Barracuda WAF-as-a-Service is licensed using the following parameters:
Number of applications you are protecting,
Total bandwidth used by all applications you are protecting,
Whether you have add-ons for the applications you are protecting. Add-ons include Advanced Threat Protection, Advanced Bot Protection, and Premium Support.
The License Management page displays all licenses you currently have, as well as how much of the license’s capacity you are currently using.
Legacy License Capabilities
The legacy licencing has different capabilities for some features, and many new features will not be available when compared to the WAF-as-a-Service licence plans launched in April 2023.
For clarity, the difference in capability is listed in this table:
Feature | Legacy License | Application Protection Advanced | Application Protection Premium | Description |
|---|---|---|---|---|
DDoS Protection | ||||
DNS Security | (1 Zone 50 Records + 1 Records per App) | (1 Zone 50 Records + 2 Records per App) | (1 Zone 100 Records + 4 Records per App | Hosting and security for DNS zones and records, including protection against DDoS attacks. By default, one (1) DNS zone is included per account and the number of records is based on the licence plan and the number of apps licenced. |
Secure Application Delivery | ||||
Application Domains | (30 Domains) | (10 Domains) | (30 Domains) | Barracuda Application Protection provides a default number of domains that are allowed with each App. That number is dependent of the selected licence plan. |
Traffic Routing | (0 Rules) | (5 Rules) | (10 Rules) | Traffic Routing on Barracuda Application Protection can use a number of parameters on the incoming request to identify and redirect traffic to various parts of an application. This could be anything from redirecting a user to the mobile application based on the HTTP UserAgent or routing traffic for A/B testing or enabling blue-green deployments. Depending on the Licence plan, there is a default number of Traffic Rules that can be applied using the same security policy within a single application. |
Origin Server Load Balancing with Health Monitoring | (10 Servers) | (3 Servers) | (7 Servers) | Applications onboarded on Barracuda Application Protection can be configured with multiple backend servers to spread the load and improve uptime. Barracuda Application Protection also includes Health Monitoring capabilities that continuously monitor application servers to switch traffic over in case of failure, improving uptime. |
Reporting, Analytics and Services | ||||
Log Export to SIEM | (2 Servers) | (1 Server) | (2 Servers) | Barracuda Application Protection allows all application logs (traffic and firewall) to be exported to external SIEM solutions or Barracuda XDR for further retention and analysis. |
Application Groups |  | | | Applications within Barracuda Application Protection can be grouped into logical groups with for ease of management and testing new versions and security e.g., a Production group and a UAT group. |
Log Storage Duration | 45 Days | 30 Days | 60 Days | Duration of firewall and traffic log storage on the Application Protection platform. |
Licensing Violations
You are in violation of your license if you:
Have added more applications than specified in your license.
Are using Advanced Threat Protection on more applications than specified in your license for this feature.
Are using more bandwidth than specified in your license across all applications.
Have not added a new license, but your existing license has expired.
If Barracuda Networks detects a violation of your license, we will:
Not immediately restrict traffic to your existing applications.
Send an email to the administrator email on file notifying you of the violation and the reason for it. This reminder will be repeated as long as you do not address the violation.
Give you a 14-day grace period, during which we will continue your service uninterrupted.
After 14 days, progressively lock Barracuda WAF-as-a-Service configuration and reporting features, but your applications will remain protected.
After 28 days, no longer protect your applications, but they will continue to work.
After 42 days, delete your Barracuda WAF-as-a-Service account. All configured applications will cease to pass traffic and all your configuration and logs will be lost.
If you receive a notice of a license violation, contact your Barracuda Networks Sales Representative as soon as possible and we can help you address the problem, ensuring you uninterrupted access to Barracuda WAF-as-a-Service.