network environments and multi-user computer systems, a user-to-IP association is not always possible or required. For example, you can exclude the HTTP Proxy and Terminal Server because they allow multiple users and use a single IP address for authentication against domain controllers. If you install the Barracuda DC Agent on a dedicated computer system instead of the Active Directory server, you can also remotely monitor Active Directory. Terminal Server Agent: To let the Barracuda NG Firewall get information about users who are logged into a Microsoft Terminal Server, install the Barracuda Terminal Server Agent (TS Agent). It functions similarly to the Barracuda DC Agent for Windows domain controllers, which authenticates users according to the IP addresses that are mapped to their usernames and group context. However, the Barracuda TS Agent authenticates users according to a specified port range because every user on the Terminal Server has the same IP address. The Barracuda TS Agent maps each user to a source port range and sends this mapping to the Barracuda NG Firewall with user information. When the Barracuda NG Firewall receives a TCP or UDP packet, it looks at the source port and IP address and then matches rules on the user’s distinguished name and group membership. Connections with the Barracuda TS Agent are SSL encrypted. Mapping information for users is only sent after connections are established. The Barracuda TS Agent also writes a debug log that helps you monitor your Terminal Server and identify possible problems.

Reports Create customizable Top Reports for: Applications, risk, category Protocols Users Sources & destinations Geo locations URLs etc. Automatic generation and delivery Schedule reports via e-mail, or to a file share.

Barracuda Report Creator Example report.pdf

Cloud Enablement The uplink is your weakest link. 99.999% availability made easy. xDSL Ethernet xDSL Internet DHCP MPLS BNG allows the simultaneous use of multiple ISPs, provides link balancing and transparent failover. Animation description: Email can be sent via DHCP/cable connection, web traffic via multiple DSL connections (link balanced), VoIP via MPLS If DHCP breaks, e-mail traffic is automatically rerouted via the DSL connections

Virtual Appliances Barracuda NG Firewall virtual images are available for: VMware ESX Hyper-V KVM Citrix XenServer Public cloud offerings: In addition to the virtual appliances for Vmware ESX, Hyper-V, KVM, and XenServer, the Barracuda NG Firewall is also available for public cloud offerings including Microsoft Azure and Amazon Web Services.

Increase Network Throughput WAN Optimization Data compression TCP-flow optimization Protocol acceleration Data deduplication Headquarters Branch Office

VPN – Effective Operations VPN is hard to setup, maintain, and troubleshoot? REALLY? Really? Video 1: With other solutions a VPN is hard to maintain and troubleshoot. If you have to use CLI, it is even more difficult. Does it really have to be so difficult? With BNG, all you have to know is how to drag & drop. Video 2: Fully meshed VPN including WAN optimization (CIFS and mail).

Barracuda NG Control Center C400/VC400 – Standard Edition C610/VC610 – Enterprise Edition VC820 – Global Edition For efficient and flexible management, Barracuda offers five different control centers. C400 (hardware appliance) and VC400 (virtual appliance fof VMware, KVM, XenCitrix) Unlimited firewalls (recommended 20) 1 tenant Multiadmin support Role-based administration Revision control system Central statistics Central syslog (host/relay) Firewall audit collector/viewer NG access monitor C610 (hardware appliance) and VC610 (virtual appliance fof VMware, KVM, XenCitrix) The above plus: Unlimited firewall (recommend 200 hardware-based; unlimited, but depending on hardware for virtual appliance) Multitenancy on cluster-base Barracuda NG Earth PKI Service VC820 Unlimited firewall (depending on hardware for virtual appliance) Multitenancy on range-base (5 tenants included; more available for purchase) High Availability license included

Industry Leading Centralized Management Daily Tasks, 1 Firewall 10 minutes In our experience, it takes 10 minutes per day to manage a single firewall

Industry Leading Centralized Management Daily Tasks, 100 Firewalls 16 hours So extrapolating from this to 100 firewalls (a standard sized BNG project), this adds up to over 16 hours each day for only managing tasks.

Industry Leading Centralized Management Daily Tasks, 100 Firewalls 10 minutes Multiple Locations, Multiple Firewalls Barracuda NG Control Center So extrapolating from this to 100 firewalls (a standard sized BNG project), this adds up to over 16 hours each day for only managing tasks.

Improve your Security Posture State-of-the-art inline IDS/IPS Real-time update of signatures Included with Energize Updates Network Access Client Customizable web-based SSL VPN Sophisticated Network Access Control (NAC) Centrally managed via the Barracuda NG Control Center

The Barracuda NG Firewall Product Line

Barracuda NG Firewall Advantage Understand what users are doing on your network Improve your security posture Cloud-based web security Intelligently regulate network traffic Optimize bandwidth usage and link availability Increase network throughput Centrally manage the corporate network Globally monitor your WAN Reduce associated management costs

Next Steps

The last firewall you will ever buy Moving Forward Talk to us Ask for a demo Free 30-day evaluation The last firewall you will ever buy