Barracuda Web Site Firewall Model 460
Strengths: Easy to install and administer.
Weaknesses: Protection at the application layer, but not at lower layers.
Verdict: A feature-rich product at a low cost, making it our Best Buy.
SummaryThe Web Site Firewall Model 460 is an application protection firewall, which resides on a single appliance device. The tool recognizes attacks by monitoring network traffic to and from the web server. The default configuration for the device is to run in bridge mode, but it can also be installed in a routed mode. Bridge mode allows the device to inspect traffic bi-directionally to the web server without the use of an IP address. The routed mode is similar to a traditional network configuration, whereby a separate IP address is installed on each interface of the website firewall. This configuration can cause a few problems, which the bridge avoids.
For example, the 460 becomes an inline device, which can cause a central point of failure. For this type of deployment, we recommend using the 460's redundant configuration. In the default mode, the tool does not stop network traffic if the unit fails. However, all traffic to and from the website would be blocked in the routed mode. The routed configuration is what is known as a "fail secure" configuration. This means that if the Web Site Firewall Model 460 does not explicitly permit the traffic, it will be dropped. The logging on the tool is performed via the syslog protocol. Several different types of events can be configured to send traffic to the syslog server.
As an integrator of many types of systems, the Web Site Firewall Model 460 in bridge mode has "goes in to" and "goes out of" ports. The installation and configuration are as simple as it comes. The entire installation and configuration guide takes up only a single piece of paper. Additional documentation covers the routing installation method, as well as very detailed explanations of the events which triggered alerts.
Support is offered through phone, email and a website. Email support is available 24/7 for all customers, and additional support is available for a higher fee. Barracuda also provides a website with a knowledge base, FAQ and live chat options for support.
The Barracuda offering is priced at $8,999 with no "per user" fees on top of that price. This puts the cost of the device at the lower end of the spectrum.