Barracuda NetworksWorld War Web – juin 2011
Stéphane Castagné / Sébastien Braun
Agenda
Barracuda Networks.
Un brin d'histoire.
Simplifier l'IT avec un arc !
Administration centralisée
Redondance des liens WAN
Contrôle au niveau applicatif.
« Fournisseur de solutions sécurité IP »
- Création 2003 – HQ Californie – 800 Personnes.
- 145 000 Clients monde.
- Mission : Simplifier l'administration et la gestion IT
- Environnements (Appliances, VM et Cloud)
- Protection des accès, des applications et des données.
Solution globalede sécurité IP
Accés
Applications
Données
Clients France
Un brin d'histoire …
Le client :L'un des plus grands data center du secteur bancaire autrichien.
Le Challenge:650 firewalls
Industrialisation du déploiement ?
2 administrateurs dédiés !
L'incubation
Le Résultat:Technologie NG Firewall
Un design conçu pour la sécurité distribuée
Une page blanche ...
SPI Firewall
SPI Firewall
+ IPS/IDS
UTM
+ P2P Blocker
UTM
+ P2P Blocker
+ WAN optimizer
UTM
+ P2P Blocker
+ WAN optimizer
+ NAC
SPI Firewall
+ IPS/IDS
+ Anti-Virus
SPI Firewall
+ IPS/IDS
+ Anti-Virus
+ Web Filter
UTM
+ P2P Blocker
+ WAN optimizer
+NAC
+ Link balancer
1990
2005
MGMT ?
UTM
+ P2P Blocker
+ WAN optimizer
+ NAC
+ Link balancer
+ Application control
2010: NG Firewall
Centralized Management
Crayonner des tunnels VPNCréation rapide de VPN
par drag & drop
Template pour les architectures
fully meshed ou hub & spoke
Simplifie le management des VPN
Branch
Offices
Road warriors
HQ-LAN
Architecture WAN
hétérogène
• Cloud Privé
Cloud Public
HQ-LAN
Resilient Site-2-Site
Connections
Redondance des liens WAN
Intelligent Traffic Management
•Application-based
•For Encrypted and Unencrypted Traffic
•Per User and/or Group
•Per Source and Destination
•Time of day, weekday, date
Routing
VPN TunnelBranch Office
Routing
VPN TunnelHeadquarters
VoIP before Business 100%
Internet: 50%Email 50%
DSL
MPLS
3G
VoIP beforeBusiness 70%Internet 10%Email 20%
VoIP beforeBusiness 80%Internet 5%Email 15%
Contrôle au niveau applicatif
NGFirewall
plain HTTP
bittorrent
Layer 7ApplicationControl
Plus de 800 applications détectées:
Peer-to-Peer (P2P), Instant Messaging (IM), Standard
Protocols, Voice over IP (VoIP), Streaming Protocols,
Tunnel Protocols, Gaming Protocols, Business
Protocols, Mobile Internet Protocols
+
+
Que fait réellement cet utilisateur
Illustration du contrôle au niveau applicatif
Nous pouvons maintenant ajuster le politique de sécurité…interdire
limiter
Trois points clefs
L'architecture Firewall NG simplifie l'IT en intégrant dans
son administration centralisée l'ensemble des
fonctionnalités d'un Firewall Next Generation :
Une redondance des liens WAN grâce à l'ADSL et/ou la
3G [Traffic Intelligence]
le contrôle au niveau applicatif.
… N'oubliez pas l'arc dans vos architectures !
Firmware 5.2
•Web Filter–Barracuda Web Filter Engine
–Included with EU -> Best value in NG Firewall market
•IPS–Included with EU -> Best value in NG Firewall market
•GeoMaps in CC–no extra cost
–unique in NG Firewall market
•DC Agent (5.2.1)–Enables clientless user <-> IP recognition
Geo Maps in Control Center (any CC and any MC)
Website: all specs and sizing information
Datasheet: -> On Website
Barracuda NG Firewall Introduction
“Next generation” firewall:●Layer 7 application profiling
●Identity aware networking
●Dynamic Application Control Monitoring
●Network access control
●Intrusion Detection and Prevention
●Integrated Content Filter (Malware Protection,
Web filter, Secure Web Proxy)
●Integrated Web Cache Proxy
●Infrastructure and Application Proxies:
DHCP, FTP, SSH, DNS, SMTP, POP3
●Enterprise-class Firewall and next generation
VPN with customizable encryption
●Integrated SSL VPN
●Traffic Shaping and Quality of Service (QoS)
●Multiple uplink support
Industry-leading centralized
management:●Scalable and fault tolerant central management
●Template-based management
●Distributed Firewall
●Multi-tenancy
●Compliance and Revision Control System
●Effective troubleshooting
Q&A
Merci !!!
Where does the Barracuda NG Firewall come from?
Result of acquisition of phion AG
−Public European NG Firewall company
−Company HQ in Innsbruck, Austria
−10+ years experience in space
−1,000+ Enterprise customers
−15,000+ deployed appliances
(4,589 shipped in 2009)
−100,000+ licensed VPN users
The Paradigm of Next Generation Firewalls
Next Generation Firewall“Traditional“ Network Firewall
Why do we need “another firewall“ ?
Next Generation Firewall “Traditional“ Network Firewall
+ Integrated Content Security
Distributed Secure Web Access
FTP Gateway
+ Integrated Content Security for distributed environments
NTP Proxy Service
Web filter SMTP ProxyHTTP ProxyCaching /
Forwarding DNS
POP3 Gateway
HTTPS Proxy
MalwareProtection
Network Access Control
802.1x support
+ Network access control for distributed environments
ClientlessGuest
NetworkingContext Aware
Connection aware
Identity Aware
Easy of UseEndpoint
protectionPolicy
Enforcement
Why do we need “another firewall“ ?
+ Network access control
Next Generation Firewall “Traditional“ Network Firewall
+ Integrated Content
+ Intelligent Traffic Management
Intelligent Traffic Management
ApplicationAware
+ Intelligent Traffic Management for distributed Environments
Prioritization
QoS
IntelligenceTraffic
Manager
Link-& Load
Balancing
High Secure VPN
Technology
Multiple Connection
HandlingCompression
Easy Graphical
Tunnel Interface
Visualization throughNG Earth
Why do we need another firewall ?
+ Network access control
Next Generation Firewall “Traditional“ Network Firewall
+ Integrated Content Security
Why do we need “another firewall“ ?
+ Network access control
Next Generation Firewall “Traditional“ Network Firewall
+ Integrated Content
+ Intelligent Traffic Management
+ Scalability and Manageability
Industry leading centralized management
Superior Revision Control System
+ Scalability and Manageability
100% Lifecycle
Central Statistic
Collection
Central log and event processing
Role based Multi User
Aware
PKIService
Powerful Visualization
Multi Tenancy support
Template and device
baseddesign
Why do we need “another firewall“ ?
+ Network access control
Next Generation Firewall “Traditional“ Network Firewall
+ Integrated Content
+ Intelligent Traffic Management
+ Scalability and Manageability
= The Next Generation Firewall designed
for Distributed Environments
Barracuda NG Firewall key value propositions
Reduce the number of deployed point solutions
–One product family with one management framework covering multiple topics
–Reduce maintenance cost and simplify management lifecycle
Barracuda NG Firewall key value propositions
Saving time and money for troubleshooting
–Determine issue with 2-3 mouse clicks
–Unique 5-tier information architecture (live, history, events, accounting, audit trail)
–Real-time firewall monitoring without performance degradation
Barracuda NG Firewall key value propositions
•Reduce line costs without adverse side effects
–By aggregating bandwidth from MPLS and cheaper alternatives
–3G broadband as a cheap backup line
–Detect and reduce bandwidth hogging through covert Layer 7 traffic (P2P, IM, etc.)
Barracuda NG Firewall key value propositions
•Not every administrator has to be an expert
–Have multiple administrators work on the firewall simultaneously with clear cut custom roles (comprising up to 90 attributes)
–A flexible administration concept supports joint administration in an outsourced environment without the danger of compromising SLAs
Sample Reference Customers
EADS (HQ, IST, LFK, Defense Sys)
Aerospace and Defense
RAS, VPN-Site-2-Site, Firewalls
RHI
Market leader fireproof materials
130 VPN/FW Gateways
Konica Minolta Europe
VPN/FW Gateways
Schenker Germany
Logistics and Transportation
200 VPN/Firewall Gateways
German Postbank
Bank branch office security
2900 VPN/FW Gateways
Click to edit the
outline text format
Second Outline Level
Third Outline Level
Fourth Outline Level
Fifth Outline Level
Sixth Outline Level
Seventh Outline Level
Eighth Outline Level
Ninth Outline
The Barracuda NG Firewall Concept
network firewall NG firewall
Ports
Protocols
Packets
+ Application Profiling
+ User Awareness
+ Adaptive WAN Routing,
+ Bandwidth Control
+ Remote Access Concept
+ Scalability
Barracuda NG firewall
Application Control
ID Aware Network
cost savings
cost savings
WAN Network
Performance
Enhancement
Barracuda NG Firewall Product Line-Up
POS
SOHO
small remote
office
remote
office
Small/medium
HQ
Large
HQ
Large HQ and
Datacenters
Fire
wall P
erfo
rman
ce
F10
F10x
F600
F400
F300
F20x
F900
1 Gbps
10GbpsF800
Comprehensive Feature Integration
Cost Effective Central Management
Central management of
ALL functionsFW, VPN. SSL VPN, web security, anti
spam, application control ….everything
Underlying OS
Patches
Multi-admin
Multi-tenant
Management Views – Barracuda NG Earth
Are you also tired of endless „flat“ status listings?
Barracuda NG Control Center AppliancesC400 Standard Edition C610 Enterprise Edition
(1 Group, UL Boxes) (UL Groups, UL Boxen)
Barracuda NG Control Center Vx AppliancesVC400 Standard Edition
VC610 Enterprise Edition
VC820 Global Edition
Reference Customer: Micromet, Inc.
Micromet , Inc. Facts and Figures:
public company, NASDAQ (MITI)
phion customer since 2006
Gateways, clients and CC standard edition deployed on two continents
Leading edge biotech company ensures security and availability of a transcontinental WAN with the Barracuda NG Firewall.Leading edge biotech company ensures security and availability of a trans-Atlantic WAN with the Barracuda NG Firewall.
“Leading edge biotech company ensures security and
availability of a trans-Atlantic WAN with the
Barracuda NG Firewall.”
Reference customer: Micromet, Inc.
50 road warriors“…the Barracuda NG
Firewall appliances are the
dependable backbone of
our network. Admins no
longer have to get up at
night and worry about
broken IPSec tunnels. “
Mr. Werner Jacobs, Dir IT
Administration
One centrally managed solution:
• Firewall + local Web Access
• Site-2-site & Client VPN,
Top Related