Barracuda NextGen Firewall F80 review

A fine range of network security measures for the price, but tempered by a steep learning curve

  • Buckets of application rules; Good real-time monitoring;
  • Dense, cluttered admin console; No anti-spam protection;

Barracuda's latest NextGen F-Series firewalls look like the perfect choice for small and medium-sized businesses that require the toughest network security, while sophisticated traffic shaping and quality-of-service (QoS) features put the focus firmly on optimising access to cloud-based apps.

The NextGen Firewall F80 on review has a claimed 500Mbits/sec IPS throughput that should be sufficient for the recommended 50-user limit. Moreover, the price includes one-year subscriptions to Barracuda's full web security, advanced threat protection, Energize Updates and instant replacement services.

The integral wireless access point (AP) is of the single-band 2.4GHz 802.11n variety, capable of presenting multiple virtual SSIDs. Anti-spam protection isn't available on this model - if you need this, look instead at the F180 and models above that.

However, Barracuda's Advanced Threat Detection (ATD) feature does combat the latest malware and zero-day exploits. It checks hashes of incoming files to confirm they're safe and, if any are unknown, it uses cloud-based sandbox technology to safely analyse them before they can pass through.

The device doesn't have a web interface and is managed individually through Barracuda's NG Admin portable client, or through the optional NG Control Center, which provides a single interface for multiple appliances.

The NG Admin wizard either creates a transparent bridge across the first two Gigabit ports for evaluation purposes, or sets it up in routing mode for production environments. Both modes only take a few seconds to configure - but take a deep breath, as it gets much harder from here on in.

The NG Admin console isn't very intuitive, and the sheer range of security features on offer makes some of them hard to find. Furthermore, each change requires the relevant configuration page to be unlocked for write access and subsequent modifications saved to the appliance and then activated.

The dashboard provides a complete status of all services and plenty of real-time activity graphs. Its Firewall tab shows the primary permitted and blocked applications, as well as URL categories and the latest threats. Courtesy of a vector chart, you can also see the geolocations from which they emanated.

The real-time views provide impressive levels of detail on traffic and apps, and PDF reports can be easily generated using the free NG Report Creator tool. We linked it to our appliance and scheduled regular reports to be emailed on topics such as the most frequently blocked apps and the latest detected threats.

Firewall rules comprise sources, destinations, services and action policies, in each of which we enabled application controls, URL filtering, SSL interception and ATD. For URL filtering, Barracuda provides around 100 categories.

We created a range of firewall objects with different sets of blocked categories, which we enforced using application rules, of which there are hundreds. Facebook alone has 12 options for controlling logins and allowing or denying access to chat, file transfer, video calls, posts and more.

For mobile users, the CudaLaunch app comes with the optional Remote Access subscription and provides an SSL VPN portal for iOS and Android, with quick links to favoured apps. Moreover, guest wireless users can be redirected to a custom web portal complete with an acceptable-use policy (AUP) agreement.

Antivirus settings are applied globally, through which we enabled both the Avira and ClamAV engines (they can also run separately). Global ATD policies are configured from here, and it was up to us whether Office documents, PDFs and ZIP archives were uploaded to the cloud and scanned first, or delivered first and then scanned.

The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.

This review originally appeared in PC Pro issue 259


The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.

Desktop chassis

1.7GHz Intel Atom C2358


4 x Gigabit Ethernet

802.11n wireless


4 x USB 2

RJ45 serial

External PSU

NG Admin and Control Center management

274 x 162 x 44mm (WDH)

Options: appliance and all services/3yr, £2,274 exc VAT

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Most Popular

Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022