Barracuda Web Application Firewall Reviews

Our primary use case of this solution is protection of applications. If you have applications, for instance, in Azure, and you want to protect them, you can use Barracuda Web Application Firewall, and you have any input data available. This is one of the best use cases. 

For this solution, we have both cloud-based and VM for Azure. 

Some of the most valuable features are the ease of deployment, the Barracuda support, the easy-to-use console, and the granularity of the reports. 

Barracuda Web Application Firewall's load balancing feature could be improved.

I have been using Barracuda Web Application Firewall for four years. 

In our organization, there are around 1,200 to 1,800 users of this solution. 

I would rate Barracuda's technical support a nine and a half out of ten. The technical support is very good. 

The installation is straightforward. There are no hidden challenges or anything. Anybody can do it with the installation guide. 

One engineer is more than enough to handle maintenance. 

We implemented this solution through an in-house team. 

They only offer a yearly licensing plan. 

There are dedicated web application firewalls like Imperva that allow for enterprise level firewall web apps. The main competitors are FortiWeb and Cloudflare. 

I rate Barracuda Web Application Firewall an eight out of ten. Everything—support, efficiency, the tax rate—comes into the picture. I would recommend this solution to others who want to start using it. 

Barracuda Web Application Firewall’s most valuable features are real-time threat detection and automatic security updates.

The platform's pricing needs improvement.

The technical support services are good.

Neutral

I have used Fortinet before. It has efficient AI capabilities compared to Barracuda.

The product has generated around 10% of return on investment.

The product is expensive. It is overpriced.

The product works effectively. However, it is complicated to understand and requires essential knowledge. It significantly improved our overall web security posture, addressing intrusions and enhancing control over web URLs in our environment. We can identify and block malicious URLs. With proper training, it is easy to manage templates and policies for this tool. They provide comprehensive documentation and training courses available for free on their website. It has good features for forensic analysis and reporting. It has a user-friendly interface and seamless integration with SQL.

I rate it a seven out of ten.

I'm using Barracuda as a web application firewall for any application. It is too smart and user-friendly, making it easy to restrict applications and utilize many features.

It is very easy to restrict applications and utilize many features and ensures that it's not complicated to work with.

The most helpful feature is rate limiting, which acts as a security layer against DDoS attacks. Additionally, data leak prevention is very important and ensures protection against attacks.

I faced an issue when Barracuda decided not to support Azure Stack Hub anymore, which was a significant issue as we had many customers using it on that platform. Due to this decision, we had to replace Barracuda with another vendor, which was regrettable.

I have been working with Barracuda Application Firewall for more than four years.

When the SDM crashed, we experienced instability, yet support usually acted quickly and was very helpful, ensuring stability for customers.

Scalability is strong, rated eight to nine. The solution is capable of meeting scalability requirements efficiently.

Technical support may be rated as eight or nine out of ten. The support is very helpful and responsive.

Positive

Due to the decision by Barracuda not to support Azure Stack Hub, we replaced Barracuda WAF with another vendor for more than ten customers.

The setup process is too simple.

On a scale, pricing is nine out of ten. It's a reasonable price for this product.

There is no comparison, as Barracuda is too smart. Compared to FortiWeb, Barracuda is much better.

I would rate Barracuda Web Application Firewall at nine out of ten overall. I can recommend it to other users. Barracuda is one of the remarkable vendors in web security and is too smart.

They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor. 

I don't really like the product. They restricted the number of servers we can protect. They restrict how many servers you can protect based on appliance.

They also don't support additional ATP. Customers also want ATP. They want something extra apart from the basic security package. 

Their appliances are very cheap. The quality is not that good. Their appliances should be more robust. 

I have been using this solution for a year. 

The backend server capability is low. It's risky to put extra servers behind it because it may or may not protect it. The workload is not that high. 

It has worked fine until now. We have some projects that are overloaded. In the next phase, I will remove some servers and add one or two servers from our project team. 

I have not tested out the scalability. 

The software is running 24/7.

I am not satisfied with the support. It used to be better. 

You don't need help from Barracuda to help with the deployment. The deployment is easy. We deployed them all by ourselves. It took some research through the manuals and documentation to find the best way to deploy for your infrastructure. The research took two to three days and then it took another two to three days to install it. By 7-8 days we were ready to do a soft launch. We did the rest within a month. 

We only needed one team member to deploy it. I worked alongside him so that I could also understand it. 

There are costs in addition to the standard licensing. 

I would rate it a five out of ten. 

My advice would be to explore the market. There are many good players. If a solution is on the higher side, it could be a better investment. 

I use the solution in my company to protect our website.

The solution's most valuable feature is that it actually protects our website, and it provides all the required security functions.

When we have multiple applications in Barracuda, everything is not managed in a single place. For example, Suppose I have four applications and want to make a common change across them. In the aforementioned case, it is not supported at the moment, and I have to go to individual applications and make changes.

Suppose I have four applications in the product and want to make similar changes in all of them together. In the aforementioned case, it is not possible to do anything with Barracuda Web Application Firewall.

I have to go to an individual obligation, make changes, and come out, and go to the next obligation and make the same changes. There is no grouping option.

I have been using Barracuda Web Application Firewall for six months. I am an end-user of the tool.

It is a mostly stable tool. I rate the stability as a nine out of ten.

I rate the scalability as an eight out of ten.

The number of users depends on the public who are accessing our website. It all depends on the popularity, so I can't say the number here. Let us say that there are probably thousands of users.

The solution's technical support is good. There is a delay in the response time when it comes to the support part. I rate the technical support a seven out of ten.

Neutral

The product's initial setup phase is easy, but one needs some background knowledge. In terms of security products, one needs some background knowledge of the security practices. Nobody cannot configure the tool. Some certifications and technical knowledge is required to use the tool.

Depending on the person's knowledge of security, I can rate the setup phase as an eight on a one to ten scale, where ten means it is a very easy process.

The solution is deployed on the hybrid cloud.

The time required to deploy the solution depends on how many servers you want to set up in the hybrid environment. There are different components underneath it. There is no common time frame for the deployment. It all varies on a case-to-case basis, depending on how many deployments you are running in a hybrid environment and what services are offered to the user in the hybrid environment. We can't tell you the specific time for the deployment.

Cost is a bit on the higher side. Big companies can afford it.

The product offers protection against web exploitation. With code injection and SQL injection, everything is covered in the tool.

My company has around four applications on Barracuda Web Application Firewall. Everything has been working smoothly with the tool.

Speaking about AI-driven security measures, I would say that the solution has its own in-built machine learning techniques, so we are not using any other solution or AI solution, as it is all integrated with Barracuda Web Application Firewall itself.

Though it is a costly tool, it is a good product that is stable, secure and offers good protection.

I rate the tool an eight out of ten.

One of the best aspects of the solution is the support provided. Their backend support is fantastic. I've found it's superior to other products, including Cisco. The way the support team treats its customers is great. They really walk you through everything and show you how easy it is to mend issues.

I find the solution to be easy to deploy. You don't need too much technical skill, so you don't need an expert level of understanding.

The reporting aspect of the solution needs improvement. I don't find that it's very good. They could do some work on it to make it much better. It's not that the reporting isn't secure. It's just that I would prefer to store my reports for an extended period of time. Right now, that's not possible and I'd prefer it if that could change. I also would say that the reports themselves are expensive.

I've been using the solution since 2009. It's been just over ten years now.

The stability of the solution is good. I don't think we've experienced bugs, crashes, or glitches.

Scalability with the solution is good. It just requires more licenses, like every other product. If you only apply for the environment, it's scalable with the licenses you have. If you're on the physical appliance, you just have to scale it up by pressing the appliance. It probably won't be just deployed on Azure, because we would need to add more licenses.

We've been adding to our system for a while ago, and we haven't run into any issues with continuing to scale.

The technical support offered by Barracuda is excellent. It's one of the greatest selling points of the solution, They are very supportive and help answer any questions we have.

I have previous experience using Cisco.

The solution doesn't require a user to be too technical. I would say the initial setup is very straightforward. The deployment is easy. It's not what I would call complex in any way.

Overall, I would say that I'm satisfied with the pricing. It's got a good range of pricing, and the cost matches the quality level you get out of the solution.

I used to be a customer before, however, now I am partners with Barracuda.

We use both on-premises and public cloud deployment models.

Overall, I'd give the solution a nine out of ten. I'd give it full marks, but it does have issues on the reporting side. The reports are a lot more expensive, even more so than the work itself. That's why I did not give it a 10.

That said, I would recommend Barracuda Firewalls to anybody, any day of the week. They're fantastic.

We use this as public cloud and a virtual appliance based on Azure Cloud.

It's very simple and predictable because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process.

I think the biggest value comes from the ability of Web Application Firewall to perform analysis of attacks that are registered by it, as well as its ability to analyze source code of those attacks and all traffic that is captured by Web Application Firewall. 

The basic functionality of the Web Application Firewall is pretty good. Therefore in comparison with CloudFlare, Barracuda has significant powerful instruments for analysis of main traffic of requests that we get on the application. If however, we try to compare Barracuda and F5, F5 is more powerful than Barracuda. In any case, it's very hard to make these comparisons, because one product has more powerful features from one point of view, while the other product is better from another point of view.

I can say that it's good only in comparison with some products. All products have approximately the same functionality, but some products are more powerful in certain aspects.

I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall.

Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area.

A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker.

The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.

If I remember correctly, when applying changes to a policy, the system tries to reward the current system. I didn't check if the site is available, but it seems that certain views could be unavailable during this process. Any changes or configurations submitted demand voiding. This can be a surprise because when you try only to save the configuration but don't commit it, you might think this doesn't take effect. If you don't want to commit this policy exactly at this time the appliance will still start to change it. This might be a quirk of this appliance.

I read that you can scale this system by building redundant schemes and using special appliances to manage certificates, but I didn't try it. Therefore, as a manager I don't know, because I didn't try to make a redundant scheme.

Only a few users at our company implement this, but all visitors to our site are affected by this implementation.

I didn't fight with them because all features and implementations that I tried didn't demand any help from technical support.

We actually switched to Barracuda because it's cheaper than F5. This might not be the case for others, because there are several solutions that are cloud based. It is a service of a service and in some cases this kind of product would be cheaper than Barracuda. It depends on the implementation scheme and business needs. In some cases, Barracuda is cheaper, in some cases Barracuda is more expensive. In our case it was cheaper.

The initial setup was very easy and straightforward. I don't remember how long deployment took, but it was very quick. If I remember, you just need to assign the address management interface and add additional IP addresses to other interfaces, enable them, etc. After that, your site is available already. It's much easier than F5, for example.

We didn't use a vendor for implementation. I just used standard documentation from their resources and it was enough to roll out this appliance in our infrastructure. It's very easy. I didn't request them, because the documents provided by their site was enough to roll out this product by ourselves without additional help.

Barracuda costs us $8,000 per year. Barracuda costs $20,000 for a full subscription, when you try to protect multi-site infrastructure, in different geographical zones and for different data centers. If you have only one site, Barracuda will be cheaper.

We chose Barracuda because in our case it was cheaper.

The biggest lesson I learned is that our site is attacked every day.

I would recommend Barracuda, but this recommendation is based on our particular case. For some cases this solution is good, but for some cases it's not. It's very hard to answer directly because of all the aspects that should be taken into account when you try to answer this question.

I would rate it as eight out of ten.

I am a system integrator and this is one of the solutions that I implement for my customers.

The most valuable feature of this solution is the simplicity of configuration. 

This solution makes management easy.

I really like the firewall weblog that allows me to see what is being blocked, why, and how I can apply a fix.

I would like to see an improved capacity to store logs so that they will be available for a longer time. From my experience, and over time, I have noticed that Barracuda appliances do not store logs for a very long time. What this means is that people have to buy the Barracuda Reporting Server. This is quite expensive, at three or four times the price of the equipment. So, if users have only one or two appliances then it doesn't make sense for them to buy a Reporting Server. If they decide to export those logs from the Barracuda appliance to a SIEM then the format of the report gets lost because Barracuda has custom reports.  Where I used to work, our logs would last for about one week. However, where I am now, we do not have logs beyond one day.

This is a very stable appliance.

This physical appliance is not a solution that scales because once I use it at capacity, I have to buy a new one. The virtual appliance is scalable because if I am at capacity then I can increase my license to another plan.

For the WAF, capacity is not a function of the number of users. Rather, it is based on the servers that it is protecting. Two of my current clients and one hundred and fifty, and two hundred and fifty users, respectively.

Technical support for this solution is wonderful. It is not just for the firewall, but all of Barracuda has good support. I have been dealing with them since 2009, and in my experience, they attend to you. They take the time to explain things. Even if you want to consider something new, they will guide you on what to do.

Overall, I would rate their support very high.

The initial setup of this solution is very straightforward.

When I first set up this solution in 2009, it was for my company and I didn't require assistance from anybody. I later when for training, and am now an integrator. Today I set this solution up for other companies, and I can say that the initial setup has been straightforward all along.

Definitely, I would recommend Barracuda because of its simplicity. I know that they are now integrating the Web Application Firewall on Prime, in the cloud, as well.

The only thing that is a challenge for me is storage, which limits my reporting.

I would rate this solution a nine out of ten.