Barracuda - AG France IX - Juin-2011

Barracuda NetworksWorld War Web – juin 2011

Stéphane Castagné / Sébastien Braun

Agenda

Barracuda Networks.

Un brin d'histoire.

Simplifier l'IT avec un arc !

Administration centralisée

Redondance des liens WAN

Contrôle au niveau applicatif.

« Fournisseur de solutions sécurité IP »

- Création 2003 – HQ Californie – 800 Personnes.

- 145 000 Clients monde.

- Mission : Simplifier l'administration et la gestion IT

- Environnements (Appliances, VM et Cloud)

- Protection des accès, des applications et des données.

Solution globalede sécurité IP

Accés

Applications

Données

Clients France

Un brin d'histoire …

Le client :L'un des plus grands data center du secteur bancaire autrichien.

Le Challenge:650 firewalls

Industrialisation du déploiement ?

2 administrateurs dédiés !

L'incubation

Le Résultat:Technologie NG Firewall

Un design conçu pour la sécurité distribuée

Une page blanche ...

SPI Firewall

SPI Firewall

+ IPS/IDS

UTM

+ P2P Blocker

UTM

+ P2P Blocker

+ WAN optimizer

UTM

+ P2P Blocker

+ WAN optimizer

+ NAC

SPI Firewall

+ IPS/IDS

+ Anti-Virus

SPI Firewall

+ IPS/IDS

+ Anti-Virus

+ Web Filter

UTM

+ P2P Blocker

+ WAN optimizer

+NAC

+ Link balancer

1990

2005

MGMT ?

UTM

+ P2P Blocker

+ WAN optimizer

+ NAC

+ Link balancer

+ Application control

2010: NG Firewall

Centralized Management

Crayonner des tunnels VPNCréation rapide de VPN

par drag & drop

Template pour les architectures

fully meshed ou hub & spoke

Simplifie le management des VPN

Branch

Offices

Road warriors

HQ-LAN

Architecture WAN

hétérogène

• Cloud Privé

Cloud Public

HQ-LAN

Resilient Site-2-Site

Connections

Redondance des liens WAN

Intelligent Traffic Management

•Application-based

•For Encrypted and Unencrypted Traffic

•Per User and/or Group

•Per Source and Destination

•Time of day, weekday, date

Routing

VPN TunnelBranch Office

Routing

VPN TunnelHeadquarters

VoIP before Business 100%

Internet: 50%Email 50%

DSL

MPLS

3G

VoIP beforeBusiness 70%Internet 10%Email 20%

VoIP beforeBusiness 80%Internet 5%Email 15%

Contrôle au niveau applicatif

NGFirewall

plain HTTP

bittorrent

Layer 7ApplicationControl

Plus de 800 applications détectées:

Peer-to-Peer (P2P), Instant Messaging (IM), Standard

Protocols, Voice over IP (VoIP), Streaming Protocols,

Tunnel Protocols, Gaming Protocols, Business

Protocols, Mobile Internet Protocols

+

+

Que fait réellement cet utilisateur

Illustration du contrôle au niveau applicatif

Nous pouvons maintenant ajuster le politique de sécurité…interdire

limiter

Trois points clefs

L'architecture Firewall NG simplifie l'IT en intégrant dans

son administration centralisée l'ensemble des

fonctionnalités d'un Firewall Next Generation :

Une redondance des liens WAN grâce à l'ADSL et/ou la

3G [Traffic Intelligence]

le contrôle au niveau applicatif.

… N'oubliez pas l'arc dans vos architectures !

Firmware 5.2

•Web Filter–Barracuda Web Filter Engine

–Included with EU -> Best value in NG Firewall market

•IPS–Included with EU -> Best value in NG Firewall market

•GeoMaps in CC–no extra cost

–unique in NG Firewall market

•DC Agent (5.2.1)–Enables clientless user <-> IP recognition

Geo Maps in Control Center (any CC and any MC)

Website: all specs and sizing information

Datasheet: -> On Website

Barracuda NG Firewall Introduction

“Next generation” firewall:●Layer 7 application profiling

●Identity aware networking

●Dynamic Application Control Monitoring

●Network access control

●Intrusion Detection and Prevention

●Integrated Content Filter (Malware Protection,

Web filter, Secure Web Proxy)

●Integrated Web Cache Proxy

●Infrastructure and Application Proxies:

DHCP, FTP, SSH, DNS, SMTP, POP3

●Enterprise-class Firewall and next generation

VPN with customizable encryption

●Integrated SSL VPN

●Traffic Shaping and Quality of Service (QoS)

●Multiple uplink support

Industry-leading centralized

management:●Scalable and fault tolerant central management

●Template-based management

●Distributed Firewall

●Multi-tenancy

●Compliance and Revision Control System

●Effective troubleshooting

Q&A

Merci !!!

[email protected]

Where does the Barracuda NG Firewall come from?

Result of acquisition of phion AG

−Public European NG Firewall company

−Company HQ in Innsbruck, Austria

−10+ years experience in space

−1,000+ Enterprise customers

−15,000+ deployed appliances

(4,589 shipped in 2009)

−100,000+ licensed VPN users

The Paradigm of Next Generation Firewalls

Next Generation Firewall“Traditional“ Network Firewall

Why do we need “another firewall“ ?

Next Generation Firewall “Traditional“ Network Firewall

+ Integrated Content Security

Distributed Secure Web Access

FTP Gateway

+ Integrated Content Security for distributed environments

NTP Proxy Service

Web filter SMTP ProxyHTTP ProxyCaching /

Forwarding DNS

POP3 Gateway

HTTPS Proxy

MalwareProtection

Network Access Control

802.1x support

+ Network access control for distributed environments

ClientlessGuest

NetworkingContext Aware

Connection aware

Identity Aware

Easy of UseEndpoint

protectionPolicy

Enforcement


+ Network access control


+ Integrated Content

+ Intelligent Traffic Management

Intelligent Traffic Management

ApplicationAware

+ Intelligent Traffic Management for distributed Environments

Prioritization

QoS

IntelligenceTraffic

Manager

Link-& Load

Balancing

High Secure VPN

Technology

Multiple Connection

HandlingCompression

Easy Graphical

Tunnel Interface

Visualization throughNG Earth

Why do we need another firewall ?



+ Integrated Content Security






+ Scalability and Manageability

Industry leading centralized management

Superior Revision Control System


100% Lifecycle

Central Statistic

Collection

Central log and event processing

Role based Multi User

Aware

PKIService

Powerful Visualization

Multi Tenancy support

Template and device

baseddesign







= The Next Generation Firewall designed

for Distributed Environments

Barracuda NG Firewall key value propositions

Reduce the number of deployed point solutions

–One product family with one management framework covering multiple topics

–Reduce maintenance cost and simplify management lifecycle


Saving time and money for troubleshooting

–Determine issue with 2-3 mouse clicks

–Unique 5-tier information architecture (live, history, events, accounting, audit trail)

–Real-time firewall monitoring without performance degradation


•Reduce line costs without adverse side effects

–By aggregating bandwidth from MPLS and cheaper alternatives

–3G broadband as a cheap backup line

–Detect and reduce bandwidth hogging through covert Layer 7 traffic (P2P, IM, etc.)


•Not every administrator has to be an expert

–Have multiple administrators work on the firewall simultaneously with clear cut custom roles (comprising up to 90 attributes)

–A flexible administration concept supports joint administration in an outsourced environment without the danger of compromising SLAs

Sample Reference Customers

EADS (HQ, IST, LFK, Defense Sys)

Aerospace and Defense

RAS, VPN-Site-2-Site, Firewalls

RHI

Market leader fireproof materials

130 VPN/FW Gateways

Konica Minolta Europe

VPN/FW Gateways

Schenker Germany

Logistics and Transportation

200 VPN/Firewall Gateways

German Postbank

Bank branch office security

2900 VPN/FW Gateways

Click to edit the

outline text format

Second Outline Level

Third Outline Level

Fourth Outline Level

Fifth Outline Level

Sixth Outline Level

Seventh Outline Level

Eighth Outline Level

Ninth Outline

The Barracuda NG Firewall Concept

network firewall NG firewall

Ports

Protocols

Packets

+ Application Profiling

+ User Awareness

+ Adaptive WAN Routing,

+ Bandwidth Control

+ Remote Access Concept

+ Scalability

Barracuda NG firewall

Application Control

ID Aware Network

cost savings

cost savings

WAN Network

Performance

Enhancement

Barracuda NG Firewall Product Line-Up

POS

SOHO

small remote

office

remote

office

Small/medium

HQ

Large

HQ

Large HQ and

Datacenters

Fire

wall P

erfo

rman

ce

F10

F10x

F600

F400

F300

F20x

F900

1 Gbps

10GbpsF800

Comprehensive Feature Integration

Cost Effective Central Management

Central management of

ALL functionsFW, VPN. SSL VPN, web security, anti

spam, application control ….everything

Underlying OS

Patches

Multi-admin

Multi-tenant

Management Views – Barracuda NG Earth

Are you also tired of endless „flat“ status listings?

Barracuda NG Control Center AppliancesC400 Standard Edition C610 Enterprise Edition

(1 Group, UL Boxes) (UL Groups, UL Boxen)

Barracuda NG Control Center Vx AppliancesVC400 Standard Edition

VC610 Enterprise Edition

VC820 Global Edition

Reference Customer: Micromet, Inc.

Micromet , Inc. Facts and Figures:

public company, NASDAQ (MITI)

phion customer since 2006

Gateways, clients and CC standard edition deployed on two continents

Leading edge biotech company ensures security and availability of a transcontinental WAN with the Barracuda NG Firewall.Leading edge biotech company ensures security and availability of a trans-Atlantic WAN with the Barracuda NG Firewall.

“Leading edge biotech company ensures security and

availability of a trans-Atlantic WAN with the

Barracuda NG Firewall.”

Reference customer: Micromet, Inc.

50 road warriors“…the Barracuda NG

Firewall appliances are the

dependable backbone of

our network. Admins no

longer have to get up at

night and worry about

broken IPSec tunnels. “

Mr. Werner Jacobs, Dir IT

Administration

One centrally managed solution:

• Firewall + local Web Access

• Site-2-site & Client VPN,