Barracuda CloudGen Firewall Appliance F12 - BNGF12a

  • Recommended for 11 - 25 User Network
  • Threat Protection Throughput: 250 Mbps
  • Site-to-Site VPN Tunnels: Unpublished
  • Concurrent Sessions: 80,000
  • Appliance Only -- Includes 90-Days of Firmware Updates
  • Manufacturer Part #: BNGF12a

For Pricing, request a quote.

Barracuda F12 Firewall Additional Information

The Barracuda F12 BNGF12a firewall is one of the best SMB firewalls that offers superior performance with a simple management interface. The Barracuda F12 is rated for 11-25 users, 1.2 Gbps firewall throughput, and 220 Mbps VPN throughput. Trust that your network is protected with the enhanced security features that the Barracuda F12 provides.

Mitigate Risk With Multilayered Security

The Barracuda F12 BNGF12a uses a layered mixture of behavioral analysis, static code analysis, threat signatures, and comprehensive sandboxing to provide superior protection from ransomware, malware, and more.

Protect Your Users, Data, And More With The Barracuda F12 Firewall

In today's threat landscape, there are pitfalls around every corner. It is paramount that IT professionals secure what matters most and that is why many trust the Barracuda F12 Firewall

At the core of the F12 is the Barracuda Firewall OS operating system. This feature rich technology allows for optimal flexibility which makes these UTM firewalls able to adapt to many network requirements.

The Barracuda F12 BNGF12a protects against sophisticated attacks, zero day threats, persistent threats, exploits, vulnerabilities, and much more.

Know that your business and systems are secure with the Cloud Based Barracuda Firewall OS operating system in the Barracuda F12 BNGF12a .

Specification

Model: F380 F400 F600 F800 F900 F1000

Performance

Firewall throughput 3.8 Gbps 5.5 Gbps 16.3 Gbps 30.0 Gbps 35 Gbps 40 Gbps
VPN throughput 1.2 Gbps 1.2 Gbps 2.3 Gbps 7.5 Gbps 9.3 Gbps 10 Gbps
IPS throughput 1.4 Gbps 2.0 Gbps 5.0 Gbps 8.3 Gbps 11.3 Gbps 13 Gbps
Concurrent sessions 400,000 500,000 2,100,000 2,500,000 4,000,000 10,000,000
New Session/sec 15,000 20,000 115,000 180,000 190,000 250,000
NGFW Throughput 1.0 Gbps 1.2 Gbps 4.6 Gbps 7.0 Gbps 8.0 Gbps 10.2 Gbps
Firewall Users (recommended) No limit
(200-500)
No limit
(300-1,000)
No limit
(1,000-4,000)
No limit
(4,000-6,000)
No limit
(6,000-9,000)
No limit
(7,000-15,000)
Site-to-Site VPN Tunnels No limit No limit No limit No limit No limit No limit
Barracuda VPN Clients (recommended)2 No limit
(50)
No limit
(50)
No limit
(100)
No limit
(500)
No limit
(1,000)
No limit
(2,000)

Hardware

Form factor 1U Rackmount 1U Rackmount 1U Rackmount 1U Rackmount 1U Rackmount 2U Rackmount
Dimensions (in) 16.9 x 13.0 x 1.7 16.9 x 17.7 x 1.7 16.8 x 17.7 x 1.7 17.4 x 22.4 x 1.7 17.4 x 22.4 x 1.7 17.0 x 24.6 x 3.5
Weight (lbs) 13.0 16.5 17.6 26.0 26.0 44.1
1 GbE Copper Ethernet NICs 8x1 GbE 8x1 GbE (STD , F20 sub-model)
12x1 GbE
(C10, C20 sub-models)
or
8x1 GbE
(F10, F20, E20 sub-models)
24x1 GbE
(CCC sub-model)
or
16x1 GbE
(CCF, CCE sub-models)
32x1 (CCC sub-model)
or
16x1 GbE
(CCE sub-model)
or
8x1 GbE
(CFE sub-model)
16x1 GbE
(CE0, CFE sub-models)
or
32x1 GbE
(CE2 sub-model)
1 GbE Fiber NICs (SFP) - 4x1 GbE
(F20 sub-model)
4x1 GbE
(F10, F20 sub-models)
8x1 GbE
(CCF sub-model)
8x1 GbE
(CFE sub-model)
16x1 GbE
(CFE sub-model)
10 GbE Fiber NICs (SFP+) - - 2x10 GbE
(E20 sub-model)
4x10 GbE
(CCE sub-model)
4x10 GbE
(CCE, CFE sub-models)
4x10 GbE
(CE0 sub-model)
or
8x10 GbE
(CE2, CFE sub-models)
Max Storage 80 GB or better 80 GB or better 180 GB or better 430 GB or better 430 GB or better 550 GB or better
Power Supply Single Single Dual Dual Dual Dual
Integrated Switch - - - - - -
Integrated DSL Modem (incl. WAN) - - - - - -
Integrated Wi-Fi Access Point - - - - - -

Features

Firewall
Application Control
IPS
Dynamic Routing
App-Based Provider Selection
Client-to-Site and Site-to-Site VPN (unlimited)
SD-WAN
Web Filter
Email Security
Zero-Touch Deployment

Available Software/Feature Subscriptions

Energize Updates Optional Optional Optional Optional Optional Optional
Malware Protection Optional Optional Optional Optional Optional Optional
Advanced Threat Protection Optional Optional Optional Optional Optional Optional
Advanced Remote Access Optional Optional Optional Optional Optional Optional
Total Protect Optional Optional Optional Optional Optional Optional
Total Protect PLUS Optional Optional Optional Optional Optional Optional

Available Hardware/Support Subscriptions

Warranty Extension Optional Optional Optional Optional Optional Optional
Instant Replacement Optional Optional Optional Optional Optional Optional
Premium Support depends on product mix and size of deployment Optional Optional Optional Optional

Features of Barracuda Firewall Appliance:

Advanced Threat Detection

While traditional solutions usually detect network threats after they have breached the network, by sending log notifications to the administrator, the Barracuda Advanced Threat Detection (ATD) implements full system emulation, which provides deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.

The Barracuda ATD offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization's network.

The Barracuda Advanced Threat Detection is an optional subscription.

Application Control 2.0

The Barracuda CloudGen Firewall provides a powerful and extremely reliable detection and classification of more than 1,200 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis - no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:

  • Block unwanted applications for certain users or groups
  • Control and throttle acceptable traffic
  • Preserve bandwidth and speed-up business-critical applications to ensure business continuity
  • Enable or disable specific application sub-functions (e.g., Facebook Chat, YouTube Postings, or MSN file transfers)
  • Intercept SSL-encrypted application traffic

The Barracuda CloudGen Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, the Barracuda CloudGen Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial for QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Deep Application Context

The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.

Personalized Application Control

On top of the 1,400+ applications that are delivered out of the box and constantly updated, the Barracuda CloudGen Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization's specific needs.

User Identity Awareness

Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to. Barracuda CloudGen Firewalls are fully user-identity aware by linking a user to one or several IP addresses. Any role assignments that result from identity and device posture checks communicated to the firewall by our health agents can be used within the firewall to facilitate role-based access control (RBAC). Barracuda CloudGen Firewalls support authentication of users and enforcement of user-aware firewall rules, web filter settings, and Application Control 2.0 using Active Directory, NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.

Reporting

The Barracuda NG Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda CloudGen Firewall units and to create easy-to-read reports in pdf format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email. Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.

For auditing reasons IP addresses can be anonymized.

Intrusion Detection and Prevention

The Barracuda CloudGen Firewall Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda CloudGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda CloudGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NG Control Center.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection

In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda CloudGen Firewall effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network. Additionally, the Barracuda CloudGen Firewall allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda CloudGen Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.

Web Filtering

The Barracuda Web Filter enables highly granular, real-time visibility into online activity, broken down by individual users and applications, letting administrators create and enforce effective Internet content and access policies. It protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, providing an important additional layer of security alongside application control.

Malware Protection

Barracuda Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

Application-Based Link Selection

The combination of next-generation security and adaptive WAN routing allows the Barracuda CloudGen Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

Traffic Shaping and Quality of Service

Limited network resources make bandwidth prioritization a necessity. The Barracuda CloudGen Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. The Barracuda CloudGen Firewall provides a large set of QoS techniques, such as traffic shaping, traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.

Failover and Link Balancing

To ensure the best and most cost-efficient connectivity, the Barracuda CloudGen Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.

WAN Optimization

The Barracuda CloudGen Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of business-critical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of the Barracuda CloudGen Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprise-grade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, the Barracuda CloudGen Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications - at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.

Microsoft Azure

Besides VMware, KVM, and XenServer, the Barracuda CloudGen Firewall is fully compatible for use in Windows Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer.

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances to help organizations.

Barracuda CloudGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring, and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualized environments.

Amazon EC2

Besides VMware, KVM, and XenServer, the Barracuda CloudGen Firewall is fully compatible for use in Amazon Elastic Compute Cloud (EC2).

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances.

Barracuda CloudGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda Networks virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualization environments.

BYOD (Bring Your Own Device)

The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The Barracuda CloudGen Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Secure Remote Access

The Barracuda CloudGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every Barracuda CloudGen Firewall unit supports an unlimited number of VPN clients at no extra cost. The Barracuda VPN client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.

Barracuda VPN Clients are available for Microsoft Windows, Mac OS, and various Linux systems.

Network Access Control

The optional Barracuda CloudGen Firewall SSL VPN and NAC subscription adds a customizable and easy-to-use portal-based SSL VPN as well as sophisticated Network Access Control (NAC) functionality.

The Barracuda Network Access Client, when used with the Barracuda CloudGen Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda CloudGen Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda CloudGen Firewall units acting as policy servers can be administered, monitored, and reviewed from a single Barracuda NG Control Center.

Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time-consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day - just to manage the existing system. With the Barracuda NG Control Center, managing mulitple Barracuda CloudGen Firewalls takes the same amount of time as managing one.

  • Create pre-configured templates for easy-rollout.
  • Have all information about the enterprise security deployment available in real time.
  • Create reports of either one or all Barracuda CloudGen Firewalls.

Lifecycle Management

Scalable Barracuda CloudGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Revision Control System, Audit, and Reporting

The integrated revision control system increases auditing ease for the infrastructure and cuts overhead.

Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements.

Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable, and easy to read.

Mobile Portal

Gain easy access to your organization’s applications via SSL VPN connections. Barracuda‘s Mobile Portal enables you to set up shortcuts on the home screen of devices such as smartphones or tablets. When accessing the portal via the web browser on a mobile device, users can browse apps, network folders and files as if they were connected to the office network.

The Mobile Portal supports most commonly used devices, e.g., Apple iOS, Android, and Blackberry devices.

Barracuda’s Mobile Portal is an optional feature included with an “SSL VPN and NAC” subscription.

More Information
Product NameBarracuda CloudGen Firewall Appliance F12
SKUBNGF12a
ManufacturerBarracuda Networks
ActiveNo
Form FactorDesktop Appliance
Data SheetView Sheet