I see that cost can be a limitation for small businesses. Additionally, if they can provide more advanced features and customization for specific use cases, that would be beneficial. Apart from that, I do not feel there are any other problems. From our perspective, there is not an issue. All the data I have shared is in favor of Barracuda because the ROI they have given us is tremendous, and they are doing really well in terms of product, scalability, and service. We have seen that it is a great solution with no issues from our end.
One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy. Additionally, it could operate in a local data center. This limitation hinders its adoption in regions with strict data regulations.
My company had faced some downtime or an outage twice with Barracuda WAF-as-a-Service due to backend problems. The stability of the product is an area of concern where improvements are required. I don't know much about what additional features are required in the product's future releases since I think it has almost all users. One feature I want in the solution stems from the fact that there are almost 17 applications protected in our company with the help of Barracuda WAF-as-a-Service. If I need to block one IP address for all 17 applications together, it is not possible, and I need to block the IP address on each application separately, making it a time-consuming process. It would be great if the product allows users to block an IP address for all the applications in an environment in one go rather than having to block the IP address separately for each application.
Senior Information Security Engineer at a tech services company with 10,001+ employees
Real User
Mar 8, 2021
We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off. I would like to have a threat radar that is updated on their security database. I would like to see if their IP is getting updated and the data detection notifications are the same as in the server.
Learn what your peers think about Barracuda WAF-as-a-Service. Get advice and tips from experienced pros sharing their opinions. Updated: February 2026.
Barracuda WAF-as-a-Service is a comprehensive solution designed to provide application security, DDoS protection, SSL authentication, protocol support, and application delivery. It is a plug-and-play solution with automated policies, simple configuration, and easy rule creation.
The solution can be used for threat prevention or as a cloud-to-cloud backup system based on email protection with cloud security. It is also a web application firewall and covers major protection and threat...
I see that cost can be a limitation for small businesses. Additionally, if they can provide more advanced features and customization for specific use cases, that would be beneficial. Apart from that, I do not feel there are any other problems. From our perspective, there is not an issue. All the data I have shared is in favor of Barracuda because the ROI they have given us is tremendous, and they are doing really well in terms of product, scalability, and service. We have seen that it is a great solution with no issues from our end.
One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy. Additionally, it could operate in a local data center. This limitation hinders its adoption in regions with strict data regulations.
My company had faced some downtime or an outage twice with Barracuda WAF-as-a-Service due to backend problems. The stability of the product is an area of concern where improvements are required. I don't know much about what additional features are required in the product's future releases since I think it has almost all users. One feature I want in the solution stems from the fact that there are almost 17 applications protected in our company with the help of Barracuda WAF-as-a-Service. If I need to block one IP address for all 17 applications together, it is not possible, and I need to block the IP address on each application separately, making it a time-consuming process. It would be great if the product allows users to block an IP address for all the applications in an environment in one go rather than having to block the IP address separately for each application.
The solution can improve by bundling Security Operation Center (SOC) with the WAF-as-a-Service, it would provide a lot more value to customers.
We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off. I would like to have a threat radar that is updated on their security database. I would like to see if their IP is getting updated and the data detection notifications are the same as in the server.