Barracuda Web Application Firewall Reviews

We used Barracuda Web Application Firewall to protect the banking system. There were cyber drills where we had to find some logs, share those logs, and identify the attacks.

What I like most about Barracuda Web Application Firewall is its availability. I also like that it's an easy-to-use solution.

An area for improvement in Barracuda Web Application Firewall is attack identification. Other banks identified attacks and tracked logs that the solution wasn't able to identify because of its ready-made rules pre-deployed by the vendor. My organization raised this issue with the technical support team.

Another area to improve in Barracuda Web Application Firewall is its service desk. The team resorted to stonewalling because they couldn't accept that a feature was missing in the solution, and it was only after a lot of drilling down that the service desk team accepted that, and would be adding that feature in the future.

My organization had to submit a report to the Reserve Bank of India with information on the logs identified and the attacks that happened, and that there was a failure on the part of the Barracuda Web Application Firewall. The Reserve Bank of India conducts a tri-monthly cyber risk audit in all Indian banks. Even smaller banks identified and caught attacks that my organization wasn't able to do, so I was looking into other solutions that competitor banks could be using because Barracuda Web Application Firewall failed to identify some of the attacks.

I've used Barracuda Web Application Firewall for six months in the past year.

Barracuda Web Application Firewall is a stable product.

Barracuda Web Application Firewall is a scalable product. Scaling it up isn't an issue.

I wasn't happy with the technical support for Barracuda Web Application Firewall, particularly because of the intentional stonewalling by the team. The support team should accept if a threat wasn't caught by the solution. Support should accept that there's a problem in Barracuda Web Application Firewall and improve or fix that problem. My organization had to do a lot of drilling down before the technical support team accepted that the solution was lacking, and that was frustrating.

My rating for the Barracuda Web Application Firewall technical support team is a two out of five.

Barracuda Web Application Firewall was easy to set up. It's a physical appliance, and I only needed one engineer to do the setup. My support engineer set the product up remotely, and it wasn't difficult.

I don't remember how long the deployment took for Barracuda Web Application Firewall because it was done by one of my engineers, but the solution was easy to deploy.

Barracuda Web Application Firewall was implemented by a support engineer from my organization.

I don't remember which version of Barracuda Web Application Firewall I used, but it was the latest at the time.

My organization has a few people using Barracuda Web Application Firewall. Only four or five people use the product.

What I would tell people to do before using Barracuda Web Application Firewall is to first have a POC with different vendors and solutions and even use one or more open source firewalls and WAFs before making a decision. You have to first do a lot of research before installing Barracuda Web Application Firewall because even some open source WAFs can identify some attacks that Barracuda isn't able to identify.

My rating for Barracuda Web Application Firewall is six out of ten.

I'm a product user and not a reseller or partner of Barracuda Web Application Firewall.

We primarily use this solution for security purposes. We use it as a firewall.

The interface is great. It's one of the most valuable aspects of the solution. 

The visibility we are able to achieve is quite good. 

The traffic monitoring is very helpful and the URL filtering has been excellent.

Even when we were upgrading to a new OS, we didn't have any difficulties with the product. The stability is good.

We have found that the technical support is very good.

The pricing of the product isn't overly expensive. 

While the UI is good, it can get a little bit complicated. It's not like Next-Gen Firewalls. I need to remember all of the tabs. The sub-tabs should be at the right as they are in the Next-Gen. Mostly, Next-Gen firewalls have everything on the left panel and it will reappear. It would be nice if there was a little more consistency.

I only really have one year of experience with the solution. Therefore, it's hard to discuss missing features. I need more time to explore the product first. 

I have been using the solution for one year.

We haven't had any issues with the stability or the performance, even when switching to a new OS. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. 

While the solution may be scalable, I don't have enough background to really comment. I haven't been involved in scaling. 

Technical support is quite good. That's the main reason everyone is shifting to Barracuda.

It's from India. I'm in the Middle East. Even though the product is from the UAE, the Middle East, the support is from India. They have good engineers that are well-trained. That said, if you need an L3 issue resolved, those engineers are from other regions. Typically an Indian tech will communicate with the other region directly. The support in the case of L3s likely comes from Europe. In any case, everyone is very helpful and responsive, and we are satisfied with the level of support.

The initial setup is not overly complex or difficult. It's easy enough to execute. That said, the burden has to be getting a bit of the knowledge in regards to routing. That's a tricky area. However, it's pretty much the same as a Next-Gen Firewall configuration.

The pricing is okay, however, there are a few other competitors that are a little bit lower. It's still reasonable. 

I'm an end-user and a customer. 

I would rate the solution at an eight out of ten. Sometimes the solution can be tricky around filtering, which is why I don't give it perfect marks.

Typically these web application firewalls act as an additional layer primarily for traffic. The web application firewalls are more of a safeguard if a company still has legacy technologies, for which they don't have the patches. It's basically used for the protection and security of web applications.

The solution has been quite stable. It's reliable.

The initial setup is mostly straightforward.

I wouldn't say that the solution is flexible. The technology is moving towards having the firewall, which is distributed to each workload, rather than having a static firewall pertaining to a particular application or a cohort of applications. There are other solutions that are much more flexible in this regard. VMware, for example, gives good flexibility in this regard.

The solution needs to leverage some additional features to a broader scale of software-defined networks.

Given the distributed computing and decentralized architecture with people working in hybrid modules, there'll be lesser and lesser control. People would like to have, for example,  edge computing, et cetera, which is going to be the future for computing. Hence every organization would like to scale the design to the extent where they would like to have their defenses also go along with their workloads. 

If, for an SDN, I need to go to VMware, and, for WAF, I need to go to Barracuda, or different other firewalls, the company is losing market share. They need to increase flexibility, agility, scaling, et cetera, as that is going to be the new normal, maybe in the next two to five years. 

We've been using the solution for close to two years at this point.

The solution is quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

I'm not sure about the scalability. I would need to explore it more. The most scalable products are likely VMware's NSX, as it is a company that's bit on cloud migration cloud transformation strategies. They'd like to ensure their workloads are safe and secure. I don't see this in traditional RAFs or even firewalls. 

It's difficult to found how many users are on the solution at this time as we use multiple web application firewalls on different applications. It is not every application however, there would be certain applications that would have a WAF. Likely, it's around 10,000 users across applications.

We do plan to continue to use the solution into the future.

We haven't really had to engage with technical support. I can't speak to how helpful or responsive they are in general.

We did use a different solution before switching to Barracuda. Typically, we run a POC first before moving onto anything new, which is what happened in this case.

The initial setup is pretty straightforward. However, it does help to have some depth of knowledge with the solution. 

I cannot recall the exact amount of time the deployment took.

While I don't have dedicated staff on the solution to handle maintenance, I have about six people on my team that can cover whatever needs to be done when something arises.

Licensing is something the procurement team takes care of. I don't have any insights in terms of the licensing agreement or costs that may be involved.

We are customers and end-users.

Typically, we keep updating our infrastructure, and therefore, we are likely using the latest version of the solution, however, I do not have the version number on-hand.

I would recommend the solution to other organizations.

Overall, we've been quite satisfied with the capabilities of this product. I would rate it at an eight out of ten.

The solution is our WAF for Azure. It is for operation for Transit CAS applications.

We primarily use the solution for the protection of the active WAF. It offers quite good security.

The solution is stable.

The initial setup is pretty straightforward, especially if you enlist assistance.

We've had some blocks of the application and some false positives. Barracuda needs to ensure there are fewer false positives in general. There also needs to be less of a learning curve on the application in general. That might help us eliminate false positives as well. Basically, they need to help new users better learn and understand the solution.

I have an issue with the console currently. I cannot access the console from inside the network. When I access the entire network, it kicks me off all the time. I opened a case with technical support. We've checked the firewall the perimeter firewall, and we've tried to fix that problem, however, it's still the problem. I have to access the console from outside all the time to this day.

I've been using the solution for a while now. It's been about five years.

The stability is okay. We don't have issues with the reliability of Barracuda. There aren't bugs or glitches. It doesn't crash or freeze at all. I'd describe it as stable for the most part.

The scalability may be okay. However, we have only one Barracuda gateway. We don't really need to scale the solution fight now.

We might have about 500 users within our company using the solution right now.

I've reached out to technical support in relation to a console problem and they have yet to fix the issue for us. All they've done is told me to check the firewall, which I have, and to install a new version. I upgraded the version, however, the issue persists. They haven't been extremely helpful and I'd have to say that I am disappointed with their level of service so far.

Overall, I would rate the support at an eight out of ten.

We also use Imperva. We use both solutions at once.

I'm not the administrator of the installation process. Therefore, it's hard for me to say if it was difficult or complex. I can't really comment on the initial implementation.

That said, it's my understanding, from talking to the administrator in the past, that it wasn't too complex.

I'm not sure how long the deployment took. I only really deployed the last application protection.

We had the support of the partner for the implementation, which helped iron out any difficulties.

We're just a transportation company. We're a customer. We don't have a business relationship with Barracuda.

I recommend the solution to other organizations for protecting applications specifically in Azure.

Overall, I would rate the solution at a nine out of ten.

We primarily use the solution to secure most data centers. We also use it for mobile apps for malicious automated attacks. 

The solution offers multiple security features. There are machine learning features and great URL encryption. It also offers multi-protocol support against DDoS attacks.

The API security they offer is quite good.

The technical support on offer is very good.

There's multiple application delivery which is impressive.

The deployment isn't very user-friendly.

There are a lot of up and coming competitors in the space, and there's always new technology coming out. The solution needs to make sure that it keeps up with what's going on in the industry to make sure they don't get left behind.

The documentation is lacking. It's not like what you'd get if you were using Juniper or Cisco. They need to expand on it and make it more useful.

I've been using the solution for almost four and a half years.

The stability of the solution is good. It's pretty reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's good.

The scalability has been fine. It's been quite good for us. We don't have complaints in that regard.

We've always been pretty happy with technical support. We find them helpful and knowledgable.

I also work with Fortinet solutions and I find that sometimes they can be limiting and have their own set of difficulties.

The initial setup is okay, however, it's not particularly user-friendly. I wouldn't describe it as complex. It's more difficult.

We are system integrators. We can handle implementations.

The pricing is okay. Unlike other competitors, you are able to negotiate a little bit, which can help drive down the cost to the company.

We're a solution partner, an integrator. We have partnership-level agreements with the solution.

We have multiple deployment models. We use it on-premises as well as on the cloud using both Amazon Web Services and Azure.

Overall, I'd rate the solution seven out of ten. It would be hard for any product to rate a ten out of ten for me. However, to get a bit of a higher mark, it should offer better documentation and be more user-friendly, particularly where deployment is concerned. I'd still recommend Barracuda, though. It's pretty solid.

They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor. 

I don't really like the product. They restricted the number of servers we can protect. They restrict how many servers you can protect based on appliance.

They also don't support additional ATP. Customers also want ATP. They want something extra apart from the basic security package. 

Their appliances are very cheap. The quality is not that good. Their appliances should be more robust. 

I have been using this solution for a year. 

The backend server capability is low. It's risky to put extra servers behind it because it may or may not protect it. The workload is not that high. 

It has worked fine until now. We have some projects that are overloaded. In the next phase, I will remove some servers and add one or two servers from our project team. 

I have not tested out the scalability. 

The software is running 24/7.

I am not satisfied with the support. It used to be better. 

You don't need help from Barracuda to help with the deployment. The deployment is easy. We deployed them all by ourselves. It took some research through the manuals and documentation to find the best way to deploy for your infrastructure. The research took two to three days and then it took another two to three days to install it. By 7-8 days we were ready to do a soft launch. We did the rest within a month. 

We only needed one team member to deploy it. I worked alongside him so that I could also understand it. 

There are costs in addition to the standard licensing. 

I would rate it a five out of ten. 

My advice would be to explore the market. There are many good players. If a solution is on the higher side, it could be a better investment. 

We use this as public cloud and a virtual appliance based on Azure Cloud.

It's very simple and predictable because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process.

I think the biggest value comes from the ability of Web Application Firewall to perform analysis of attacks that are registered by it, as well as its ability to analyze source code of those attacks and all traffic that is captured by Web Application Firewall. 

The basic functionality of the Web Application Firewall is pretty good. Therefore in comparison with CloudFlare, Barracuda has significant powerful instruments for analysis of main traffic of requests that we get on the application. If however, we try to compare Barracuda and F5, F5 is more powerful than Barracuda. In any case, it's very hard to make these comparisons, because one product has more powerful features from one point of view, while the other product is better from another point of view.

I can say that it's good only in comparison with some products. All products have approximately the same functionality, but some products are more powerful in certain aspects.

I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall.

Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area.

A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker.

The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.

If I remember correctly, when applying changes to a policy, the system tries to reward the current system. I didn't check if the site is available, but it seems that certain views could be unavailable during this process. Any changes or configurations submitted demand voiding. This can be a surprise because when you try only to save the configuration but don't commit it, you might think this doesn't take effect. If you don't want to commit this policy exactly at this time the appliance will still start to change it. This might be a quirk of this appliance.

I read that you can scale this system by building redundant schemes and using special appliances to manage certificates, but I didn't try it. Therefore, as a manager I don't know, because I didn't try to make a redundant scheme.

Only a few users at our company implement this, but all visitors to our site are affected by this implementation.

I didn't fight with them because all features and implementations that I tried didn't demand any help from technical support.

We actually switched to Barracuda because it's cheaper than F5. This might not be the case for others, because there are several solutions that are cloud based. It is a service of a service and in some cases this kind of product would be cheaper than Barracuda. It depends on the implementation scheme and business needs. In some cases, Barracuda is cheaper, in some cases Barracuda is more expensive. In our case it was cheaper.

The initial setup was very easy and straightforward. I don't remember how long deployment took, but it was very quick. If I remember, you just need to assign the address management interface and add additional IP addresses to other interfaces, enable them, etc. After that, your site is available already. It's much easier than F5, for example.

We didn't use a vendor for implementation. I just used standard documentation from their resources and it was enough to roll out this appliance in our infrastructure. It's very easy. I didn't request them, because the documents provided by their site was enough to roll out this product by ourselves without additional help.

Barracuda costs us $8,000 per year. Barracuda costs $20,000 for a full subscription, when you try to protect multi-site infrastructure, in different geographical zones and for different data centers. If you have only one site, Barracuda will be cheaper.

We chose Barracuda because in our case it was cheaper.

The biggest lesson I learned is that our site is attacked every day.

I would recommend Barracuda, but this recommendation is based on our particular case. For some cases this solution is good, but for some cases it's not. It's very hard to answer directly because of all the aspects that should be taken into account when you try to answer this question.

I would rate it as eight out of ten.

Our primary use case for this platform is to protect our web applications.

The product's advanced bot and threat protection capabilities are valuable.

There's potential for improvement in the platform's CMS integration.

I've been using Barracuda Web Application Firewall for five years now.

The platform has been quite stable, with minimal disruptions in our operations.

I would rate this solution a ten for scalability.

The customer service and support have been responsive and helpful whenever we've needed assistance.

The initial setup was straightforward.

We implemented the product with the help of a vendor.

The product pricing was competitive for the value it offers regarding security features. 

We evaluated other solutions like FortiWeb but chose this platform due to its comprehensive feature set and scalability options that suited our needs better.

The platform has been a reliable choice for securing our web applications. I recommend exploring their support and training offerings to maximize their effectiveness.

I rate it a seven out of ten.