Barracuda SD-WAN Netify Review

Barracuda SD WAN Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Barracuda and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Barracuda Networks solutions would be a good choice for larger firms looking for a cloud-native and comprehensive SD WAN solution. The Barracuda SD WAN solution is built natively on Microsoft Azure, leveraging the Microsoft Global Network as a WAN backbone, with integrated NGFW and security services. Their SASE solution offers ZTNA, SWG and FWaaS on one platform, with remote access capabilities. 

Barracuda’s cloud offering is strong, due to their unique partnership with Microsoft. They offer a range of WAF security capabilities with 8 Microsoft Preferred solutions developed in conjunction with Microsoft. Barracuda is a good choice for large global enterprises looking for a comprehensive cloud-based SD WAN and SASE solution. Their cloud security services are also an option for businesses who are looking to migrate to the cloud. 

About Barracuda

Founded in 2003, Barracuda Networks is an SD WAN and SASE vendor. The company currently support over 200,000 global customers, 5,000+ channel partners across the Americas, EMEA, APAC and is headquartered in Campbell, California, United Sates. In the Gartner 2021 Magic Quadrant for Network Firewalls, Barracuda Networks were named a Visionary as well as a Challenger in the Gartner 2021 Magic Quadrant for Web Application and API Protection. The company has local offices in: United Kingdom, Australia, Austria, Belgium, Canada, China, France, Germany, Hong Kong, India, Italy, Japan, Malaysia, New Zealand, Singapore, Switzerland and the United States. 

What is the Barracuda SD WAN Solution?

Barracuda offer a comprehensive Secure SD WAN solution with integrated Next Generation Firewalls (NGFW), removing the need for a separate security solution. Secure SD WAN offers improved speeds for application access to business-critical resources located on-premises and in the cloud. Low latency connectivity is also available for SaaS applications such as Slack, Salesforce, Office 365 and Google. The comprehensive solution combines SD WAN, security, WAN optimization and link balancing, with cloud-based fuel emulation sandboxing for all locations and protection from zero hour attacks, with an NGFW. The SD WAN solution is offered as part of Barracuda’s CloudGen Firewall product or can be deployed as a cloud service delivered natively on Azure called CloudGen. 

The Barracuda Secure SD WAN solution offers zero touch deployment, with Direct Internet Access (DIA) which can be provisioned to remote locations without the need to backhaul traffic for a central security inspection.

What is the Barracuda SASE security solution?

Barracuda’s cloud-native SASE offering is built on Azure in conjunction with Microsoft. This allows clients to move security, network infrastructure, routing and remote access to the public cloud, whilst controlling access to data from remote devices with policy enforcement and security inspection from the cloud, a device or on-premises. Barracuda SASE includes Firewall as a Service (FWaaS), Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG) and SD WAN. 

• FWaaS: The FWaaS solution uses next generation technologies such as intrusion prevention, anti-spam, network access control, application profiling and web filtering to protect against attacks such as malware and ransomware. Further security inspection and enforcement is offered both in the cloud and on-premises. 
• ZTNA: ZTNA verifies attempts to access data and resources, meaning that only verified users can access corporate resources. The service also improves connectivity for remote users.

How does Barracuda access cloud vendors?

Barracuda Secure SD WAN offers deep integration with major cloud ecosystems to allow users to use cloud workloads simultaneously even if they are hosted by different cloud infrastructure providers. 

• Azure: Barracuda offer strong cloud solutions designed to be deployed in Azure. Currently, they offer 8 Microsoft Preferred solutions that have been joint developed between Microsoft and Barracuda. Clients can secure multiple workloads in one solution using Barracuda Reference Architecture and the Barracuda CloudGen Firewall has the capability to connect any number of remote users to applications with a dedicated VPN client which supports a majority of popular device operating systems. The Barracuda CloudGen Web Application Firewall (WAF) detects application security attacks which includes those listed in the OWASP Top 10. The WAF solution is also capable of running as a virtual machine, or as Barracuda WAF-as-a-Service for automated web application protection. This can be deployed in all 54 Azure regions globally for advanced bot, OWASP Top 10 and API Protection, with integration for Azure Active Directory. The service is also available for hybrid and multi-cloud environments.
   
• AWS: Barracuda leverages two AWS Security Competencies, with built-in AWS cloud features and is certified on GovCloud which is part of AWS’s Authority To Operate partner initiative. The solution includes Barracuda’s CloudGen WAF which detects application security flaws such as OWASP Top 10 vulnerabilities, zero hour attacks and other advanced threats. The WAF has been awarded AWS APN Security Competency, which means that it is acknowledged by AWS Solution Architects to be a strong solution. The offering also includes performance tuning features such as load balancing, content caching and SSL offloading, with Barracuda APIs for integration with packaged applications and supporting orchestration tools such as Puppet and tracking and remediation for security best practices. The CloudGen WAF APIs are publicly available in GitHub and integrate directly into applications. Further security for AWS includes the Barracuda CloudGen Firewall with the Transport Independent Network Architecture (TINA) tunnel architecture to improve the efficiency of IPsec connections and allow for the use of UDP, TCP and ESP for high speed VPN connections. Finally, the Barracuda Cloud Security Guardian is an agentless SaaS service which is designed to secure organizations whilst they build applications in the public cloud.
   
• Google Cloud Platform (GCP): The Barracuda CloudGen Firewall F Series offers fully integrated network-based protection and is the first network firewall that is approved for use in GCP. The service allows clients to use the same Reference Architecture for on-premise firewalls and WAFs, to secure web facing applications. The firewall also features a number of client-to-site VPN options for secure access to resources for remote users. Clients can integrate security with GCP using APIs and published integrations with orchestration tools. 

Does Barracuda offer WAN acceleration and optimization?

Barracuda offer WAN optimization technology included in the Barracuda Secure SD WAN solution. Some of the features of Barracuda’s WAN optimisation include: adaptive session balancing, advanced data caching, adaptive bandwidth protection, dynamic quality of service, dynamic bandwidth & latency detection, failover link support, Forward Error Correction (FEC), network traffic compression, network link pooling, performance based transport selection, site-to-site connectivity and, TINA (Transport Independent Network Architecture), Barracuda’s propriety VPN protocol. Application-based routing optimization ensures the quickest internet uplink is chosen to access each SaaS application.

How does Barracuda support remote users?

Direct Internet Breakouts are available with Barracuda SD WAN to support remote users.

• CudaLaunch: CudaLaunch is a Windows, macOS, iOS and Android application that ensures mobile/remote workers can access corporate resources by extending the enterprise network to devices whilst enforcing pre-existing polices.
   
• Barracuda Secure Connector: Barracuda Secure Connector is a hardware VPN client that provides both home and small offices with secure connection resources to the corporate datacentre. A secure VPN connection is made with a Secure Access Controller which can manage up to 2,500 Secure Connector Appliances as well as applying 14 layers of CloudGen Firewall Security. This solution ensures that employees can connect multiple devices whilst providing an alternative to the potentially unsecured home network.
   
• Personal Security: Teleworkers can securely access enterprise Azure workloads through encrypted VPN tunneling. This solution utilizes Barracuda’s TINA VPN protocol to connect remote ‘work from home’ environments, up to four devices per user, to the corporate network. 

What is the Barracuda managed, co-managed and DIY services solution?

Barracuda offer managed SD WAN and SASE services through their Managed Service Provider (MSP) partners. 

Barracuda Networks solutions support BYOD (Bring Your Own Device) and BYOL (Bring Your Own License). However, the ability to co-manage or self-manage (DIY) Barracuda Networks SD WAN is dependent on the flexibility of the chosen third party Managed Service Provider (MSP) Partner. 

What Reporting and Management is available via the Barracuda Portal?

Barracuda Cloud Control is a single pane of glass, Web-based portal that provides access to reports, device visualization, and management of data security policies as well as all owned Barracuda services and products. Barracuda cloud is available for both physical and virtualised deployments. Security policies administered by the management portal only need to be defined once for it to be enforced for multiple users and locations. The web portal can be accessed from anywhere with a secure connection. 

What is the Barracuda SLA?

Barracuda offer publicly available Service Level Agreements for Barracuda WAF-as-a-Service, Barracuda Essentials and Barracuda Back up. At the time of writing there is not currently a publicly available SD WAN Service Level Agreement for Barracuda Networks.