We used Barracuda Web Application Firewall to protect the banking system. There were cyber drills where we had to find some logs, share those logs, and identify the attacks.
Manager at Inspira Enterprise
Easy to set up and use, stable, and has no scalability issues, but its attack identification capability and technical support need to be improved
Pros and Cons
- "What I like most about Barracuda Web Application Firewall is its availability. I also like that it's an easy-to-use solution."
- "An area for improvement in Barracuda Web Application Firewall is attack identification. Other banks identified attacks and tracked logs that the solution wasn't able to identify because of its ready-made rules pre-deployed by the vendor. My organization raised this issue with the technical support team. Another area to improve in Barracuda Web Application Firewall is its service desk. The team resorted to stonewalling because they couldn't accept that a feature was missing in the solution, and it was only after a lot of drilling down that the service desk team accepted that, and would be adding that feature in the future. My organization had to submit a report to the Reserve Bank of India with information on the logs identified and the attacks that happened, and that there was a failure on the part of the Barracuda Web Application Firewall. The Reserve Bank of India conducts a tri-monthly cyber risk audit in all Indian banks. Even smaller banks identified and caught attacks that my organization wasn't able to do, so I was looking into other solutions that competitor banks could be using because Barracuda Web Application Firewall failed to identify some of the attacks."
What is our primary use case?
What is most valuable?
What I like most about Barracuda Web Application Firewall is its availability. I also like that it's an easy-to-use solution.
What needs improvement?
An area for improvement in Barracuda Web Application Firewall is attack identification. Other banks identified attacks and tracked logs that the solution wasn't able to identify because of its ready-made rules pre-deployed by the vendor. My organization raised this issue with the technical support team.
Another area to improve in Barracuda Web Application Firewall is its service desk. The team resorted to stonewalling because they couldn't accept that a feature was missing in the solution, and it was only after a lot of drilling down that the service desk team accepted that, and would be adding that feature in the future.
My organization had to submit a report to the Reserve Bank of India with information on the logs identified and the attacks that happened, and that there was a failure on the part of the Barracuda Web Application Firewall. The Reserve Bank of India conducts a tri-monthly cyber risk audit in all Indian banks. Even smaller banks identified and caught attacks that my organization wasn't able to do, so I was looking into other solutions that competitor banks could be using because Barracuda Web Application Firewall failed to identify some of the attacks.
For how long have I used the solution?
I've used Barracuda Web Application Firewall for six months in the past year.
Buyer's Guide
Barracuda Web Application Firewall
November 2024
Learn what your peers think about Barracuda Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
Barracuda Web Application Firewall is a stable product.
What do I think about the scalability of the solution?
Barracuda Web Application Firewall is a scalable product. Scaling it up isn't an issue.
How are customer service and support?
I wasn't happy with the technical support for Barracuda Web Application Firewall, particularly because of the intentional stonewalling by the team. The support team should accept if a threat wasn't caught by the solution. Support should accept that there's a problem in Barracuda Web Application Firewall and improve or fix that problem. My organization had to do a lot of drilling down before the technical support team accepted that the solution was lacking, and that was frustrating.
My rating for the Barracuda Web Application Firewall technical support team is a two out of five.
How was the initial setup?
Barracuda Web Application Firewall was easy to set up. It's a physical appliance, and I only needed one engineer to do the setup. My support engineer set the product up remotely, and it wasn't difficult.
I don't remember how long the deployment took for Barracuda Web Application Firewall because it was done by one of my engineers, but the solution was easy to deploy.
What about the implementation team?
Barracuda Web Application Firewall was implemented by a support engineer from my organization.
What other advice do I have?
I don't remember which version of Barracuda Web Application Firewall I used, but it was the latest at the time.
My organization has a few people using Barracuda Web Application Firewall. Only four or five people use the product.
What I would tell people to do before using Barracuda Web Application Firewall is to first have a POC with different vendors and solutions and even use one or more open source firewalls and WAFs before making a decision. You have to first do a lot of research before installing Barracuda Web Application Firewall because even some open source WAFs can identify some attacks that Barracuda isn't able to identify.
My rating for Barracuda Web Application Firewall is six out of ten.
I'm a product user and not a reseller or partner of Barracuda Web Application Firewall.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at GCET
Simple to manage and use, with good technical support
Pros and Cons
- "The most valuable feature of this solution is the simplicity of configuration."
- "I would like to see an improved capacity to store logs so that they will be available for a longer time."
What is our primary use case?
I am a system integrator and this is one of the solutions that I implement for my customers.
What is most valuable?
The most valuable feature of this solution is the simplicity of configuration.
This solution makes management easy.
I really like the firewall weblog that allows me to see what is being blocked, why, and how I can apply a fix.
What needs improvement?
I would like to see an improved capacity to store logs so that they will be available for a longer time. From my experience, and over time, I have noticed that Barracuda appliances do not store logs for a very long time. What this means is that people have to buy the Barracuda Reporting Server. This is quite expensive, at three or four times the price of the equipment. So, if users have only one or two appliances then it doesn't make sense for them to buy a Reporting Server. If they decide to export those logs from the Barracuda appliance to a SIEM then the format of the report gets lost because Barracuda has custom reports. Where I used to work, our logs would last for about one week. However, where I am now, we do not have logs beyond one day.
For how long have I used the solution?
I have been using this solution for about ten years.
What do I think about the stability of the solution?
This is a very stable appliance.
What do I think about the scalability of the solution?
This physical appliance is not a solution that scales because once I use it at capacity, I have to buy a new one. The virtual appliance is scalable because if I am at capacity then I can increase my license to another plan.
For the WAF, capacity is not a function of the number of users. Rather, it is based on the servers that it is protecting. Two of my current clients and one hundred and fifty, and two hundred and fifty users, respectively.
How are customer service and technical support?
Technical support for this solution is wonderful. It is not just for the firewall, but all of Barracuda has good support. I have been dealing with them since 2009, and in my experience, they attend to you. They take the time to explain things. Even if you want to consider something new, they will guide you on what to do.
Overall, I would rate their support very high.
How was the initial setup?
The initial setup of this solution is very straightforward.
When I first set up this solution in 2009, it was for my company and I didn't require assistance from anybody. I later when for training, and am now an integrator. Today I set this solution up for other companies, and I can say that the initial setup has been straightforward all along.
What other advice do I have?
Definitely, I would recommend Barracuda because of its simplicity. I know that they are now integrating the Web Application Firewall on Prime, in the cloud, as well.
The only thing that is a challenge for me is storage, which limits my reporting.
I would rate this solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Barracuda Web Application Firewall
November 2024
Learn what your peers think about Barracuda Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Director Of Technology at PT Exa Teknologi Indonesia
Has efficient advance threat protection capabilities but the features for CMS integration needs improvement
Pros and Cons
- "The product's advanced bot and threat protection capabilities are valuable."
- "There's potential for improvement in the platform's CMS integration."
What is our primary use case?
Our primary use case for this platform is to protect our web applications.
What is most valuable?
The product's advanced bot and threat protection capabilities are valuable.
What needs improvement?
There's potential for improvement in the platform's CMS integration.
For how long have I used the solution?
I've been using Barracuda Web Application Firewall for five years now.
What do I think about the stability of the solution?
The platform has been quite stable, with minimal disruptions in our operations.
What do I think about the scalability of the solution?
I would rate this solution a ten for scalability.
How are customer service and support?
The customer service and support have been responsive and helpful whenever we've needed assistance.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
We implemented the product with the help of a vendor.
What's my experience with pricing, setup cost, and licensing?
The product pricing was competitive for the value it offers regarding security features.
Which other solutions did I evaluate?
We evaluated other solutions like FortiWeb but chose this platform due to its comprehensive feature set and scalability options that suited our needs better.
What other advice do I have?
The platform has been a reliable choice for securing our web applications. I recommend exploring their support and training offerings to maximize their effectiveness.
I rate it a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Jul 9, 2024
Flag as inappropriateSophos Certified Product Architect at Softech Microsystems
Provides an end-to-end approach, is easy to set up, and includes active and offline DDoS
Pros and Cons
- "We only need one subscription to be protected against both active DDoS and offline DDoS attacks."
- "In the Barracuda Web Application Firewall, there should be more affordable options for WAF as a service."
What is our primary use case?
People who host their applications on the cloud, global servers, on-premises, or various locations may encounter issues related to IT threading as well as volumetric attacks. To address these challenges, we provide the Barracuda Web Application Firewall. The most significant advantage of the Barracuda Web Application Firewall is that it offers a single subscription for Active DDoS protection.
There are two types of DDoS attacks: active DDoS and offline DDoS. With Barracuda Web Application Firewall, we only need one subscription to be protected against both. In contrast, other solutions and competitors often require separate subscriptions for DDoS protection, making their offerings more expensive.
When it comes to a comprehensive web application firewall solution, Barracuda stands out by providing an affordable and end-to-end approach. In comparison, other market solutions typically consist of separate boxes for different features, leading to higher pricing.
What is most valuable?
We only need one subscription to be protected against both active DDoS and offline DDoS attacks.
What needs improvement?
In the Barracuda Web Application Firewall, there should be more affordable options for WAF as a service. These options should cater to smaller businesses, with a focus on single-size configurations for fewer users and cloud applications. We currently offer WAF as a service for cloud-deployed applications, but the pricing is somewhat on the higher side. To enhance the service, I suggest that they work on improving their pricing strategy. It's crucial to provide competitive pricing in comparison to other competitors in the market.
For how long have I used the solution?
I am currently using the Barracuda Web Application Firewall.
What do I think about the stability of the solution?
I give Barracuda Web Application Firewall nine out of ten for stability.
What do I think about the scalability of the solution?
I give Barracuda Web Application Firewall nine out of ten for scalability.
How was the initial setup?
I would rate the initial setup a ten out of ten for its ease.
Usually, deployment takes three to four weeks because it depends on the customer and what we can observe from their side. What SLA or scope of work have they shared with the partner? In essence, we are not a direct partner of Barracuda; instead, we serve as the brand custodian for multiple brands such as Sophos and Barracuda. During the deployment phase, we are not directly involved with the customers. Sometimes, the queries pertain to deployment issues or technical problems. For such cases, we typically respond within two to four hours, or at most, one to two days, depending on our schedule. Since we cater to multiple brands and settings, we are not exclusively focused on one particular brand. Our role involves supporting multiple brands and setting up various solution abilities or designs.
For instance, if a customer approaches us for web services, we can offer Sophos Firewall web services. However, if they require a dedicated web solution, we provide them with a Barracuda solution. In cases where the customer has budget constraints, we try to migrate them to cloud-based solutions. Consequently, we refer to them as end customers or partners as per the situation.
In most cases, we are not directly involved in the deployment phase, the configuration process, or the setup. However, we usually gather feedback from our partners or new partners, and based on that, I can estimate that the deployment will take around two to three weeks. The timeline depends on the specific requirements or wishlist of the end customer.
What's my experience with pricing, setup cost, and licensing?
The Barracuda Web Application Firewall is quite expensive. The license is available on an annual or three-year term, with no monthly, quarterly, or semi-annual options. There is a bigger discount applied when a customer signs up for a three-year term.
What other advice do I have?
I would give Barracuda Web Application Firewall nine out of ten.
Barracuda Web Application Firewall is marketed for the enterprise segment because of its high cost.
Barracuda Web Application Firewall is a comprehensive and dedicated web application firewall, and I highly recommend it.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Presale Engineer at Softprom by ERC
Has good stability and an easy setup process
Pros and Cons
- "The initial setup is easy."
- "Barracuda Web Application Firewall’s scalability needs improvement."
What is most valuable?
The product has valuable technical features.
What needs improvement?
Barracuda Web Application Firewall’s scalability needs improvement.
For how long have I used the solution?
We have been using Barracuda Web Application Firewall for two years now. At present, we use the latest version.
What do I think about the stability of the solution?
I rate the product's stability a ten out of ten.
What do I think about the scalability of the solution?
The product has low scalability, and it is three out of ten. It could be improved.
How was the initial setup?
The initial setup is easy. I rate the process a ten out of ten. It takes a month to complete.
What about the implementation team?
We implement the product with the help of a reseller.
What's my experience with pricing, setup cost, and licensing?
The product is inexpensive. I rate its pricing a two out of ten. We purchase its monthly license.
What other advice do I have?
We have medium businesses as our customers for Barracuda Web Application Firewall. I recommend it to others and rate it a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Network secur eng at Qatar Free Zone
Great technical support, good stability, and offers reasonable pricing
Pros and Cons
- "Even when we were upgrading to a new OS, we didn't have any difficulties with the product. The stability is good."
- "While the UI is good, it can get a little bit complicated."
What is our primary use case?
We primarily use this solution for security purposes. We use it as a firewall.
What is most valuable?
The interface is great. It's one of the most valuable aspects of the solution.
The visibility we are able to achieve is quite good.
The traffic monitoring is very helpful and the URL filtering has been excellent.
Even when we were upgrading to a new OS, we didn't have any difficulties with the product. The stability is good.
We have found that the technical support is very good.
The pricing of the product isn't overly expensive.
What needs improvement?
While the UI is good, it can get a little bit complicated. It's not like Next-Gen Firewalls. I need to remember all of the tabs. The sub-tabs should be at the right as they are in the Next-Gen. Mostly, Next-Gen firewalls have everything on the left panel and it will reappear. It would be nice if there was a little more consistency.
I only really have one year of experience with the solution. Therefore, it's hard to discuss missing features. I need more time to explore the product first.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
We haven't had any issues with the stability or the performance, even when switching to a new OS. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
While the solution may be scalable, I don't have enough background to really comment. I haven't been involved in scaling.
How are customer service and technical support?
Technical support is quite good. That's the main reason everyone is shifting to Barracuda.
It's from India. I'm in the Middle East. Even though the product is from the UAE, the Middle East, the support is from India. They have good engineers that are well-trained. That said, if you need an L3 issue resolved, those engineers are from other regions. Typically an Indian tech will communicate with the other region directly. The support in the case of L3s likely comes from Europe. In any case, everyone is very helpful and responsive, and we are satisfied with the level of support.
How was the initial setup?
The initial setup is not overly complex or difficult. It's easy enough to execute. That said, the burden has to be getting a bit of the knowledge in regards to routing. That's a tricky area. However, it's pretty much the same as a Next-Gen Firewall configuration.
What's my experience with pricing, setup cost, and licensing?
The pricing is okay, however, there are a few other competitors that are a little bit lower. It's still reasonable.
What other advice do I have?
I'm an end-user and a customer.
I would rate the solution at an eight out of ten. Sometimes the solution can be tricky around filtering, which is why I don't give it perfect marks.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Especialista en Informática at a maritime company with 5,001-10,000 employees
Stable with good security and a fairly straightforward setup
Pros and Cons
- "The initial setup is pretty straightforward, especially if you enlist assistance."
- "We've had some blocks of the application and some false positives."
What is our primary use case?
The solution is our WAF for Azure. It is for operation for Transit CAS applications.
What is most valuable?
We primarily use the solution for the protection of the active WAF. It offers quite good security.
The solution is stable.
The initial setup is pretty straightforward, especially if you enlist assistance.
What needs improvement?
We've had some blocks of the application and some false positives. Barracuda needs to ensure there are fewer false positives in general. There also needs to be less of a learning curve on the application in general. That might help us eliminate false positives as well. Basically, they need to help new users better learn and understand the solution.
I have an issue with the console currently. I cannot access the console from inside the network. When I access the entire network, it kicks me off all the time. I opened a case with technical support. We've checked the firewall the perimeter firewall, and we've tried to fix that problem, however, it's still the problem. I have to access the console from outside all the time to this day.
For how long have I used the solution?
I've been using the solution for a while now. It's been about five years.
What do I think about the stability of the solution?
The stability is okay. We don't have issues with the reliability of Barracuda. There aren't bugs or glitches. It doesn't crash or freeze at all. I'd describe it as stable for the most part.
What do I think about the scalability of the solution?
The scalability may be okay. However, we have only one Barracuda gateway. We don't really need to scale the solution fight now.
We might have about 500 users within our company using the solution right now.
How are customer service and technical support?
I've reached out to technical support in relation to a console problem and they have yet to fix the issue for us. All they've done is told me to check the firewall, which I have, and to install a new version. I upgraded the version, however, the issue persists. They haven't been extremely helpful and I'd have to say that I am disappointed with their level of service so far.
Overall, I would rate the support at an eight out of ten.
Which solution did I use previously and why did I switch?
We also use Imperva. We use both solutions at once.
How was the initial setup?
I'm not the administrator of the installation process. Therefore, it's hard for me to say if it was difficult or complex. I can't really comment on the initial implementation.
That said, it's my understanding, from talking to the administrator in the past, that it wasn't too complex.
I'm not sure how long the deployment took. I only really deployed the last application protection.
What about the implementation team?
We had the support of the partner for the implementation, which helped iron out any difficulties.
What other advice do I have?
We're just a transportation company. We're a customer. We don't have a business relationship with Barracuda.
I recommend the solution to other organizations for protecting applications specifically in Azure.
Overall, I would rate the solution at a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Information Security Officer at a insurance company with 10,001+ employees
Reliable and stable with a straightforward setup
Pros and Cons
- "The solution has been quite stable. It's reliable."
- "The solution needs to leverage some additional features to a broader scale of software-defined networks."
What is our primary use case?
Typically these web application firewalls act as an additional layer primarily for traffic. The web application firewalls are more of a safeguard if a company still has legacy technologies, for which they don't have the patches. It's basically used for the protection and security of web applications.
What is most valuable?
The solution has been quite stable. It's reliable.
The initial setup is mostly straightforward.
What needs improvement?
I wouldn't say that the solution is flexible. The technology is moving towards having the firewall, which is distributed to each workload, rather than having a static firewall pertaining to a particular application or a cohort of applications. There are other solutions that are much more flexible in this regard. VMware, for example, gives good flexibility in this regard.
The solution needs to leverage some additional features to a broader scale of software-defined networks.
Given the distributed computing and decentralized architecture with people working in hybrid modules, there'll be lesser and lesser control. People would like to have, for example, edge computing, et cetera, which is going to be the future for computing. Hence every organization would like to scale the design to the extent where they would like to have their defenses also go along with their workloads.
If, for an SDN, I need to go to VMware, and, for WAF, I need to go to Barracuda, or different other firewalls, the company is losing market share. They need to increase flexibility, agility, scaling, et cetera, as that is going to be the new normal, maybe in the next two to five years.
For how long have I used the solution?
We've been using the solution for close to two years at this point.
What do I think about the stability of the solution?
The solution is quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
I'm not sure about the scalability. I would need to explore it more. The most scalable products are likely VMware's NSX, as it is a company that's bit on cloud migration cloud transformation strategies. They'd like to ensure their workloads are safe and secure. I don't see this in traditional RAFs or even firewalls.
It's difficult to found how many users are on the solution at this time as we use multiple web application firewalls on different applications. It is not every application however, there would be certain applications that would have a WAF. Likely, it's around 10,000 users across applications.
We do plan to continue to use the solution into the future.
How are customer service and technical support?
We haven't really had to engage with technical support. I can't speak to how helpful or responsive they are in general.
Which solution did I use previously and why did I switch?
We did use a different solution before switching to Barracuda. Typically, we run a POC first before moving onto anything new, which is what happened in this case.
How was the initial setup?
The initial setup is pretty straightforward. However, it does help to have some depth of knowledge with the solution.
I cannot recall the exact amount of time the deployment took.
While I don't have dedicated staff on the solution to handle maintenance, I have about six people on my team that can cover whatever needs to be done when something arises.
What's my experience with pricing, setup cost, and licensing?
Licensing is something the procurement team takes care of. I don't have any insights in terms of the licensing agreement or costs that may be involved.
What other advice do I have?
We are customers and end-users.
Typically, we keep updating our infrastructure, and therefore, we are likely using the latest version of the solution, however, I do not have the version number on-hand.
I would recommend the solution to other organizations.
Overall, we've been quite satisfied with the capabilities of this product. I would rate it at an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Barracuda Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Azure Application Gateway
Azure Front Door
F5 Advanced WAF
Fortinet FortiWeb
Imperva Web Application Firewall
Radware Alteon
NGINX App Protect
Reblaze - part of Link11
Buyer's Guide
Download our free Barracuda Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Imperva WAF vs. Barracuda: Which One is Better?
- Which is better, Barracuda Web Application Firewall or F5 Advanced WAF?
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?