Barracuda NextGen Firewall F80 review

A fine range of network security measures for the price, but tempered by a steep learning curve

Reviews
By ITPro
published

IT Pro Verdict

The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.

Pros

  • +

    Buckets of application rules; Good real-time monitoring;

Cons

  • -

    Dense, cluttered admin console; No anti-spam protection;

Barracuda's latest NextGen F-Series firewalls look like the perfect choice for small and medium-sized businesses that require the toughest network security, while sophisticated traffic shaping and quality-of-service (QoS) features put the focus firmly on optimising access to cloud-based apps.

The NextGen Firewall F80 on review has a claimed 500Mbits/sec IPS throughput that should be sufficient for the recommended 50-user limit. Moreover, the price includes one-year subscriptions to Barracuda's full web security, advanced threat protection, Energize Updates and instant replacement services.

The integral wireless access point (AP) is of the single-band 2.4GHz 802.11n variety, capable of presenting multiple virtual SSIDs. Anti-spam protection isn't available on this model - if you need this, look instead at the F180 and models above that.

However, Barracuda's Advanced Threat Detection (ATD) feature does combat the latest malware and zero-day exploits. It checks hashes of incoming files to confirm they're safe and, if any are unknown, it uses cloud-based sandbox technology to safely analyse them before they can pass through.

The device doesn't have a web interface and is managed individually through Barracuda's NG Admin portable client, or through the optional NG Control Center, which provides a single interface for multiple appliances.

The NG Admin wizard either creates a transparent bridge across the first two Gigabit ports for evaluation purposes, or sets it up in routing mode for production environments. Both modes only take a few seconds to configure - but take a deep breath, as it gets much harder from here on in.

The NG Admin console isn't very intuitive, and the sheer range of security features on offer makes some of them hard to find. Furthermore, each change requires the relevant configuration page to be unlocked for write access and subsequent modifications saved to the appliance and then activated.

The dashboard provides a complete status of all services and plenty of real-time activity graphs. Its Firewall tab shows the primary permitted and blocked applications, as well as URL categories and the latest threats. Courtesy of a vector chart, you can also see the geolocations from which they emanated.

The real-time views provide impressive levels of detail on traffic and apps, and PDF reports can be easily generated using the free NG Report Creator tool. We linked it to our appliance and scheduled regular reports to be emailed on topics such as the most frequently blocked apps and the latest detected threats.

Firewall rules comprise sources, destinations, services and action policies, in each of which we enabled application controls, URL filtering, SSL interception and ATD. For URL filtering, Barracuda provides around 100 categories.

We created a range of firewall objects with different sets of blocked categories, which we enforced using application rules, of which there are hundreds. Facebook alone has 12 options for controlling logins and allowing or denying access to chat, file transfer, video calls, posts and more.

For mobile users, the CudaLaunch app comes with the optional Remote Access subscription and provides an SSL VPN portal for iOS and Android, with quick links to favoured apps. Moreover, guest wireless users can be redirected to a custom web portal complete with an acceptable-use policy (AUP) agreement.

Antivirus settings are applied globally, through which we enabled both the Avira and ClamAV engines (they can also run separately). Global ATD policies are configured from here, and it was up to us whether Office documents, PDFs and ZIP archives were uploaded to the cloud and scanned first, or delivered first and then scanned.

The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.

This review originally appeared in PC Pro issue 259

Verdict

The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.

Desktop chassis

1.7GHz Intel Atom C2358

2GB RAM

4 x Gigabit Ethernet

802.11n wireless

30GB SSD

4 x USB 2

RJ45 serial

External PSU

NG Admin and Control Center management

274 x 162 x 44mm (WDH)

Options: appliance and all services/3yr, £2,274 exc VAT

ITPro
ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.