Barracuda Web Application Firewall Reviews

We use this solution as the firewall, the security, secure internet access, and protection from outside access.

The most valuable feature is the automatic content filtering.

The usability of the interface could be improved. 

The interface is not easy to use or to configure.

A feature that could be very powerful would be the capability to provide the monitoring of the security analogies, and proactive alerts in case of potential issues.  

The firewall protects and logs, but does not provide you with an analogy on that data. 

The availability and stability are very high.

We have one hundred employees within this company using this solution.

The appliance can grow only in the stack, but it's not an upgradable design, it is a closed appliance. 

It is unadjustable in performance, in growing or increasing.

The technical support is provided by the vendor. A ticket is opened with the vendor and they provide support.

We have direct contact via email and phone.

Because we have to repeat the issue more than once before we get support, I would rate them an eight out of ten.

Previously with a different vendor, we used many solutions. As a result, I have experience with many different solutions such as WatchGuard, Cisco, Cisco LEAP, Cisco Tools, SELFAS, and Fortinet.

The initial setup was both simple and complex. WatchGuard is easier to set up than Barracuda, but not as complex. It's something that works and you can start. 

The set up is a medium level of complexity, but if I had to choose between simple and hard, then I would say the initial set up is hard.

The implementation was anywhere from one to two days for the full implementation of all services.

It took one technician to deploy this solution. A couple of technicians for maintenance is required approximately four to five days a year.

I am an integrator and the implementation was done by myself with the help of my technicians and colleagues that are certified in different technologies.

Our licensing fees are paid annually and the cost is between €600 and €800 (approximately $665.00 to $885.00 USD).

It's a full-featured set and all of the capabilities are included.

I am not aware of any additional costs.

Before choosing Barracuda we evaluated WatchGuard.

One of my previous colleagues suggested this solution, they advised me of the company and the technologies.

I would recommend this solution.

I would rate this solution an eight out of ten.

I use Barracuda Web Application Firewall mainly for web application protection. I have worked with Barracuda for six years, focusing on this specific product, which aligns with my company's and clients' security needs.

The most valuable features of Barracuda Web Application Firewall include advanced bot protection, DDoS protection, and addressing the top ten vulnerabilities. The solution provides robust support, which I particularly appreciate for its ability to address my inquiries and technical challenges effectively.

There are false positives that I am receiving when compared to other WAFs. The issues with false positives affect client transactions, leading to complaints about blocked transactions. Barracuda needs to improve its API security to address my evolving needs.

I have used the Barracuda solution for six years.

I face stability issues due to false positives. These result in clients complaining about blocked transactions on a daily basis. If these were reduced, Barracuda's stability would greatly improve.

The customer service and support from Barracuda have been excellent. I have a very supportive team that addresses my concerns. I have premium support as well.

Neutral

Before Barracuda Web Application Firewall, I did not work with any other vendors or products.

The initial setup of Barracuda Web Application Firewall is straightforward and does not take more than half an hour. The installation is very easy.

My team manages the setup and requires one person for installation and three people for ongoing maintenance.

The pricing for Barracuda is quite high compared to other OEMs. Each transaction requires my purchase team to negotiate with Barracuda. Software licenses, premium support, and advanced bot protection all have different costs.

I would rate the overall solution as a seven out of ten, primarily due to issues with false positives. 

I recommend Barracuda because of the strong support team I have.

They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor. 

I don't really like the product. They restricted the number of servers we can protect. They restrict how many servers you can protect based on appliance.

They also don't support additional ATP. Customers also want ATP. They want something extra apart from the basic security package. 

Their appliances are very cheap. The quality is not that good. Their appliances should be more robust. 

I have been using this solution for a year. 

The backend server capability is low. It's risky to put extra servers behind it because it may or may not protect it. The workload is not that high. 

It has worked fine until now. We have some projects that are overloaded. In the next phase, I will remove some servers and add one or two servers from our project team. 

I have not tested out the scalability. 

The software is running 24/7.

I am not satisfied with the support. It used to be better. 

You don't need help from Barracuda to help with the deployment. The deployment is easy. We deployed them all by ourselves. It took some research through the manuals and documentation to find the best way to deploy for your infrastructure. The research took two to three days and then it took another two to three days to install it. By 7-8 days we were ready to do a soft launch. We did the rest within a month. 

We only needed one team member to deploy it. I worked alongside him so that I could also understand it. 

There are costs in addition to the standard licensing. 

I would rate it a five out of ten. 

My advice would be to explore the market. There are many good players. If a solution is on the higher side, it could be a better investment. 

We use this as public cloud and a virtual appliance based on Azure Cloud.

It's very simple and predictable because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process.

I think the biggest value comes from the ability of Web Application Firewall to perform analysis of attacks that are registered by it, as well as its ability to analyze source code of those attacks and all traffic that is captured by Web Application Firewall. 

The basic functionality of the Web Application Firewall is pretty good. Therefore in comparison with CloudFlare, Barracuda has significant powerful instruments for analysis of main traffic of requests that we get on the application. If however, we try to compare Barracuda and F5, F5 is more powerful than Barracuda. In any case, it's very hard to make these comparisons, because one product has more powerful features from one point of view, while the other product is better from another point of view.

I can say that it's good only in comparison with some products. All products have approximately the same functionality, but some products are more powerful in certain aspects.

I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall.

Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area.

A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker.

The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.

If I remember correctly, when applying changes to a policy, the system tries to reward the current system. I didn't check if the site is available, but it seems that certain views could be unavailable during this process. Any changes or configurations submitted demand voiding. This can be a surprise because when you try only to save the configuration but don't commit it, you might think this doesn't take effect. If you don't want to commit this policy exactly at this time the appliance will still start to change it. This might be a quirk of this appliance.

I read that you can scale this system by building redundant schemes and using special appliances to manage certificates, but I didn't try it. Therefore, as a manager I don't know, because I didn't try to make a redundant scheme.

Only a few users at our company implement this, but all visitors to our site are affected by this implementation.

I didn't fight with them because all features and implementations that I tried didn't demand any help from technical support.

We actually switched to Barracuda because it's cheaper than F5. This might not be the case for others, because there are several solutions that are cloud based. It is a service of a service and in some cases this kind of product would be cheaper than Barracuda. It depends on the implementation scheme and business needs. In some cases, Barracuda is cheaper, in some cases Barracuda is more expensive. In our case it was cheaper.

The initial setup was very easy and straightforward. I don't remember how long deployment took, but it was very quick. If I remember, you just need to assign the address management interface and add additional IP addresses to other interfaces, enable them, etc. After that, your site is available already. It's much easier than F5, for example.

We didn't use a vendor for implementation. I just used standard documentation from their resources and it was enough to roll out this appliance in our infrastructure. It's very easy. I didn't request them, because the documents provided by their site was enough to roll out this product by ourselves without additional help.

Barracuda costs us $8,000 per year. Barracuda costs $20,000 for a full subscription, when you try to protect multi-site infrastructure, in different geographical zones and for different data centers. If you have only one site, Barracuda will be cheaper.

We chose Barracuda because in our case it was cheaper.

The biggest lesson I learned is that our site is attacked every day.

I would recommend Barracuda, but this recommendation is based on our particular case. For some cases this solution is good, but for some cases it's not. It's very hard to answer directly because of all the aspects that should be taken into account when you try to answer this question.

I would rate it as eight out of ten.

I'm using Barracuda as a web application firewall for any application. It is too smart and user-friendly, making it easy to restrict applications and utilize many features.

It is very easy to restrict applications and utilize many features and ensures that it's not complicated to work with.

The most helpful feature is rate limiting, which acts as a security layer against DDoS attacks. Additionally, data leak prevention is very important and ensures protection against attacks.

I faced an issue when Barracuda decided not to support Azure Stack Hub anymore, which was a significant issue as we had many customers using it on that platform. Due to this decision, we had to replace Barracuda with another vendor, which was regrettable.

I have been working with Barracuda Application Firewall for more than four years.

When the SDM crashed, we experienced instability, yet support usually acted quickly and was very helpful, ensuring stability for customers.

Scalability is strong, rated eight to nine. The solution is capable of meeting scalability requirements efficiently.

Technical support may be rated as eight or nine out of ten. The support is very helpful and responsive.

Positive

Due to the decision by Barracuda not to support Azure Stack Hub, we replaced Barracuda WAF with another vendor for more than ten customers.

The setup process is too simple.

On a scale, pricing is nine out of ten. It's a reasonable price for this product.

There is no comparison, as Barracuda is too smart. Compared to FortiWeb, Barracuda is much better.

I would rate Barracuda Web Application Firewall at nine out of ten overall. I can recommend it to other users. Barracuda is one of the remarkable vendors in web security and is too smart.

I use the solution in my company to protect our website.

The solution's most valuable feature is that it actually protects our website, and it provides all the required security functions.

When we have multiple applications in Barracuda, everything is not managed in a single place. For example, Suppose I have four applications and want to make a common change across them. In the aforementioned case, it is not supported at the moment, and I have to go to individual applications and make changes.

Suppose I have four applications in the product and want to make similar changes in all of them together. In the aforementioned case, it is not possible to do anything with Barracuda Web Application Firewall.

I have to go to an individual obligation, make changes, and come out, and go to the next obligation and make the same changes. There is no grouping option.

I have been using Barracuda Web Application Firewall for six months. I am an end-user of the tool.

It is a mostly stable tool. I rate the stability as a nine out of ten.

I rate the scalability as an eight out of ten.

The number of users depends on the public who are accessing our website. It all depends on the popularity, so I can't say the number here. Let us say that there are probably thousands of users.

The solution's technical support is good. There is a delay in the response time when it comes to the support part. I rate the technical support a seven out of ten.

Neutral

The product's initial setup phase is easy, but one needs some background knowledge. In terms of security products, one needs some background knowledge of the security practices. Nobody cannot configure the tool. Some certifications and technical knowledge is required to use the tool.

Depending on the person's knowledge of security, I can rate the setup phase as an eight on a one to ten scale, where ten means it is a very easy process.

The solution is deployed on the hybrid cloud.

The time required to deploy the solution depends on how many servers you want to set up in the hybrid environment. There are different components underneath it. There is no common time frame for the deployment. It all varies on a case-to-case basis, depending on how many deployments you are running in a hybrid environment and what services are offered to the user in the hybrid environment. We can't tell you the specific time for the deployment.

Cost is a bit on the higher side. Big companies can afford it.

The product offers protection against web exploitation. With code injection and SQL injection, everything is covered in the tool.

My company has around four applications on Barracuda Web Application Firewall. Everything has been working smoothly with the tool.

Speaking about AI-driven security measures, I would say that the solution has its own in-built machine learning techniques, so we are not using any other solution or AI solution, as it is all integrated with Barracuda Web Application Firewall itself.

Though it is a costly tool, it is a good product that is stable, secure and offers good protection.

I rate the tool an eight out of ten.

Our primary use case is for web applications utilizing it primarily for DDoS and cross-site script protection.

Our organization has improved because it has created a new layer of security analytics. Typically we used to do study code analysis, but then by adding that capability we now have dynamic analysis, which is very difficult to attain unless you have a technology. So now we have not only the visibility on any denial of service attacks, but we also have the ability to defend it.

The most valuable feature is the rule set, the ability to specify IP addresses that are excluded. Having the ability therefore to build rules, and exclude specific domains or websites, is very helpful. And when I compare it with some technologies I have used prior to that, which is Signal Science WAF and such. So how the rule set is handled is actually quite nice.

I would like to see a native multi-cloud cover. Right now if I have applications that run both on Amazon and Google, I have to have two distinct licenses and two distinct implementations. But we are multi-cloud, so I do not want to have to deploy policies on essentially two apps that are essentially the same policies. I would prefer to have a multi-cloud console, in other words, one set of policies that apply to multiple implementations.

I have been working with Barracuda Web Application Firewall for the past two years.

There is great stability.

It is pretty scalable. Because it is a cloud feature, the elasticity comes from the elastic cloud capability, If you make the wrong configurations it is not going to work. We can be working with anywhere between one thousand to twenty-five thousand.

The deployment took around three months to deploy and we used a third party.

The pricing is reasonable.

On a scale of one to ten, I would rate Barracuda Web Application Firewall an eight out of ten.

One of the best aspects of the solution is the support provided. Their backend support is fantastic. I've found it's superior to other products, including Cisco. The way the support team treats its customers is great. They really walk you through everything and show you how easy it is to mend issues.

I find the solution to be easy to deploy. You don't need too much technical skill, so you don't need an expert level of understanding.

The reporting aspect of the solution needs improvement. I don't find that it's very good. They could do some work on it to make it much better. It's not that the reporting isn't secure. It's just that I would prefer to store my reports for an extended period of time. Right now, that's not possible and I'd prefer it if that could change. I also would say that the reports themselves are expensive.

I've been using the solution since 2009. It's been just over ten years now.

The stability of the solution is good. I don't think we've experienced bugs, crashes, or glitches.

Scalability with the solution is good. It just requires more licenses, like every other product. If you only apply for the environment, it's scalable with the licenses you have. If you're on the physical appliance, you just have to scale it up by pressing the appliance. It probably won't be just deployed on Azure, because we would need to add more licenses.

We've been adding to our system for a while ago, and we haven't run into any issues with continuing to scale.

The technical support offered by Barracuda is excellent. It's one of the greatest selling points of the solution, They are very supportive and help answer any questions we have.

I have previous experience using Cisco.

The solution doesn't require a user to be too technical. I would say the initial setup is very straightforward. The deployment is easy. It's not what I would call complex in any way.

Overall, I would say that I'm satisfied with the pricing. It's got a good range of pricing, and the cost matches the quality level you get out of the solution.

I used to be a customer before, however, now I am partners with Barracuda.

We use both on-premises and public cloud deployment models.

Overall, I'd give the solution a nine out of ten. I'd give it full marks, but it does have issues on the reporting side. The reports are a lot more expensive, even more so than the work itself. That's why I did not give it a 10.

That said, I would recommend Barracuda Firewalls to anybody, any day of the week. They're fantastic.