A fine range of network security measures for the price, but tempered by a steep learning curve
Barracuda’s latest NextGen F-Series firewalls look like the perfect choice for small and medium-sized businesses that require the toughest network security, while sophisticated traffic shaping and quality-of-service (QoS) features put the focus firmly on optimising access to cloud-based apps.
The NextGen Firewall F8o on review’ has a claimed 500Mbits/sec IPS throughput that should be sufficient for the recommended 50-user limit. Moreover, the price includes one-year subscriptions to Barracuda’s full web security, advanced threat protection. Energize Updates and instant replacement services.
The integral wireless access point (AP) is of the single-band 2.4GHz 802. nn variety, capable of presenting multiple virtual SSIDs. Anti-spam protection isn’t available on this model – if you need this, look instead at the F180 and models above that.
However, Barracuda’s Advanced Threat Detection (ATD) feature does combat the latest malware and zero-day exploits. It checks hashes of incoming files to confirm they’re safe and, if any are unknowm. it uses cloud-based sandbox technology to safely analyse them before they can pass through.
The device doesn’t have a web interface and is managed individually through Barracuda’s NG Admin portable client, or through the optional NG Control Center, which provides a single interface for multiple appliances.
The NG Admin wizard either creates a transparent bridge across the first two Gigabit ports for evaluation purposes, or sets it up in routing mode for production environments. Both modes only take a few’ seconds to configure – but take a deep breath, as it gets much harder from here on in.
The Firewall tab shows the primary permitted and blocked applications, as well as URL categories and the latest threats
The NG Admin console isn’t very intuitive, and the sheer range of security features on offer makes some of them hard to find. Furthermore, each change requires the relevant configuration page to be unlocked for w rite access and subsequent modifications saved to the appliance and then activated.
The dashboard provides a complete status of all services and plenty of real-time activity graphs.
Its Firewall tab shows the primary permitted and blocked applications, as well as URL categories and the latest threats. Courtesy of a vector chart, you can also see the geolocations from which they emanated.
The real-time view’s provide impressive levels of detail on traffic and apps. and PDF reports can be easily generated using the free NG Report Creator tool. We linked it to our appliance and scheduled regular reports to be emailed on topics such as the most frequently blocked apps and the latest detected threats.
Firewall rules comprise sources, destinations, services and action policies, in each of which we enabled application controls, URL filtering, SSL interception and ATD. For URL filtering. Barracuda provides around 100 categories. We created a range of firewall objects with different sets of blocked categories, which we enforced using application rules, of which there are hundreds. Facebook alone has 12 options for controlling logins and allowing or denying access to chat, file transfer, video calls, posts and more.
For mobile users, the CudaLaunch app comes with the optional Remote Access subscription and provides an SSL VPN portal for iOS and Android, with quick links to favoured apps. Moreover, guest wireless users can be redirected to a custom web portal complete with an acceptable-use policy (AUP) agreement.
Antivirus settings are applied globally, through which were enabled both the Avira and ClamAV engines (they can also run separately). Global ATD policies are configured from here, and it w’as up to us whether Office documents, PDFs and ZIP archives were uploaded to the cloud and scanned first, or delivered first and then scanned.
The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware. as w-ell as a remarkable level of control over web apps.
SPECIFICATIONS
Desktop chassis • 1.7GHz Intel Atom C2358 • 2GB RAM • 4 x Gigabit Ethernet • 802.11n wireless • 30GB SSD • 4 x USB 2 • R J45 serial • external PSU • NG Admin and Control Center management • 274 x 162 x 44mm (WDH)