The Barracuda Web Application Firewall is a hardware-based device which is used to monitor, assess and remediate web-based application vulnerabilities. The device is flexible and can be deployed in several ways. In the Two-Arm Proxy Deployment, the Web Application Firewall sits between the network and the web server, allowing total visibility and maximum security. The Firewall can also be deployed using only one interface connected to a mirror port, providing zero downtime during installation. In this configuration, there is an alternate path to the web servers in the event of hardware failure. The tool is more than just a simple web security device. It even includes some DLP functionality, and the default policy it came with already blocked the leakage of credit card numbers and SSNs.
The Barracuda Web Application Firewall was easy to set up. After we removed it from the box, we easily installed it into our server rack using the included rack-mount hardware. After that, we connected our keyboard, monitor and mouse to the back of the server and powered the device on. We decided to test it using the Two-Arm Proxy Deployment, so we set up both NICs. Once the machine booted, we were greeted with the built-in configuration tool, which allowed us to configure the interfaces and test network functionality.
The appliance comes with great built-in functionality and requires minimal configuration to integrate into the network. It has a well thought out web GUI, which allowed us to smoothly access and implement firewall policies. Before interfacing the device with our test site, we updated the software. The 660's online updater installed the latest security definitions in the background while we continued testing. The PCI DSS 2.0 policy files are present on start-up and allowed us to compliance audit our test system right out of the box. We were pleased with its ability to generate reports at the click of a button. A unique characteristic of this device was the ability to obfuscate sensitive data, such as credit cards, SSNs and also custom user-specified strings.
When we opened the box, we found that the 660 came with a quick-start guide as well as some marketing materials. The well-written quick-start guide outlined the various deployment scenarios the device is capable of and how to implement them. It included pictures and diagrams, as well as some screen shots of the CLI, which made setup easy.
Barracuda offers two types of support for its firewall. In order to receive software updates, users must be subscribed to its Energize Update service. This provides security and product updates at a cost of $2,699 per year, along with basic eight-hours-a-day/five-days-a-week telephone support. For an additional cost of $2,199 per year, a 24/7 service contract can be purchased.Because of its rich feature set, we believe that the value for money is outstanding. Coming in at $9,999 for the base hardware, it is significantly less expensive than other products of its type. Overall, we were thoroughly impressed with the price point and the scope of this product's functionality.