Barracuda Web Application Firewall Reviews

Barracuda Web Application Firewall’s most valuable features are real-time threat detection and automatic security updates.

The platform's pricing needs improvement.

The technical support services are good.

Neutral

I have used Fortinet before. It has efficient AI capabilities compared to Barracuda.

The product has generated around 10% of return on investment.

The product is expensive. It is overpriced.

The product works effectively. However, it is complicated to understand and requires essential knowledge. It significantly improved our overall web security posture, addressing intrusions and enhancing control over web URLs in our environment. We can identify and block malicious URLs. With proper training, it is easy to manage templates and policies for this tool. They provide comprehensive documentation and training courses available for free on their website. It has good features for forensic analysis and reporting. It has a user-friendly interface and seamless integration with SQL.

I rate it a seven out of ten.

The product has fantastic support services. It provides complex solutions, including block mode and other default protection features.

We encountered a few glitches while implementing API security features into the product. Secondly, they could provide transparency for different types of protection parameters available. It will be beneficial if there is some visibility for the same. We faced some downtime issues the last two times due to Barracuda infrastructure. Thus, we are searching for alternate WAF solutions.

We have been using Barracuda Web Application Firewall for two years.

I rate the platform's stability a ten out of ten.

I rate the product's scalability nine out of ten. It is suitable for enterprise businesses.

The technical support services are fantastic. They share the knowledge transparently. This feature is more exceptional than that of other vendors.

Positive

The initial setup process is simple. We have deployed the product on the cloud.

I rate Barracuda Web Application Firewall a nine out of ten.

Our company uses the solution to provide customers with a proxy service that secures transcriptions as part of a seven-layer process. We currently provide this service to twenty customers. 

The solution ensures layer seven is secure from attacks. 

The scripting is good. 

Layer four could be more secure like layer seven to prevent HTTP and HTTPS attacks. 

There are issues when upgrading firewalls and we experience different issues across customers. The communication metrics, ports, traffic, source, destination, and service must be enabled to upgrade firmware but there is no documentation or article for opening the communication matrix to upgrade smoothly. 

STM crashes are a repeat issue and they wipe out appliances. Each time, we have to open a ticket with support and get Apache to fix the issue. It is unclear why appliances have issues or fail and need to be recovered with Apache. 

Firmware upgrades cause automatic configuration changes without providing notifications. Configurations such as ports should not be changed automatically because they negatively affect customers. One customer's configuration issue was within the third layer and took seven days to solve. Support mitigation and work describes policies created automatically after upgrading firewalls but we already created and want to retain our own policies. 

I have been using the solution for two years. 

The solution is stable but ongoing issues with appliance failures, system crashes, and upgrading firmware affect its smooth operation. 

I opened a support ticket for resolving issues when upgrading firewalls. Support could not get to the issue and did not inform me to check traffic on the firewall. It is important to determine what is plugged in when a parameter is trying to communicate outside to download and upgrade firmware to the latest version. The issue was ongoing for three months until I accidently detected it myself. 

Tickets are not solved in one day and sometimes I have to close tickets without any solution from support. Only tickets at the second or third escalation level receive support. 

The setup is straightforward and installation can be finished in one day. 

We implement the solution for customers. 

The solution is based on a licensing model and might be $360 for the hybrid version. 

We have to migrate to another vendor because the solution no longer supports issues with the stack hub. 

We are a partner with Barracuda so recommend the application firewall to our customers but we now have thirteen customers who use Azure stack hub and cannot receive support. We communicated this issue with Barracuda's Middle East management and they suggested using a container as a service. We tried this in our lab but had issues with the installation which we finally resolved. We have some concerns about data being exposed because it is in the cloud. Our customers are administrators and will not accept their data being exposed. 

We would rather work with Barracuda because we have experience with their application firewalls and that makes it easier to support customers. We will have to go to another vendor and take classes to become experts. 

I rate the solution a seven out of ten. 

They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor. 

I don't really like the product. They restricted the number of servers we can protect. They restrict how many servers you can protect based on appliance.

They also don't support additional ATP. Customers also want ATP. They want something extra apart from the basic security package. 

Their appliances are very cheap. The quality is not that good. Their appliances should be more robust. 

I have been using this solution for a year. 

The backend server capability is low. It's risky to put extra servers behind it because it may or may not protect it. The workload is not that high. 

It has worked fine until now. We have some projects that are overloaded. In the next phase, I will remove some servers and add one or two servers from our project team. 

I have not tested out the scalability. 

The software is running 24/7.

I am not satisfied with the support. It used to be better. 

You don't need help from Barracuda to help with the deployment. The deployment is easy. We deployed them all by ourselves. It took some research through the manuals and documentation to find the best way to deploy for your infrastructure. The research took two to three days and then it took another two to three days to install it. By 7-8 days we were ready to do a soft launch. We did the rest within a month. 

We only needed one team member to deploy it. I worked alongside him so that I could also understand it. 

There are costs in addition to the standard licensing. 

I would rate it a five out of ten. 

My advice would be to explore the market. There are many good players. If a solution is on the higher side, it could be a better investment. 

I use the solution in my company to protect our website.

The solution's most valuable feature is that it actually protects our website, and it provides all the required security functions.

When we have multiple applications in Barracuda, everything is not managed in a single place. For example, Suppose I have four applications and want to make a common change across them. In the aforementioned case, it is not supported at the moment, and I have to go to individual applications and make changes.

Suppose I have four applications in the product and want to make similar changes in all of them together. In the aforementioned case, it is not possible to do anything with Barracuda Web Application Firewall.

I have to go to an individual obligation, make changes, and come out, and go to the next obligation and make the same changes. There is no grouping option.

I have been using Barracuda Web Application Firewall for six months. I am an end-user of the tool.

It is a mostly stable tool. I rate the stability as a nine out of ten.

I rate the scalability as an eight out of ten.

The number of users depends on the public who are accessing our website. It all depends on the popularity, so I can't say the number here. Let us say that there are probably thousands of users.

The solution's technical support is good. There is a delay in the response time when it comes to the support part. I rate the technical support a seven out of ten.

Neutral

The product's initial setup phase is easy, but one needs some background knowledge. In terms of security products, one needs some background knowledge of the security practices. Nobody cannot configure the tool. Some certifications and technical knowledge is required to use the tool.

Depending on the person's knowledge of security, I can rate the setup phase as an eight on a one to ten scale, where ten means it is a very easy process.

The solution is deployed on the hybrid cloud.

The time required to deploy the solution depends on how many servers you want to set up in the hybrid environment. There are different components underneath it. There is no common time frame for the deployment. It all varies on a case-to-case basis, depending on how many deployments you are running in a hybrid environment and what services are offered to the user in the hybrid environment. We can't tell you the specific time for the deployment.

Cost is a bit on the higher side. Big companies can afford it.

The product offers protection against web exploitation. With code injection and SQL injection, everything is covered in the tool.

My company has around four applications on Barracuda Web Application Firewall. Everything has been working smoothly with the tool.

Speaking about AI-driven security measures, I would say that the solution has its own in-built machine learning techniques, so we are not using any other solution or AI solution, as it is all integrated with Barracuda Web Application Firewall itself.

Though it is a costly tool, it is a good product that is stable, secure and offers good protection.

I rate the tool an eight out of ten.

We use the solution to protect our internal applications from cybersecurity threats.

Parameter Protection is a valuable feature. Most of the features are quite useful. It is a helpful tool. It helped us with penetration testing.

We get false positives about phishing emails. The vendor must improve Barracuda Email Security Gateway.

I am using the solution currently.

The tool is quite stable. I have no issues with it. It depends on the fine-tuning of customized applications based on our requirements.

The solution is scalable.

The technical support is fantastic.

Positive

The initial setup was easy. However, we needed to do some fine-tuning in the applications. It was not difficult.

Overall, I rate the tool a ten out of ten.

One of the best aspects of the solution is the support provided. Their backend support is fantastic. I've found it's superior to other products, including Cisco. The way the support team treats its customers is great. They really walk you through everything and show you how easy it is to mend issues.

I find the solution to be easy to deploy. You don't need too much technical skill, so you don't need an expert level of understanding.

The reporting aspect of the solution needs improvement. I don't find that it's very good. They could do some work on it to make it much better. It's not that the reporting isn't secure. It's just that I would prefer to store my reports for an extended period of time. Right now, that's not possible and I'd prefer it if that could change. I also would say that the reports themselves are expensive.

I've been using the solution since 2009. It's been just over ten years now.

The stability of the solution is good. I don't think we've experienced bugs, crashes, or glitches.

Scalability with the solution is good. It just requires more licenses, like every other product. If you only apply for the environment, it's scalable with the licenses you have. If you're on the physical appliance, you just have to scale it up by pressing the appliance. It probably won't be just deployed on Azure, because we would need to add more licenses.

We've been adding to our system for a while ago, and we haven't run into any issues with continuing to scale.

The technical support offered by Barracuda is excellent. It's one of the greatest selling points of the solution, They are very supportive and help answer any questions we have.

I have previous experience using Cisco.

The solution doesn't require a user to be too technical. I would say the initial setup is very straightforward. The deployment is easy. It's not what I would call complex in any way.

Overall, I would say that I'm satisfied with the pricing. It's got a good range of pricing, and the cost matches the quality level you get out of the solution.

I used to be a customer before, however, now I am partners with Barracuda.

We use both on-premises and public cloud deployment models.

Overall, I'd give the solution a nine out of ten. I'd give it full marks, but it does have issues on the reporting side. The reports are a lot more expensive, even more so than the work itself. That's why I did not give it a 10.

That said, I would recommend Barracuda Firewalls to anybody, any day of the week. They're fantastic.

We use this as public cloud and a virtual appliance based on Azure Cloud.

It's very simple and predictable because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process.

I think the biggest value comes from the ability of Web Application Firewall to perform analysis of attacks that are registered by it, as well as its ability to analyze source code of those attacks and all traffic that is captured by Web Application Firewall. 

The basic functionality of the Web Application Firewall is pretty good. Therefore in comparison with CloudFlare, Barracuda has significant powerful instruments for analysis of main traffic of requests that we get on the application. If however, we try to compare Barracuda and F5, F5 is more powerful than Barracuda. In any case, it's very hard to make these comparisons, because one product has more powerful features from one point of view, while the other product is better from another point of view.

I can say that it's good only in comparison with some products. All products have approximately the same functionality, but some products are more powerful in certain aspects.

I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall.

Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area.

A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker.

The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.

If I remember correctly, when applying changes to a policy, the system tries to reward the current system. I didn't check if the site is available, but it seems that certain views could be unavailable during this process. Any changes or configurations submitted demand voiding. This can be a surprise because when you try only to save the configuration but don't commit it, you might think this doesn't take effect. If you don't want to commit this policy exactly at this time the appliance will still start to change it. This might be a quirk of this appliance.

I read that you can scale this system by building redundant schemes and using special appliances to manage certificates, but I didn't try it. Therefore, as a manager I don't know, because I didn't try to make a redundant scheme.

Only a few users at our company implement this, but all visitors to our site are affected by this implementation.

I didn't fight with them because all features and implementations that I tried didn't demand any help from technical support.

We actually switched to Barracuda because it's cheaper than F5. This might not be the case for others, because there are several solutions that are cloud based. It is a service of a service and in some cases this kind of product would be cheaper than Barracuda. It depends on the implementation scheme and business needs. In some cases, Barracuda is cheaper, in some cases Barracuda is more expensive. In our case it was cheaper.

The initial setup was very easy and straightforward. I don't remember how long deployment took, but it was very quick. If I remember, you just need to assign the address management interface and add additional IP addresses to other interfaces, enable them, etc. After that, your site is available already. It's much easier than F5, for example.

We didn't use a vendor for implementation. I just used standard documentation from their resources and it was enough to roll out this appliance in our infrastructure. It's very easy. I didn't request them, because the documents provided by their site was enough to roll out this product by ourselves without additional help.

Barracuda costs us $8,000 per year. Barracuda costs $20,000 for a full subscription, when you try to protect multi-site infrastructure, in different geographical zones and for different data centers. If you have only one site, Barracuda will be cheaper.

We chose Barracuda because in our case it was cheaper.

The biggest lesson I learned is that our site is attacked every day.

I would recommend Barracuda, but this recommendation is based on our particular case. For some cases this solution is good, but for some cases it's not. It's very hard to answer directly because of all the aspects that should be taken into account when you try to answer this question.

I would rate it as eight out of ten.