May 07, 2012, 11:53 AM — Enterprise firewalls must have policies to control traffic, ability to create site-to-site VPNs using standards-based IPsec, translate addresses and port numbers (NAT) when needed, and apply basic bandwidth management to traffic. They must also support features such as high availability (active/passive or active/active), virtual LANs, Ethernet link aggregation, and global management systems.
We found that next generation firewall vendors are simply layering application aware features on top of their existing firewalls. That's a good thing, because it makes it more likely that the firewalls don't suffer from the kinds of bugs that any new product can have, and because they're starting out of the gate with a great, tested, feature set. The products we tested, from Check Point, Fortinet, SonicWall, and Barracuda Networks, don't have different names or even different licensing. You don't order a SonicWall next generation firewall; you just order a SonicWall firewall, and it has next-generation features. Same for Check Point, Fortinet and Barracuda Networks.
Most readers will be familiar with the Check Point Security Gateway, Fortinet FortiGate and SonicWall SonicOS products already. The Barracuda NG Firewall doesn't have the same market penetration in North America — it comes through Barracuda's acquisition of Austrian firewall manufacturer Phion in 2009 — so the product won't be as familiar to Network World readers.
Barracuda's NG Firewall does have a stateful packet filter but the architecture of the NG Firewall is more like a bastion host application layer firewall (think Digital Equipment Corp's SEAL or Trusted Information Systems' Firewall Toolkit), with embedded proxies for HTTP, SSH, and FTP, an internal mail gateway to handle SMTP traffic, and the option to redirect any traffic passing through the firewall to an application running on the firewall itself.
The Barracuda NG Firewall is a thoroughly modern product, with features such as traffic shaping and UTM protections, integrated IPSec and SSL VPN and even Network Access Control — but the NG Firewall doesn't look much like other popular products in the firewall space.
This means that if you plan to evaluate the Barracuda NG Firewall, add some space in your schedule to get used to the configuration system and plan to spend some time on the phone with technical support, as we did, to understand how all the pieces fit together.