Barracuda Web Application Firewall Reviews

The most valuable features are the client VPN and content filtering.

This solution is simple to manage.

The interface and the dashboards are ok.

The incident reporting needs to be improved.

The local technical support in Poland is not very reliable.

I have been using the Barracuda Web Application Firewall for three years.

This solution is very stable. It is great.

I have only the single web application firewall running on-premises, so I cannot comment on scalability other than to say that I haven't had any problems.

We have 18 people who are being protected by this firewall and we do have plans to increase to approximately 100.

I have been in contact with technical support and while I feel that they are not very reliable here in Poland, they are good enough and I am satisfied with them. The escalation was okay and the troubleshooting was also okay.

The price of this solution is okay.

My advice to anybody who is implementing this solution is to find a good partner to assist with the implementation.

I would rate this solution an eight out of ten.

We use this as public cloud and a virtual appliance based on Azure Cloud.

It's very simple and predictable because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process.

I think the biggest value comes from the ability of Web Application Firewall to perform analysis of attacks that are registered by it, as well as its ability to analyze source code of those attacks and all traffic that is captured by Web Application Firewall. 

The basic functionality of the Web Application Firewall is pretty good. Therefore in comparison with CloudFlare, Barracuda has significant powerful instruments for analysis of main traffic of requests that we get on the application. If however, we try to compare Barracuda and F5, F5 is more powerful than Barracuda. In any case, it's very hard to make these comparisons, because one product has more powerful features from one point of view, while the other product is better from another point of view.

I can say that it's good only in comparison with some products. All products have approximately the same functionality, but some products are more powerful in certain aspects.

I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall.

Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area.

A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker.

The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.

If I remember correctly, when applying changes to a policy, the system tries to reward the current system. I didn't check if the site is available, but it seems that certain views could be unavailable during this process. Any changes or configurations submitted demand voiding. This can be a surprise because when you try only to save the configuration but don't commit it, you might think this doesn't take effect. If you don't want to commit this policy exactly at this time the appliance will still start to change it. This might be a quirk of this appliance.

I read that you can scale this system by building redundant schemes and using special appliances to manage certificates, but I didn't try it. Therefore, as a manager I don't know, because I didn't try to make a redundant scheme.

Only a few users at our company implement this, but all visitors to our site are affected by this implementation.

I didn't fight with them because all features and implementations that I tried didn't demand any help from technical support.

We actually switched to Barracuda because it's cheaper than F5. This might not be the case for others, because there are several solutions that are cloud based. It is a service of a service and in some cases this kind of product would be cheaper than Barracuda. It depends on the implementation scheme and business needs. In some cases, Barracuda is cheaper, in some cases Barracuda is more expensive. In our case it was cheaper.

The initial setup was very easy and straightforward. I don't remember how long deployment took, but it was very quick. If I remember, you just need to assign the address management interface and add additional IP addresses to other interfaces, enable them, etc. After that, your site is available already. It's much easier than F5, for example.

We didn't use a vendor for implementation. I just used standard documentation from their resources and it was enough to roll out this appliance in our infrastructure. It's very easy. I didn't request them, because the documents provided by their site was enough to roll out this product by ourselves without additional help.

Barracuda costs us $8,000 per year. Barracuda costs $20,000 for a full subscription, when you try to protect multi-site infrastructure, in different geographical zones and for different data centers. If you have only one site, Barracuda will be cheaper.

We chose Barracuda because in our case it was cheaper.

The biggest lesson I learned is that our site is attacked every day.

I would recommend Barracuda, but this recommendation is based on our particular case. For some cases this solution is good, but for some cases it's not. It's very hard to answer directly because of all the aspects that should be taken into account when you try to answer this question.

I would rate it as eight out of ten.

We use this solution as the firewall, the security, secure internet access, and protection from outside access.

The most valuable feature is the automatic content filtering.

The usability of the interface could be improved. 

The interface is not easy to use or to configure.

A feature that could be very powerful would be the capability to provide the monitoring of the security analogies, and proactive alerts in case of potential issues.  

The firewall protects and logs, but does not provide you with an analogy on that data. 

The availability and stability are very high.

We have one hundred employees within this company using this solution.

The appliance can grow only in the stack, but it's not an upgradable design, it is a closed appliance. 

It is unadjustable in performance, in growing or increasing.

The technical support is provided by the vendor. A ticket is opened with the vendor and they provide support.

We have direct contact via email and phone.

Because we have to repeat the issue more than once before we get support, I would rate them an eight out of ten.

Previously with a different vendor, we used many solutions. As a result, I have experience with many different solutions such as WatchGuard, Cisco, Cisco LEAP, Cisco Tools, SELFAS, and Fortinet.

The initial setup was both simple and complex. WatchGuard is easier to set up than Barracuda, but not as complex. It's something that works and you can start. 

The set up is a medium level of complexity, but if I had to choose between simple and hard, then I would say the initial set up is hard.

The implementation was anywhere from one to two days for the full implementation of all services.

It took one technician to deploy this solution. A couple of technicians for maintenance is required approximately four to five days a year.

I am an integrator and the implementation was done by myself with the help of my technicians and colleagues that are certified in different technologies.

Our licensing fees are paid annually and the cost is between €600 and €800 (approximately $665.00 to $885.00 USD).

It's a full-featured set and all of the capabilities are included.

I am not aware of any additional costs.

Before choosing Barracuda we evaluated WatchGuard.

One of my previous colleagues suggested this solution, they advised me of the company and the technologies.

I would recommend this solution.

I would rate this solution an eight out of ten.

I am a system integrator and this is one of the solutions that I implement for my customers.

The most valuable feature of this solution is the simplicity of configuration. 

This solution makes management easy.

I really like the firewall weblog that allows me to see what is being blocked, why, and how I can apply a fix.

I would like to see an improved capacity to store logs so that they will be available for a longer time. From my experience, and over time, I have noticed that Barracuda appliances do not store logs for a very long time. What this means is that people have to buy the Barracuda Reporting Server. This is quite expensive, at three or four times the price of the equipment. So, if users have only one or two appliances then it doesn't make sense for them to buy a Reporting Server. If they decide to export those logs from the Barracuda appliance to a SIEM then the format of the report gets lost because Barracuda has custom reports.  Where I used to work, our logs would last for about one week. However, where I am now, we do not have logs beyond one day.

This is a very stable appliance.

This physical appliance is not a solution that scales because once I use it at capacity, I have to buy a new one. The virtual appliance is scalable because if I am at capacity then I can increase my license to another plan.

For the WAF, capacity is not a function of the number of users. Rather, it is based on the servers that it is protecting. Two of my current clients and one hundred and fifty, and two hundred and fifty users, respectively.

Technical support for this solution is wonderful. It is not just for the firewall, but all of Barracuda has good support. I have been dealing with them since 2009, and in my experience, they attend to you. They take the time to explain things. Even if you want to consider something new, they will guide you on what to do.

Overall, I would rate their support very high.

The initial setup of this solution is very straightforward.

When I first set up this solution in 2009, it was for my company and I didn't require assistance from anybody. I later when for training, and am now an integrator. Today I set this solution up for other companies, and I can say that the initial setup has been straightforward all along.

Definitely, I would recommend Barracuda because of its simplicity. I know that they are now integrating the Web Application Firewall on Prime, in the cloud, as well.

The only thing that is a challenge for me is storage, which limits my reporting.

I would rate this solution a nine out of ten.

We primarily use this solution for firewalls.

The features are all fine. We just fixed some bugs from three months ago, and we're waiting now for a final review. They sent us some features to fix the issue.

The solution could use more reports.

I find the solution very stable.

Technical support has been good. Currently, we don't have any issues.

This is the first solution we are using.

The initial setup was very straightforward. We applied what we needed to use and added different features. Each time we need to use a different feature, we go through configuring it and including more features as necessary. 

I used my own team for the implementation. 

We did not evaluate other options before choosing this solution.

I manage and operate the device. We are working with the operation team each time applying manual updates, which is continuous. I'd like to see different information, to help handle issues in an easier way. 

I would rate the solution a 9 out of 10.

The primary use case is to protect from DDoS attacks and to protect my backend servers. That was the main concern for me. Barracuda has been very good. I'm very happy with the product.

Previously, attacks would make the systems go down and we couldn't connect with our customers and other things. We need our servers to be online 24-7 which is why I chose Barracuda. Now our servers are running smoothly and I have no problem running my servers.

The volumetric DDoS defense is very good because I had a problem with a lot of volumetric DDoS attacks on my servers. After using Barracuda, those attacks have stopped, all of the traffic is going smoothly to my servers and the system is working really well.

I would like to see better controlling of the traffic. 

The stability is very good. I would give it four and a half stars out of five.

The initial setup was straightforward. It was easy to deploy. It took six to seven hours of work a day to deploy every policy that I wanted. The initial setup went well, there weren't any issues with it. 

I would rate it a nine out of ten. The attacks that we used to get on servers are gone. My servers are now running 24-7 and I have no problems with them.

The updating and signature features are my primary use case for the solution. These features are beneficial to my organization.

I would like this solution to be more detective of the needs of the organization.

I encountered issues with the stability of the product.

I encountered issues with scalability.

I would rate the level of tech support a six out of ten. 

I would suggest that someone implementing this product is knowledgeable in the IT field and with the network needs. It is complex.

We use it for low balancing phase servers.

It allows us to scale out to multiple phase servers.

It is a great product. We are very pleased with it.

It works exactly by design. It works very well.

There are no stability issues.

There are no scalability issues.

Their technical support is great.

If you are a networking guy, the initial setup is straightforward. If you know nothing about networks, then you can't set it up.

They have competitive pricing.