Barracuda has offered next generation firewall solutions for years. We've made several advancements in these products, including new products built specifically for small and mid-sized organizations, or designed for SMEs that rely largely on cloud-based applications. Today we are announcing another advancement in our solutions: The Barracuda NextGen Firewall S-Series.
The Barracuda NextGen Firewall S-Series is a simple, secure, and scalable solution that provides full next generation features to endpoints dispersed throughout the “Internet of Things (IoT).” ATMs, kiosks, and even garbage cans are connected, and more devices are on the way. Gartner predicts that the IoT will reach 21 billion by the year 2020. That's a lot of devices talking to each other via the Internet, and each one is potentially a host for a botnet, or an entry point for malware.
The Barracuda NextGen Firewall S-Series makes it simple to protect IoT endpoints. It starts with the Barracuda NextGen Firewall Secure Connector 1 (SC1) appliance, which includes firewalling, Wi-Fi, and full VPN connectivity. The SC1 is not a full standalone firewall; it is a small remote connectivity device that is designed to work as part of a system that provides full next generation firewall protection to each endpoint.
The SC1 uses VPN connectivity to securely forward traffic from the endpoint back to a physical or virtual datacenter where advanced security inspection can be done by a corporate firewall. In order to keep the traffic of potentially thousands of SC1 appliances from coming into the corporate network, the SC1 appliances connect directly to a NextGen Secure Access Connector (SAC), rather than the corporate firewall.
The SAC is a virtual deployed gateway that is designed specifically to accept the encrypted traffic from the SC1 appliances. It forwards the management traffic on to the Barracuda NG Control Center, and forwards other traffic on to the primary corporate firewall as needed. The SAC also applies advanced security functions like Application Control, Anti-Virus, IPS, and URL filtering. See our TechLibrary here for more information.
Here are some of the features we've included in the S-Series to keep deployment simple:
- The SCA Editor: A new template based editor that allows administrators to create templates at various organizational levels. When a template is updated, all SC1 appliances linked to that template are automatically updated within seconds.
- Central Management: Administrators avoid complex routing schemes by using the Automated Network Setup capability. Admins define a large network, partition it into subnets, and the subnets are assigned to the SC1 appliances.
- No specialized staff required: The SC1 appliances can be shipped directly to the remote location, with no specialized IT staff required. The administrator can create a configuration file using the Barracuda NextGen Control Center, and send that file to the person responsible for installing the SC1. That person then copies the file to the SC1 and reboots the appliance.
These features keep deployment and management simple, and reduce the number of administrators needed to manage IoT endpoint security.
As mentioned above, the S-Series provides full next generation protection. The SC1 appliance connects to the SAC and the NextGen Control Center via one site-to-site tunnel.
The SC1 appliance uses TINA, a proprietary Barracuda VPN protocol. TINA is a high performance extension of the IPsec protocol, designed to improve VPN connectivity and availability, beyond what standard IPsec can provide. The SC1 VPN tunnel is authenticated via certificates when the appliance is in Operational mode. You can learn more about TINA in our TechLibrary.
The Barracuda NextGen Control Center also augments the security capabilities of the S-Series with the following features:
- Multiple firmware releases and deployment platforms can be managed simultaneously
- Configuration, file updates, and licenses can be distributed to the managed units quickly and securely
- The health and status of all managed F-Series Firewalls and S-Series SCs is continuously monitored
Barracuda also provides Advanced Threat Detection (ATD) via sandboxing and detonation in the cloud. See our TechLibrary here for more information.
The S-Series was designed to scale easily. Every SAC can maintain an encrypted connection to thousands of remote SC1 appliances, while literally dozens of SACs can be controlled by the Barracuda NextGen Control Center.
To support scalability to tens of thousands of remote locations, the SC1 appliance also comes with these features:
- Choice of uplinks, with automated failover in the event of failure
- Wired uplinks using DHCP or Static IP
- Integrated Wireless Access Point functionality
- Reversed WAP functionality to access the WAN via existing wireless networks
- Optional 3G modem
If you would like to learn more about the Barracuda NextGen Firewall S-Series, visit these Barracuda NextGen Firewall S-Series resources:
- Corporate product site
- TechLibrary documentation
- Barracuda Expands NextGen Firewall Product Line to Empower Customers to Securely Connect Thousands of Machine Endpoints
Christine Barry is chief blogger and social content manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master in Business Administration. She is a graduate of the University of Michigan.