Barracuda NG Firewall

Growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures cannot reach; specifically, data centers not owned by your corporate IT group. The Barracuda NG Firewall provides centralized management and highly secure, encrypted traffic to, from, and within Microsoft Azure deployments.

Secure Connectivity

For an optimum Azure deployment, it is crucial to initiate the deployment in a highly secure and reliable way. Deploying a Barracuda NG Firewall in Microsoft Azure provides comprehensive, secure connectivity capabilities, starting with high-performance TINA VPN tunnels for site- to-site and client-to-site connections. Deployment includes robust WAN optimization features to maintain the highest quality of service possible.

Integrated Next-Generation Security

The Barracuda NG Firewall is designed and built from the ground up to provide comprehensive, next-generation firewall capabilities. Based on application visibility, user-identity awareness, intrusion prevention, and centralized management, the Barracuda NG Firewall is the ideal solution for today’s dynamic enterprises that are adding Microsoft Azure into their company network.

Central Management

Users of the Barracuda NG Firewall benefit from the same single-pane-of-glass central management that is used in on-premises deployments. It enables users to manage the secure VPN connections, to, from, and within Microsoft Azure, and the NG Firewall itself.

Product Spotlight

  • Security site-to-site and client-to-site connectivity
  • Powerful next-generation network firewall
  • Intelligent traffic regulation and profiling
  • Tightly integrated QoS and application-based link balancing
  • Dynamic path routing
  • Template-based and role-based configuration
  • Built-in web security

The Barracuda Advantage

  • Secure and reliable connectivity between on-premises and Azure deployments
  • Secure and reliable connectivity between Azure deployments
  • Central management of all functionality for both, on-premises and Azure deployments
  • Unrivaled Quality of Service capabilities

Technical Specifications


  • Stateful packet inspection and forwarding
  • Full user-identity awareness
  • Intrusion Detection and Prevention System (IDS/IPS)
  • Application control and granular application enforcement
  • Interception and decryption of SSL/TLS encrypted applications
  • Denial of Service protection (DoS /DDoS)
  • Spoofing and flooding protection
  • ARP spoofing and trashing protection
  • DNS reputation filtering
  • TCP stream reassembly
  • Transparent proxying (TCP)
  • Dynamic rules / timer triggers
  • Single object-oriented rule set for routing, bridging, and routed bridging
  • Virtual rule test environment
  • Antivirus and URL filtering right in the firewall engine

User Identity Awareness

  • Terminal Server Agent
  • Domain Controller Agent
  • Authentication – supports x.509,
  • NTLM, RADIUS, RSA SecurID, LDAP/LDAPS, Active Directory, TACACS+, SMS Passcode (VPN), local authentication database

Intrusion Detection & Prevention

  • Protection against exploits, threats and vulnerabilities
  • Packet anomaly and fragmentation protection
  • Advanced anti-evasion and obfuscation techniques
  • Automatic signature updates

Traffic Optimization

  • Traffic shaping and QoS
  • On-the-fly flow reprioritization
  • Stream and packet compression
  • Byte-level data de-duplication
  • WAN optimization (SMBv2)


  • Drag & drop VPN tunnel configuration
  • Secure site-to-site, client-to-site VPN
  • Supports AES-128/256, 3DES, DES, null ciphers
  • Private CA or external PKI
  • IPsec VPN / SSL VPN
  • VPNC certified (basic interoperability)
  • Application-aware traffic routing
  • PPTP / L2TP (IPSec)
  • Network Access Control
  • iOS and Android mobile device VPN support

Infrastructure Services

  • DHCP server, relay
  • SIP, HTTP, SSH, FTP proxies
  • SNMP and IPFIX support
  • DNS Cache
  • SMTP gateway and SPAM filter

Protocol Support

  • IPv4, IPv6, ARP
  • VoIP (H.323, SIP, SCCP [skinny])
  • RPC protocols (ONC-RPC, DCE-RPC)
  • 802.1q VLAN