ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Barracuda NG Firewalls - Can They Replace My Barracuda 410 Web Filter?

    IT Discussion
    barracuda cisco ubiquiti sophos firewall router utm unified threat management web filtering web proxy networking
    7
    39
    8.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NetworkNerdN
      NetworkNerd
      last edited by scottalanmiller

      This is related to my thread from last year (http://community.spiceworks.com/topic/1204753-replacing-traditional-firewalls-with-utm-appliances-how-do-you-know-it-s-time?page=3&source=year-in-review).

      We are quickly approaching the Cisco ASA 5510 limit to have 10 ipsec peers because we keep adding sites. And since the 5505s at our remote sites are headed to end of life, it could be time to look at replacements. Cisco devices work well if configured properly, but I am wondering if there might be something better out there that can do the job and provide some additional features. I realize there is a cost to get those features. Cisco has newer models, but I want to make sure I am considering other vendors as well.

      I looked at Sophos UTMs and remember that they have some measure of web filtering included. That's certainly an option we will consider.

      I'd love to hear from anyone out there who is using the Barracuda NG series firewalls. I recently saw a demo of them and was both intrigued and impressed. I may see if I can do an evaluation. We have a Barracuda 410 web filter appliance at HQ, and I would love to get rid of the ASA 5510 and the Barracuda appliance and replace it with a single device (perhaps a Barracuda NG series firewall). I would then look to get the NG series firewalls at our remote sites for the ability to easily provision site-to-site tunnels, to provide a measure of web filtering to each location (at the granularity we need - block specific domains or regular expressions by user, ip, etc.), and to make our client and site-to-site VPNs operate a bit faster. These firewalls also allow a deeper level of QoS than what we have. To some extent I know the client VPNs are dependent on internet speed and saturation levels, but I don't believe our client or site-to-site VPNs move as fast as they could.

      For IDS / IPS, we are using Arctic Wolf, and they do a great job of providing an extra set of hands in the security department. That portion is not necessarily something we must have in a firewall / gateway device.

      And i know Barracuda has stellar support. They have always been responsive and very helpful on support calls.

      I'd love to hear thoughts on the Barracuda firewalls and their web filtering capabilities. What made you choose Barracuda for your firewall? What made you decide you needed only this device and no additional web filter?

      scottalanmillerS 1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        Barracuda have a terrible security reputation. Like Fortinet, but longer ago, they famously put intentional backdoors into their products, including their public facing firewall products, so that "anyone" that got access to the shared password would have permanent access to the systems. I would never use Barracuda personally, but could never recommend using them in any role involving security specifically and most especially firewalls.

        1 Reply Last reply Reply Quote 2
        • travisdh1T
          travisdh1
          last edited by

          I don't like the Unified Threat Management devices for the most part. Sure they pack lots of features in a single box. Thing is I can break out all the security stuff out onto different boxes and get a lot better idea of where problems actually are when things go sideways.

          scottalanmillerS 1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller
            last edited by

            One consideration is doing web filtering behind the firewall. I am of the opinion that router and firewall functions go in the outward facing appliance, filtering and proxying go behind that at a different layer for security, performance and flexibility reasons.

            I would look at Ubiquiti as a replacement for the Cisco and using something else, maybe continuing to use a Barracuda web filter, for the web filtering. Using a Barracuda in a position where it is secured by something more serious like the Ubiquiti would mean that it was protected from being blatantly opened to the outside world.

            NetworkNerdN 1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller @NetworkNerd
              last edited by

              @NetworkNerd said:

              To some extent I know the client VPNs are dependent on internet speed and saturation levels, but I don't believe our client or site-to-site VPNs move as fast as they could.

              What you likely want there is inline compression, not something widely available. Riverbed is the leader for that.

              NetworkNerdN 1 Reply Last reply Reply Quote 1
              • NetworkNerdN
                NetworkNerd @scottalanmiller
                last edited by

                @scottalanmiller said:

                @NetworkNerd said:

                To some extent I know the client VPNs are dependent on internet speed and saturation levels, but I don't believe our client or site-to-site VPNs move as fast as they could.

                What you likely want there is inline compression, not something widely available. Riverbed is the leader for that.

                I've heard of Silverpeak as a competitor in that space as well.

                1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @travisdh1
                  last edited by

                  @travisdh1 said:

                  I don't like the Unified Threat Management devices for the most part. Sure they pack lots of features in a single box. Thing is I can break out all the security stuff out onto different boxes and get a lot better idea of where problems actually are when things go sideways.

                  @JaredBusch has said the same thing several times too. The UTM approach is a big sales push from vendors but I don't see it going well. I rarely see UTMs working well at the time of purchase and they have much higher lifetime costs and age much more quickly.

                  1 Reply Last reply Reply Quote 0
                  • NetworkNerdN
                    NetworkNerd @scottalanmiller
                    last edited by

                    @scottalanmiller said:

                    One consideration is doing web filtering behind the firewall. I am of the opinion that router and firewall functions go in the outward facing appliance, filtering and proxying go behind that at a different layer for security, performance and flexibility reasons.

                    I would look at Ubiquiti as a replacement for the Cisco and using something else, maybe continuing to use a Barracuda web filter, for the web filtering. Using a Barracuda in a position where it is secured by something more serious like the Ubiquiti would mean that it was protected from being blatantly opened to the outside world.

                    How easy are the Ubiquiti firewalls for someone who isn't a CLI guru with Cisco and the like?

                    scottalanmillerS travisdh1T JaredBuschJ 3 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @NetworkNerd
                      last edited by

                      @NetworkNerd said:

                      How easy are the Ubiquiti firewalls for someone who isn't a CLI guru with Cisco and the like?

                      I'd say mediocre. They have a graphical interface but it isn't exactly a walk in the park. But it is easier than a Cisco CLI. The CLI on the VyOS on Ubiquiti is very similar to Cisco CLI, so the knowledge carries over. The GUI is always improving but is a bit confusing and not every single feature is exposed there.

                      1 Reply Last reply Reply Quote 0
                      • travisdh1T
                        travisdh1 @NetworkNerd
                        last edited by

                        @NetworkNerd said:

                        @scottalanmiller said:

                        One consideration is doing web filtering behind the firewall. I am of the opinion that router and firewall functions go in the outward facing appliance, filtering and proxying go behind that at a different layer for security, performance and flexibility reasons.

                        I would look at Ubiquiti as a replacement for the Cisco and using something else, maybe continuing to use a Barracuda web filter, for the web filtering. Using a Barracuda in a position where it is secured by something more serious like the Ubiquiti would mean that it was protected from being blatantly opened to the outside world.

                        How easy are the Ubiquiti firewalls for someone who isn't a CLI guru with Cisco and the like?

                        Go download the management app and look for yourself, Ubiquity provides all the management software for free. EdgeMAX download page

                        1 Reply Last reply Reply Quote 2
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          A huge upside to Ubiquit is that you could get one for home and work with the same features and interface in your home environment so that you can mess around and test things without needing to do it on the product system. @anonymous has the baby Ubiquiti at home which is around $50. I have the older smallest one which is around $90 and we travel with it to use wherever we go.

                          JaredBuschJ 1 Reply Last reply Reply Quote 2
                          • stacksofplatesS
                            stacksofplates
                            last edited by stacksofplates

                            Another feature with Ubiquiti is the VPN connections are a breeze. If you have an ER on both ends you really only need to put in address, username, password, and type of connection and it figures it all out. Much easier than between Cisco and something else.

                            scottalanmillerS 1 Reply Last reply Reply Quote 2
                            • scottalanmillerS
                              scottalanmiller @stacksofplates
                              last edited by

                              @johnhooks said:

                              Another feature with Ubiquiti is ...Much easier than ... Cisco....

                              FTFY

                              1 Reply Last reply Reply Quote 2
                              • A
                                Alex Sage
                                last edited by

                                Love Ubiquity!

                                1 Reply Last reply Reply Quote 1
                                • JaredBuschJ
                                  JaredBusch @NetworkNerd
                                  last edited by

                                  @NetworkNerd said:

                                  @scottalanmiller said:

                                  One consideration is doing web filtering behind the firewall. I am of the opinion that router and firewall functions go in the outward facing appliance, filtering and proxying go behind that at a different layer for security, performance and flexibility reasons.

                                  I would look at Ubiquiti as a replacement for the Cisco and using something else, maybe continuing to use a Barracuda web filter, for the web filtering. Using a Barracuda in a position where it is secured by something more serious like the Ubiquiti would mean that it was protected from being blatantly opened to the outside world.

                                  How easy are the Ubiquiti firewalls for someone who isn't a CLI guru with Cisco and the like?

                                  For the ER-X and ERL, you simply

                                  1. pre-download the latest firmware
                                  2. plug in power
                                  3. plug in your laptop configured with 192.168.1.2 to eth0
                                  4. pop the web browser to 192.168.1.1.
                                  5. load the updated firmware
                                  6. reboot
                                  7. run the WAN+2LAN2 wizard to setup the router
                                  8. plug your internet into eth0
                                    a. Reboot your cable modem if you have one of those because they lock to MAC address
                                  9. plug your local switch into eth1
                                  10. win
                                  1 Reply Last reply Reply Quote 2
                                  • JaredBuschJ
                                    JaredBusch @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    A huge upside to Ubiquit is that you could get one for home and work with the same features and interface in your home environment so that you can mess around and test things without needing to do it on the product system. @anonymous has the baby Ubiquiti at home which is around $50. I have the older smallest one which is around $90 and we travel with it to use wherever we go.

                                    The ERX is the much better unit for a SOHO environment because of the built in switching chip.

                                    The ERL is a 100% router. None of the ports have an onboard switch so if you bridge eth1 and eth2, you will lose performance there.

                                    A 1 Reply Last reply Reply Quote 2
                                    • NetworkNerdN
                                      NetworkNerd
                                      last edited by

                                      What do you use for client VPN connections to the EdgeRouters?

                                      stacksofplatesS JaredBuschJ 2 Replies Last reply Reply Quote 0
                                      • stacksofplatesS
                                        stacksofplates @NetworkNerd
                                        last edited by stacksofplates

                                        @NetworkNerd said:

                                        What do you use for client VPN connections to the EdgeRouters?

                                        The Windows clients work fine, L2TP.

                                        NetworkNerdN 1 Reply Last reply Reply Quote 0
                                        • NetworkNerdN
                                          NetworkNerd @stacksofplates
                                          last edited by

                                          @johnhooks said:

                                          @NetworkNerd said:

                                          What do you use for client VPN connections to the EdgeRouters?

                                          The Windows clients work fine, L2TP.

                                          Is the authentication using RADIUS, or are you setting up user accounts for client VPN access inside the EdgeRouter itself? I know Cisco works either way, but I was not sure about Ubiquiti.

                                          stacksofplatesS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            You can use OpenVPN, too. For client connections.

                                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post