Solution Brief Enterprise-Wide Security and Application Policy Enforcement Across WAN and Cloud

Barracuda CloudGen Firewalls provide multiple layers of protection—including cloud-based sandboxing—that stop both traditional and new, advanced threats without impacting network performance. The Firewall Control Center eliminates the need to manage individual locations or appliances by adding a virtual WAN edge with automatic security enforcement across the entire WAN edge, including cloud and virtual locations.

Reducing the Management Surface: Eliminating Superfluous Equipment By integrating multiple technologies into one easy-to-use, centrally managed solution, Barracuda CloudGen Firewalls let you cut through WAN complexity and streamline IT operations. They deliver all the technologies you need to protect the WAN edge, eliminating the need for multiple products from different vendors. They integrate all functions of typical UTMs, next-generation firewalls, and Advanced Threat Protection solutions, and also provide advanced remote connectivity, application performance routing, traffic optimization, and WAN link balancing capabilities that typically are only available in separate SD-WAN solutions or sophisticated Link/ Load balancing equipment.

AV, URL, & SD-WAN, Spam WAN Opt, Remote Firewall Protection Link Balancer Access

Barracuda Firewall Control Center Distributed WAN Edge Security across all platforms, deployment factors, and sizes To use centralized application enforcement effectively, you need to have exactly the same functionality and feature level available across all deployment levels, from a single remote office desktop appliance to a high-performance datacenter appliance, whether deployed on-premises or in the cloud. This allows central definition and enforcement of security and traffic flow settings. The Barracuda CloudGen Firewall includes Distributed Firewall Policy Management to enable a virtual WAN edge across all devices at the network. This lets you centrally define security settings and enforcement on a global scale across thousands of devices forming the WAN edge. Local administrators at remote locations can add to this security policy (e.g. allow new internal subnets), but they cannot circumvent or disable it. This ensures secure local internet breakouts at every edge of the WAN network, including cloud locations.

100% Centrally Managed Infrastructure

Centrally linked security templates for efficient management Security and application performance settings on every device of the virtual WAN edge are not a one-time deployment of the settings, but a constantly updated link to the central policy templates on the Barracuda Firewall Control Center. The high-performance proprietary TINA VPN encryption maintained between all devices at the virtual WAN edge and the Firewall Control Center ensures that thousands of remote locations are updated in real time whenever a configuration template is changed or optimized to combat the latest malware threat.

HQ / DC or Cloud

US / CA EMEA

Barracuda Firewall Control Center

Centrally enforced

Cannot override Cannot override Centrally enforced Centrally WAN Edge WAN Edge

US / CA Local settings EMEA Local settings Security (additional) Security (additional) Policy Policy

Globally Enforced Security Policy by Headquarters Centrally linked security templates for efficient management Security and application performance settings on every device of the virtual WAN edge are not a one-time deployment of the settings, but a constantly updated link to the central policy templates on the Barracuda Firewall Control Center. The high-performance proprietary TINA VPN encryption maintained between all devices at the virtual WAN edge and the Firewall Control Center ensures that thousands of remote locations are updated in real time whenever a configuration template is changed or optimized to combat the latest malware threat.

US / CA Security Template EMEA Security Template Con guration link Barracuda Allow X to Y Allow X to Y Firewall Control Center (Changes applied in real time to all WAN edge devices) Allow Y to Z Allow Y to Z Enforce AV scanning & ATP Enforce AV scanning & ATP Block URL categories X, Y, Z Block URL categories X, Y, Z etc. etc.

Summary Barracuda CloudGen Firewalls provide a unique amalgamation of full next-generation security technology, integrated secure SD- WAN, and public cloud readiness. This enables the most secure and uninterrupted access to company resources hosted in the public cloud or anywhere else on the corporate WAN. Full integration into Barracuda Firewall Control Center architecture and Zero-Touch Deployment capabilities guarantee hassle-free centralized management and security enforcement across thousands of remote devices and locations. REST API, SNMP, and full command-line access for scripting allow custom integrations. Advanced security functions include application enforcement, IPS, URL filtering, malware protection, sandboxing (ATP), botnet and spyware protection, and Denial- of-Service protection.

US 1.0 • Copyright 2018 Barracuda Networks, Inc. • 3175 S. Winchester Blvd., Campbell, CA 95008 • 408-342-5400/888-268-4772 (US & Canada) • barracuda.com Barracuda Networks and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the United States. All other names are the property of their respective owners.