Vous êtes sur la page 1sur 45

Barracuda Networks

World War Web juin 2011


Stphane Castagn / Sbastien Braun

Agenda
Barracuda Networks. Un brin d'histoire. Simplifier l'IT avec un arc !

Administration centralise Redondance des liens WAN

Contrle au niveau applicatif.

Fournisseur de solutions scurit IP


- Cration 2003 HQ Californie 800 Personnes. - 145 000 Clients monde. - Mission : Simplifier l'administration et la gestion IT - Environnements (Appliances, VM et Cloud) - Protection des accs, des applications et des donnes.

Solution globale de scurit IP

Accs

Applications

Donnes

Clients France

Un brin d'histoire
Le client :
L'un des plus grands data center du secteur bancaire autrichien.

Le Challenge:
650 firewalls Industrialisation du dploiement ? 2 administrateurs ddis !

L'incubation Le Rsultat:
Technologie NG Firewall Un design conu pour la scurit distribue

Une page blanche ...


2005
UTM + P2P Blocker

UTM + P2P Blocker + WAN optimizer UTM + P2P Blocker + WAN optimizer + NAC

SPI Firewall + IPS/IDS + Anti-Virus + Web Filter

MGMT ? SPI Firewall + IPS/IDS + Anti-Virus

UTM + P2P Blocker + WAN optimizer +NAC + Link balancer UTM + P2P Blocker + WAN optimizer + NAC + Link balancer + Application control

1990
SPI Firewall + IPS/IDS SPI Firewall

2010: NG Firewall

Centralized Management

Crayonner des tunnels VPN


Cration rapide de VPN par drag & drop Template pour les architectures fully meshed ou hub & spoke Simplifie le management des VPN

Architecture WAN htrogne

Cloud Public

Cloud Priv
Resilient Site-2-Site Connections

HQLAN HQ-LAN
Branch Offices

Road warriors

Redondance des liens WAN


Intelligent Traffic Management

Application-based

Per User and/or Group


Per Source and Destination Time of day, weekday, date
50% 50%

For Encrypted and Unencrypted Traffic

DSL
Internet: Email

MPLS

VoIP before Business 70% VoIP before Business 100% Internet 10% Email 20%
Routing

Routing

3G
VPN Tunnel Branch Office

VoIP before Business Internet Email

80% 5% 15%

VPN Tunnel Headquarters

Contrle au niveau applicatif


Layer 7 Application Control + NG Firewall
plain HTTP

bittorrent

+
Plus de 800 applications dtectes:
Peer-to-Peer (P2P), Instant Messaging (IM), Standard Protocols, Voice over IP (VoIP), Streaming Protocols, Tunnel Protocols, Gaming Protocols, Business Protocols, Mobile Internet Protocols

Illustration du contrle au niveau applicatif

Que fait rellement cet utilisateur

interdire limiter

Nous pouvons maintenant ajuster le politique de scurit

Trois points clefs


L'architecture Firewall NG simplifie l'IT en intgrant dans son administration centralise l'ensemble des fonctionnalits d'un Firewall Next Generation : Une redondance des liens WAN grce l'ADSL et/ou la 3G [Traffic Intelligence]

le contrle au niveau applicatif.

N'oubliez pas l'arc dans vos architectures !

Firmware 5.2

Web Filter
IPS
Included with EU -> Best value in NG Firewall market

Barracuda Web Filter Engine Included with EU -> Best value in NG Firewall market

GeoMaps in CC DC Agent (5.2.1)


Enables clientless user <-> IP recognition

no extra cost unique in NG Firewall market

Geo Maps in Control Center (any CC and any MC)

Website: all specs and sizing information

Datasheet: -> On Website

Barracuda NG Firewall Introduction


Next generation firewall:
Layer 7 application profiling Identity aware networking Dynamic Application Control Monitoring Network access control Intrusion Detection and Prevention Integrated Content Filter (Malware Protection, Web filter, Secure Web Proxy) Integrated Web Cache Proxy Infrastructure and Application Proxies: DHCP, FTP, SSH, DNS, SMTP, POP3 Enterprise-class Firewall and next generation VPN with customizable encryption Integrated SSL VPN Traffic Shaping and Quality of Service (QoS) Multiple uplink support

Industry-leading centralized management:


Scalable and fault tolerant central management Template-based management Distributed Firewall Multi-tenancy Compliance and Revision Control System Effective troubleshooting

Q&A

Merci !!!
sbraun@barracuda.com

Where does the Barracuda NG Firewall come from?


Result of acquisition of phion AG

Public European NG Firewall company Company HQ in Innsbruck, Austria 10+ years experience in space 1,000+ Enterprise customers 15,000+ deployed appliances (4,589 shipped in 2009) 100,000+ licensed VPN users

The Paradigm of Next Generation Firewalls

Traditional Network Firewall

Next Generation Firewall

Why do we need another firewall ?


Traditional Network Firewall

Next Generation Firewall

+ Integrated Content Security

Distributed Secure Web Access

+ Integrated Content Security for distributed environments


HTTP Proxy HTTPS Proxy Malware Protection Web filter FTP Gateway Caching / Forwarding DNS NTP Proxy Service SMTP Proxy

POP3 Gateway

Network Access Control


+ Network access control for distributed environments
Connection aware Endpoint protection Policy Enforcement Guest Networking 802.1x support Identity Aware Clientless Context Aware Easy of Use

Why do we need another firewall ?


Traditional Network Firewall

Next Generation Firewall

+ Integrated Content + Network access control + Intelligent Traffic Management

Intelligent Traffic Management


+ Intelligent Traffic Management for distributed Environments
High Secure VPN Technology Easy Graphical Tunnel Interface Visualization through NG Earth Intelligence Traffic Manager Application Aware Multiple Connection Handling Prioritizatio n QoS Link& Load Balancing Compression

Why do we need another firewall ?


Traditional Network Firewall Next Generation Firewall

+ Integrated Content Security + Network access control

Why do we need another firewall ?


Traditional Network Firewall

Next Generation Firewall

+ Integrated Content + Network access control + Intelligent Traffic Management + Scalability and Manageability

Industry leading centralized management


+ Scalability and Manageability
Role based Multi User Aware Multi Tenancy support Template and device based design Central Statistic Collection Superior Revision Control System PKI Service 100% Lifecycle Central log and event processing

Powerful Visualization

Why do we need another firewall ?


Traditional Network Firewall Next Generation Firewall

+ Integrated Content + Network access control + Intelligent Traffic Management + Scalability and Manageability

= The Next Generation Firewall designed for Distributed Environments

Barracuda NG Firewall key value propositions

Reduce the number of deployed point solutions


One product family with one management framework covering multiple topics
Reduce maintenance cost and simplify management lifecycle

Barracuda NG Firewall key value propositions

Saving time and money for troubleshooting


Determine issue with 2-3 mouse clicks Unique 5-tier information architecture (live, history, events, accounting, audit trail) Real-time firewall monitoring without performance degradation

Barracuda NG Firewall key value propositions

Reduce line costs without adverse side effects


By aggregating bandwidth from MPLS and cheaper alternatives 3G broadband as a cheap backup line Detect and reduce bandwidth hogging through covert Layer 7 traffic (P2P, IM, etc.)

Barracuda NG Firewall key value propositions

Not every administrator has to be an expert


Have multiple administrators work on the firewall simultaneously with clear cut custom roles (comprising up to 90 attributes) A flexible administration concept supports joint administration in an outsourced environment without the danger of compromising SLAs

Sample Reference Customers


EADS (HQ, IST, LFK, Defense Sys)
Aerospace and Defense RAS, VPN-Site-2-Site, Firewalls

RHI
Market leader fireproof materials 130 VPN/FW Gateways

Konica Minolta Europe


VPN/FW Gateways

Schenker Germany
Logistics and Transportation 200 VPN/Firewall Gateways

German Postbank
Bank branch office security 2900 VPN/FW Gateways

The Barracuda NG Firewall Concept


+ Adaptive WAN Routing, + Bandwidth Control + Remote Access Concept + Scalability + Application Profiling + User Awareness Ports Protocols Packets

Click to edit the outline text format Second Outline Level

network firewall

Third OutlineNetwork WAN Level Performance Fourth Outline Level Enhancement Application Control cost ID AwareFifth Outline savings Network Level cost savings Sixth Outline Level NG firewall Seventh Outline Level Barracuda NG firewall Eighth Outline Level

Barracuda NG Firewall Product Line-Up


F900

10Gbps

F800
F600

1 Gbps

F400 F300 F20x F10x

Firewall Perform

F10
POS SOHO small remote office remote office Small/medium HQ Large HQ Large HQ and Datacenters

Comprehensive Feature Integration

Cost Effective Central Management


Central management of ALL functions
FW, VPN. SSL VPN, web security, anti spam, application control .everything Underlying OS Patches

Multi-admin Multi-tenant

Management Views Barracuda NG Earth


Are you also tired of endless flat status listings?

Barracuda NG Control Center Appliances


C400 Standard Edition C610 Enterprise Edition

(1 Group, UL Boxes)

(UL Groups, UL Boxen)

Barracuda NG Control Center Vx Appliances


VC400 Standard Edition VC610 Enterprise Edition VC820 Global Edition

ding edge biotech company ensures security and availability ofof a trans-Atlantic WAN with the Barracuda NG Firewall ading edge biotech company ensures security and availability a transcontinental WAN with the Barracuda NG Firewa

Reference Customer: Micromet, Inc.


Micromet , Inc. Facts and Figures:
public

company, NASDAQ (MITI)

phion customer since 2006 Gateways, clients and CC standard edition deployed on two continents Leading edge biotech company ensures security and availability of a trans-Atlantic WAN with the Barracuda NG Firewall.

Reference customer: Micromet, Inc.

the Barracuda NG Firewall appliances are the dependable backbone of our network. Admins no longer have to get up at night and worry about broken IPSec tunnels. Mr. Werner Jacobs, Dir IT Administration

50 road warriors

One centrally managed solution: Firewall + local Web Access Site-2-site & Client VPN,