It seems like your browser didn't download the required fonts. Please revise your security settings and try again.


  • Also known as: Triple DES

Symmetric-key block cipher used in data encryption that applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.


Wireless networking standard that uses multiple antennas to increase data rates. 

802.1q VLAN

IEEE 802.1Q is a standard for virtual LANs (VLANs) on an Ethernet network that defines VLAN tagging for Ethernet frames and frame handling for bridges and switches, and contains provisions for a quality of service prioritization scheme (IEEE 802.1p). It also defines the Generic Attribute Registration Protocol.


A hardware addition to an existing computing device that increases the computer's processing speed and capabilities.

access control list
  • Also known as: ACL

Constrains the flow of traffic by individual IP address or by a range of IP addresses.

Access Control service

Service on the Barracuda CloudGen Firewall that defines security policies for network users and enables the firewall to perform identity and health checks on clients.

access key

The combination of an access key ID (like AKIAIOSFODNN7EXAMPLE) and a secret access key (like JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign API requests that you make to AWS.

access key ID

A unique identifier that's associated with a secret access key, the access key ID and secret access key are used together to sign programmatic AWS requests cryptographically.

Access Monitor

Component of the Barracuda Network Access Client. Monitoring software, responsible for sending the endpoint health status to the Access Control Service for baselining.

access rule

Forwarding rule that determines how clients on a source network access resources on a destination network.

Active Directory
  • Also known as: MSAD, AD

A directory service that Microsoft developed for Windows domain networks and that is included in most Windows Server operating systems as a set of processes and services.


Enables you to configure Microsoft Exchange accounts on a mobile device.

adaptive profiling

Technique of analyzing request and response traffic to generate customized security profiles for the web application. See also exception profiling. 


Software utility that can be used in conjunction with a device or service; for example, Barracuda Outlook Add-In.


A piece of software that enhances another software application and usually cannot be run independently.

address mapping
  • Also known as: address map

Technique that allows different protocols to interoperate by translating addresses from one format to another.

Advanced Persistent Threat
  • Also known as: APT

Malicious cyber attacks directed at a specific target, usually over a long period of time. APTs are often run by professional organizations, looking to steal information rather than just money.

Advanced Threat Protection
  • Also known as: ATD, ATP, Advanced Threat Detection, BATP, Barracuda Advanced Threat Protection

Service that analyzes inbound email attachments with most MIME types in a separate, secured cloud environment, detecting new threats and determining whether to block such messages. Formerly known as Advanced Threat Detection, or ATD.

AES 256-bit
  • Also known as: Advanced Encryption Standard

A specification for the encryption of electronic data. 256-bit refers to the key length and is the maximum value.

allow list
  • Also known as: whitelist, white list

List of domains, users, or hosts that are allowed access, especially referring to mail and web traffic.

Amazon Elasticsearch Service
  • Also known as: Amazon ES

AWS-managed service for deploying, operating, and scaling Elasticsearch in the AWS Cloud.

Amazon Web Services
  • Also known as: AWS

Amazon's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.

  • Also known as: Amazon Machine Image

AWS template that contains configuration, application server, and applications required to launch an EC2 AWS Instance.


Mobile device operating system. Compare to Apple iOS.


Protection against network attacks that combine several different known evasion methods to create a new technique that is delivered over several layers of the network simultaneously. 

  • Also known as: malware protection

Protection against malicious software, used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.


Protection against attacks that involve obfuscated code. Obfuscation may involve encrypting code, stripping out potentially revealing metadata, renaming useful class and variable names, or adding meaningless code to an application binary. 


Antivirus software, abbreviated: AV. Used to prevent, detect and remove malicious software.

  • Also known as: Application Programming Interface

 A set of tools and procedures provided by the programmer of an application so that other programmers can control, exchange data with, or extend the functionality of an application.

  • Also known as: Access Point Name

Access Point Name provided by an ISP for wireless WAN connections.

App Redirect access rule

Access rule that rewrites the destination IP address and forwards the traffic to a service running on a local IP address of the Barracuda CloudGen Firewall.

Apple iOS

Apple mobile operating system for devices such as iPhone and iPad. Compare to Android.


Device or piece of equipment.

Application Control

Enables you to control application traffic, including sub-applications, such as chat function and picture uploading.

application layer

Layer 7 of the OSI reference model. This layer provides services to application processes (such as electronic mail, file transfer, and terminal emulation) that are outside of the OSI model.

Application Load Balancer

AWS feature that makes routing decisions at the application layer (HTTP/S), supports path-based routing, and can route requests to one or more ports on each EC2 instance or container instance in a VPC.

application object

Firewall object that references lists of applications. Can be applied to an application rule on the Barracuda CloudGen Firewall.

application rule

Firewall rule that allows you to block or throttle traffic for detected applications.


Considering and inspecting application traffic. The Barracuda NextGen Firewall is an application-aware network firewall.

application-based provider/application-based link selection

When configured, the Barracuda CloudGen Firewall routes traffic through the provider link that is defined in the connection object.

  • Also known as: Address Resolution Protocol

Protocol for mapping IP addresses to physical addresses such as Ethernet or Token Ring.

ARP spoofing
  • Also known as: ARP trashing, spoofing

Type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.


Referring to a standard 7-bit character system that includes the alphanumeric characters and printer control codes.


A broadband transmission system using 53-octet packets over a cell-switched network at speeds up to 2.2 GBPS.

Audit Log service

Service on the Barracuda CloudGen Firewall that is used for central audit log file collection.

Authentication Client

Application used to automate Offline Firewall Authentication on the Barracuda CloudGen Firewall.

authoritative DNS

Name server that gives answers in response to queries about names in a DNS zone.

authority zone

Associated with DNS. A section of the domain-name tree for which one name server is the authority.

Auto Scaling
  • Also known as: Auto Scale

A web service designed to launch or terminate AWS instances automatically based on user-defined policies, schedules, and health checks.

Auto Scaling Group

A representation of multiple EC2 instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.

autonomous system
  • Also known as: AS

Collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the IANA. 

Availability Zone
  • Also known as: AZ

A distinct location within an AWS region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.


Virus scanning engine used by the Barracuda CloudGen Firewall. Avira is integrated in the Virus Scanner service.

AWS Certificate Manager
  • Also known as: ACM, Amazon Web Services

A web service for provisioning, managing, and deploying Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services.

AWS Direct Connect
  • Also known as: Amazon Web Services

Enables you to use the Internet privately through AWS cloud services by linking your internal network to an AWS Direct Connect location. You can create virtual interfaces directly to the AWS cloud and to Amazon VPC, bypassing Internet service providers in your network path.

  • Also known as: Amazon Web Services Internet of Things

A managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.

AWS region

A named set of AWS resources in the same geographical area. A region comprises at least two Availability Zones.

AWS Route Table
  • Also known as: Amazon Web Services

Routing table used in AWS subnets, that can be modified, for example, to use an Internet gateway as the target for the default route.

AWS Management Console

A simple and intuitive web-based user interface to access and manage AWS.


Microsoft's public cloud platform that lets you build, deploy, and manage applications across a global network of datacenters.

Azure Active Directory
  • Also known as: Azure AD

A fully managed multi-tenant service from Microsoft that offers identity and access capabilities for applications running in Microsoft Azure and for applications running in an on-premises environment.

Azure PowerShell

A set of modules that provide cmdlets to manage Azure with Windows PowerShell. 

Azure Resource Manager
  • Also known as: ARM

Azure deployment mode that enables you to work with the resources in your solution as a group. Recommended for new deployments.

Azure Route Table
  • Also known as: UDR, User Defined Routing, user-defined routing

Allows you to create network routes for traffic between subnets and to the Internet.

Azure Security Center

Feature that helps to prevent, detect, and respond to threats with increased visibility of Azure resources, and provides security monitoring and policy management.

Azure Service Manager
  • Also known as: ASM

Classic deployment mode used in legacy Azure deployments. ASM offers a web interface and PowerShell for deployments. 

Azure Storage Resource Group

Microsoft Azure resource group that may contain storage accounts for OS disks, source images, and all other data an application requires. 

back-end server

Part of the back-end process, that usually consists of server, application, and database. The back end is where the technical processes happen, as opposed to the front end, which is usually where the user's interaction occurs.


Referring to the Internet, a central network that provides a pathway for other networks to communicate.

Backup Export Tool

Allows export of historical revisions of data backed up and stored on Barracuda Backup appliances.


Operating mode for Ethernet bundles where the link is chosen by calculating the hash out of the source/destination MAC (Layer 2) combined with the IP addresses (Level 3).


Rate of data transfer, usually expressed in multiples of bits per second (bps).

Bare Metal Restore 

The process of reformatting a computer from scratch after a catastrophic failure. Typically, the process involves reinstalling the operating system and software applications and then, if possible, restoring data and settings.

Barracuda Anti-Fraud Intelligence

Barracuda anti-phishing detection which uses a special Bayesian database for detecting phishing scams.

Barracuda Appliance Control
  • Also known as: BAC

Barracuda solution that allows you to manage most Barracuda Networks products directly from a single interface, or from our mobile application. Accessed through Barracuda Cloud Control.

Barracuda Application Security Control Center
  • Also known as: BASCC

Barracuda Networks' comprehensive centralized management system that allows administrators to manage multiple Barracuda Web Application Firewalls with varying configurations from a single console.

Barracuda ArchiveOne

Gives you ownership and control over all of your import communication, documents, and other unstructured data. It safely archives your emails and files, making it easy to comply with email retention policies and easy to find information, no matter where it resides.

Barracuda Backup

Barracuda Networks' affordable solution for onsite and remote data storage and access, which allows you to quickly and securely store data in multiple offsite locations.

Barracuda Backup-as-a-Service
  • Also known as: BaaS

Versions of Barracuda Backup can be purchased as an annual service that includes an appliance, Energize Updates, Instant Replacement, and Unlimited Cloud storage.

Barracuda Campus

Online documentation and training material for all Barracuda Networks products, located at Contains feature descriptions, how-to articles, and release notes. Formerly known as Barracuda University and Barracuda TechLibrary.

Barracuda Central

Provides a wide range of statistics, threat information, and a number of useful services to help manage and secure your network. Shares information with Barracuda Networks customers and the Internet security community. 

Barracuda cloud

A complementary component of all Barracuda Networks products, providing an added layer of protection and scalability.

Barracuda Cloud Archiving Service
  • Also known as: BCAS

Barracuda Networks' Software as a Service (SaaS) solution hosted in the Barracuda Cloud, previously referred to as direct-to-cloud. The Barracuda Cloud Archiving Service is designed for customers that do not want to manage a physical or virtual appliance.

Barracuda Cloud Control
  • Also known as: BCC

A comprehensive cloud-based service that enables administrators to monitor and configure multiple Barracuda Networks products from a single console.

Barracuda CloudGen Firewall

Enterprise-grade, cloud-generation firewall, purpose-built for efficient deployment and operation within dispersed, highly dynamic, and security-critical network environments.The product was formerly known as Barracuda NextGen Firewall or Barracuda NG Firewall and in Q1 2018 got renamed to CloudGen Firewall to emphasize its abilities to protect cloud and dispersed networks.

Barracuda CloudGen Firewall FSC-Series

Enables Internet of Things (IoT) devices and micro-networks to connect to the corporate datacenter via Secure Access Concentrators (FSACs).

Barracuda Control Server

Barracuda Networks' web interface that enables administrators to monitor and configure multiple Barracuda Networks products from a single console. Through the web interface, you can check the health of all connected devices, run reports that are generated by gathering data from all the devices, and assign roles with varied permissions to different types of users.

Barracuda Earth

Barracuda CloudGen Firewall feature that provides a visual representation of the status of VPN site-to-site tunnels around the world. Information is retrieved from the Control Center.

Barracuda Email Security Gateway

Barracuda Networks' email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks.

Barracuda Email Security Service
  • Also known as: ESS, BESS

Barracuda Networks' comprehensive and affordable cloud-based email security service that protects both inbound and outbound email against the latest spam, viruses, worms, phishing, and denial of service attacks.

Barracuda Email Threat Scanner for Exchange

Barracuda Email Threat Scanner for Exchange is a free Windows application that allows you to scan on-premises Microsoft Exchange Servers for threats in existing user mailboxes.

Barracuda Email Threat Scanner for Office 365

Tool to discover security and compliance threats that reside in your Microsoft Office 365 account.

Barracuda Essentials for Email Security

Barracuda Networks' solution provides critical multi-layer security and mail archival for your email environment. Providing enhanced functionality, Barracuda Essentials is a secure, cloud-based service from Barracuda.

Barracuda Essentials for Office 365

Helps organizations prepare, migrate, and operate faster, safer, and more efficiently in Office 365. Barracuda Essentials provides critical multi-layer security, archiving, and backup for Office 365.

Barracuda Firewall Admin

Application used to administer Barracuda CloudGen Firewalls and Barracuda Firewall Control Centers. 

Barracuda Firewall Control Center

Central administration appliance designed to manage a large number of Barracuda CloudGen Firewalls. 

Barracuda Link Balancer

Dynamically balances traffic across multiple ISP links to ensure Internet continuity and availability, even during ISP outages. It balances both outbound and inbound traffic intelligently, so users have Internet access whenever they need it.

Barracuda Load Balancer

Barracuda Networks' solution integrates IP load balancing and network intrusion prevention into an affordable and easy to use appliance. The Barracuda Load Balancer provides comprehensive failover capabilities in case of server failure, distribution of traffic across multiple servers, and integrated protection from network intrusions.

Barracuda Load Balancer ADC

Barracuda Networks' unified, high-performance platform that helps organizations achieve their availability, acceleration, application control, and application security objectives. Available either as a hardware appliance or as a virtual appliance on supported hypervisors.

Barracuda Message Archiver

Barracuda Networks' cloud-connected appliance uses the Barracuda Cloud to move information to the cloud as a secondary tier of storage. It also provides a powerful, yet simple platform for eDiscovery and compliance.

Barracuda Message Center 

An encrypted email message service for the Barracuda Email Security Gateway and the Barracuda Email Security Service.

Barracuda Network Access Client

The Barracuda Network Access Client integrates with the Access Control Service of the Barracuda CloudGen Firewall and lets you configure access policies and rules depending on various criteria such as identity and client health state.

Barracuda Networks account

Credentialed account used to log into Barracuda Services and Barracuda Appliance Control.

Barracuda Networks Technical Support

Contact Barracuda Networks Technical Support if you need help with your Barracuda Networks product. Visit for details.

Barracuda NextGen Firewall X-Series

Application-aware network firewall appliance, designed for organizations without dedicated IT personnel to manage firewalls.

Barracuda NG Web Security Gateway (IBM ISS)

Web Security Gateway engine used by the URL Filter service on the Barracuda NextGen Firewall F-Series. The Barracuda NG Web Security Filter can only be used in combination with the HTTP proxy and is not compatible with Application Control. Requires a Barracuda NG Web Security Gateway subscription.

Barracuda portal

Entry point into Barracuda cloud services.

Barracuda PST Enterprise

Barracuda Networks product that enables IT administrators to regain control over email data stored within PST files scattered across their organization.

Barracuda Real-Time System
  • Also known as: BRTS, Barracuda Real-Time Protection, BRTP

Advanced service to detect zero-hour spam and virus outbreaks even where traditional heuristics and signatures to detect such messages do not yet exist.

Barracuda Reporting Server
  • Also known as: BRS

Barracuda Networks' hardware appliance that rapidly generates reports while maintaining or improving accuracy of reporting data. It also provides an aggregate view of data for customers with multiple connected devices. Currently works with connected Barracuda Web Security Gateways.

Barracuda Reputation

A database maintained by Barracuda Central and includes a list of IP addresses of known, good senders as well as known spammers, or IP addresses with a poor reputation.

Barracuda Reputation Block List
  • Also known as: BRBL

Database of IP addresses manually verified to be noted sources of spam.

Barracuda SSL VPN
  • Also known as: Secure Sockets Layer Virtual Private Network

Allows remote users to establish VPN connections via a web browser. With its mobile and desktop portals, the Barracuda SSL VPN provides seamless service without having to install and configure a fully blown VPN client. SSL VPN is also available on the Barracuda Firewall and NG Firewall.

Barracuda VPN Client

Component of the Barracuda Network Access Client, available for Windows, Linux and macOS. VPN client that secures mobile desktops connecting to the corporate LAN through the Internet.

Barracuda Vulnerability Manager
  • Also known as: BVM

Barracuda Networks' web application vulnerability management solution to help businesses automatically identify, assess, and mitigate web application security risks including those categorized by the Open Web Application Security Project (OWASP) including SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others.See also Barracuda Vulnerability Remediation Service (BVRS).

Barracuda Vulnerability Remediation Service
  • Also known as: BVRS, VRS

A free add-on to the Barracuda Web Application Firewall, enables automatic scanning, remediation, and maintenance of web application policies.See also Barracuda Vulnerability Manager (BVM).

Barracuda Web Application Firewall
  • Also known as: WAF

Barracuda's product that blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target applications hosted on web servers and in the cloud. 

Barracuda Web Security Agent
  • Also known as: WSA

A tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces.

Barracuda Web Security Gateway
  • Also known as: WSG

Integrated content filtering, application blocking, and malware protection solution that enforces Internet usage policies on and off network by blocking access to websites and Internet applications and eliminates spyware and other forms of malware.

Bayesian analysis

A statistical procedure that estimates parameters of an underlying distribution based on the observed distribution.

BGP neighbors
  • Also known as: Border Gateway Protocol

BGP peers that are established by manual configuration between routers to create a TCP session on port 179. 


Method of storing or transmitting data in which the most significant bit or byte is presented first. Compare with little-endian.

  • Also known as: Berkeley Internet Name Domain

The standard TCP/IP naming service that links network names with IP addresses.

block device

Storage device that moves data in sequences of bytes or bits (blocks). Example: hard disk, CD-ROM drive, flash drive.

block device mapping

Defines the block devices (instance store volumes and EBS volumes) to attach to an AWS instance. 

  • Also known as: blacklist, block list, black list

List of domains, users, or hosts that are denied access, especially refers to mail and web traffic. Sometimes known as blacklist. Compare to allow list or whitelist.


Licence-free symmetric encryption algorithm that can be used as a replacement for the DES and IDEA algorithms.

Boolean search

Allows searchers to combine words and phrases using the words AND, OR, NOT (known as Boolean operators) to limit, broaden, or define a search.

  • Also known as: boot loader

Loader for the operating system. A program that runs after completion of the self tests in the hard boot process, then loads and runs the software.

border gateway
  • Also known as: BGP

Router that communicates with routers in other autonomous systems.

Border Gateway Protocol
  • Also known as: BGP

A standardized dynamic routing protocol designed to exchange routing and reachability information between autonomous systems on the Internet.

Border Gateway Protocol Fast Reroute
  • Also known as: BGP FRR

When a BGP link fails, the CloudGen firewall can fast re-route traffic to the intended router via another linked next-hop router.


A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, for example, to send spam messages. The word botnet is a combination of the words “robot” and “network”.

box layer

An operating level of the Barracuda CloudGen Firewall. Services run on the box layer.

box level

A configurable operating instance of the Barracuda NextGen Control Center.


The action taken by network equipment to create an aggregate network from either two or more communication networks, or two or more network segments. Bridging is distinct from routing, which allows multiple different networks to communicate independently while remaining separate.

brute-force protection
  • Also known as: brute force protection

Protection against a brute-force attack, which consists of systematically checking all possible keys or passwords until the correct one is found. This type of attack uses a large number of attempts to gain access to a system.

  • Also known as: Amazon Web Services

In AWS, container for objects that can be stored in Amazon S3.

  • Also known as: Bring Your Own Device

The practice of allowing employees or members of an organization to use their own computers, phones, or other devices for work.

byte-level data deduplication

Data deduplication method that analyzes data streams at the byte level by performing a byte-by-byte comparison of new data streams versus previously stored ones.

Caching DNS service

Forwarding DNS service (BDNS) on the Barracuda CloudGen Firewall that acts as a DNS proxy to speed up DNS queries.


Licence-free symmetric encryption algorithm (key block cipher).

CC Access Control service

Box-level service on the Barracuda Firewall Control Center that specifies the number of days to delete access cache entries generated by activities traversing the Access Control Server.

CC Configuration service

Box-level service on the Barracuda CloudGen Control Center that allows remote configuration of both the Control Center and managed Barracuda CloudGen Firewalls.


Box-level service of the Barracuda NextGen Control Center that specifies DNS zones such as hosts, domains, and mail-exchangers.

CC Event service

Box-level service on the Barracuda Firewall Control Center that processes events generated by the managed CloudGen Firewalls.

CC Firewall

Box-level service on the Barracuda Firewall Control Center. The CC Firewall service has the same features as the firewall service on a CloudGen Firewall, except for Virus Scanning, URL Filtering, and ATD.

CC FW Audit Log service

Box-level service on the Barracuda Firewall Control Center that receives structured firewall data from managed CloudGen Firewalls and stores the firewall audit information in a relational database installed on the Control Center. 

CC PKI service
  • Also known as: Public Key Infrastructure

Box-level service on the Barracuda NextGen Control Center that is used for handling certificates.

CC Statistics Collector (dstatm)

Box-level service on the Barracuda CloudGen Control Center that collects raw data from the managed CloudGen Firewalls and processes it according to specified transfer settings.

CC Statistics Viewer (qstatm)

Box-level service on the Barracuda Firewall Control Center that collects raw data from the managed CloudGen Firewalls and processes it according to specified transfer settings.

CC syslog proxy

Box-level service of the Barracuda NextGen Control Center, used for syslog streaming.

CC Syslog service

Box-level service of the Barracuda NextGen Control Center that listens for and processes incoming log messages from managed boxes.

CC VPN service

Box-level service on the Barracuda NextGen Control Center that is responsible for tunnel termination and tunnel handling.

CC Firewall Audit Info Viewer 

Displays firewall data on the FWAUDIT tab of the Barracuda NextGen Control Center.

central management
  • Also known as: centralized management

Allows administrators to configure multiple units from a centralized location. For example, configuring multiple Barracuda CloudGen Firewall units from the Barracuda Firewall Control Center.


A document or seal certifying the authenticity of something. A digital certificate certifies the ownership of a public key. This allows relying parties to rely upon signatures or on assertions made about the private key that corresponds to the certified public key.

certification authority
  • Also known as: certificate authority, CA

In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates.


Log of configuration changes on the appliance. Can be found in the release notes of the product.


The result of a mathematical operation that uses the binary representation of a group of data as its basis, usually to check the integrity of the data.

  • Also known as: classless interdomain routing

Technique supported by BGP4 and based on route aggregation. CIDR allows routers to group routes together in order to cut down on the quantity of routing information carried by the core routers. 

  • Also known as: Common Internet File System

Standard for sharing files across the Internet.

  • Also known as: Children's Internet Protection Act

Enacted by US Congress in 2000 to address concerns about children's access to obscene or harmful content over the Internet.


Virus scanning engine that is used by the Barracuda CloudGen Firewall F-Series. ClamAV is integrated in the Virus Scanner service.

Class A|B|C|D network

Classes of IP addresses as defined in the Internet Protocol hierarchy.

classic load balancer

In AWS, a Classic Load Balancer makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS), and supports either EC2-Classic or a VPC (virtual private cloud).

  • Also known as: UI redressing, iframe overlay

Malicious technique where a user is tricked into clicking on a button or link on a website using hidden clickable elements inside an invisible iFrame.

Client-to-Site VPN

Enables an encrypted connection to an organization'’s network from any desktop or mobile device. Contrast with site-to-site VPN.


A search engine optimization (SEO) technique in which the content presented to the search engine spider is different from that presented to the user’'s browser.

cloud integration

AWS cloud integration allows the firewall to connect directly to the AWS service fabric to rewrite routes in AWS route tables and to retrieve information for the cloud element on the dashboard. Cloud integration also works with Azure.

Cloud LiveBoot

Allows administrators to boot VMware virtual guest systems and Microsoft Hyper-V virtual machines in the Barracuda Cloud as a sandbox for testing purposes.

cloud operating system

A computer operating system that is specially designed to run in a provider's datacenter and be delivered to the user over the Internet or another network. Windows Azure is an example of a cloud operating system or 'cloud layer' that runs on Windows Server 2008.

cloud portability

The ability to move applications and data from one cloud provider to another. This is the opposite of "vendor lock-in".

Cloud Protection Layer
  • Also known as: CPL

Optional feature of the Barracuda Email Security Gateway. An additional layer of protection that blocks threats before they reach the network and provides email continuity.

cloud replication
  • Also known as: site to cloud replication, site-to-cloud replication, Site to Cloud Replication

Replicates backup data to the Barracuda Cloud, ensuring against data loss in case of a catastrophe.

cloud storage

A model of data storage where the digital data is stored in logical pools, the physical storage spans multiple servers (and often locations), and the physical environment is typically owned and managed by a hosting company.

cloud-based encryption

A service offered by cloud storage providers whereby data is transformed using encryption algorithms and is then placed on a storage cloud.

Cloud-Generation Firewall
  • Also known as: NextGen Firewall, NG Firewall

Integrated network platform that combines a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed.


AWS management tool that lets you create, manage, and update a collection of AWS resources using templates and allowing Json code for template deployment.

CloudFormation Stacks
  • Also known as: Amazon Web Services

Host uploaded content and can be deployed in CloudFormation, an AWS feature.


An AWS content delivery service that helps you improve the performance, reliability, and availability of your websites and applications.

CloudGen Access Proxy

CloudGen Access Proxy is the software combo that contains Envoy Proxy and CloudGen Access Proxy Orchestrator.

Cloudscan scoring

A cloud-based spam scanning engine which assigns a score to each message processed ranging from 0 (definitely not spam) to 10 (definitely spam).


Replacing traditional IT operations with lower-cost, outsourced cloud services.


AWS management tool to monitor resources and applications. Aggregates data and metrics (cpu load, network throughput, disk io, etc), filters it, and provides alarm actions.


Global settings that apply to a cluster on a Barracuda NextGen Control Center.

collision domain

In Ethernet, the network area within which frames that have collided are propagated. Repeaters and hubs propagate collisions. LAN switches, bridges and routers do not.

community string

Text string that acts as a password and is used to authenticate messages sent between a management station and a router containing an SNMP agent. The community string is sent in every packet between the manager and the agent.

compliance, regulatory

Regulatory compliance describes the steps organizations must take to comply with relevant laws and regulations.

compression, bandwidth
  • Also known as: bandwidth compression

A reduction in either the time to transmit or in the amount of bandwidth required to transmit data.

compression, data
  • Also known as: data compression

The process of encoding digital information by using fewer bits.

compression, HTTP
  • Also known as: HTTP compression

Capability in web servers and web clients to improve transfer speed and bandwidth utilization.


A synonym for a multi-port repeater that may also perform bridging and routing functions.

confirmation page

Feature of the Barracuda NextGen Firewall, allows you to control access to the Internet or other networks by only allowing authenticated users. 


Traffic in excess of network capacity.

connection draining
  • Also known as: Amazon Web Services

AWS feature, lets you scale down EC2 instances to reduce sessions.

connection object

A firewall object that can be applied to an access rule on the Barracuda CloudGen Firewall. A connection object defines the egress interface and source (NAT) IP address for traffic matching the rule.

connection pool

Barracuda Web Application Firewall (WAF) feature. A cache of database connections is maintained so those connections can be reused when future requests to the database are required. Connection pools are used to enhance the performance of executing commands on a database and also cuts down on the amount of time a user must wait to establish a connection to the database.

content delivery network
  • Also known as: CDN

A distributed system consisting of servers in discrete physical locations, configured in a way that clients can access the server closest to them on the network, thereby improving speeds.

content stripping
  • Also known as: strip

Configuring your mail gateway to remove certain types of content, like attachments and HTML tags, from email, before sending it to the recipient.

CPU emulation

Masks the virtualization environment, so payload can be detonated more effectively.


Configurable schedule for specific commands to be executed once or on a regular basis.

cross region replication

Feature of S3 storage class in AWS. Once enabled, every object uploaded to a particular S3 bucket is automatically replicated to a designated destination bucket located in a different AWS region.

cross-site scripting
  • Also known as: xss, cross site scripting

A type of computer security vulnerability, typically found in web applications, that enables attackers to inject client-side scripts into web pages viewed by users.


Barracuda Networks' complete cloud-based video surveillance solution that captures high quality video images in almost any situation and records to Barracuda’s secure cloud.


Barracuda remote access client for mobile and desktop devices that provides VPN access and allows administrators to manage dynamic firewall rules.


Bullying that takes place using electronic technology and communication tools including social media sites, text messages, chat, and websites. The Barracuda Web Security Gateway provides an alert for cyberbullying.


Registering or using an Internet domain name, based on a name that is not yours, intending to profit from the owner of the name.


Main page of many Barracuda Networks product interfaces, providing a summary of the system. Formerly known as the Status tab.

data center

A facility used to house computer systems and associated components, such as telecommunications and storage systems.

Data Theft Protection
  • Also known as: DLP, Data Leak Prevention, Data Loss Prevention

Data Theft means the illegal copy of personal information of other individuals or business. The information may be social security number, passwords, credit card information, other personal information, and/or other confidential corporate information. Barracuda WAF helps prevent unintended exposure of such data by matching response body information with pre-defined data theft patterns.

data truncation
  • Also known as: truncate

Occurs when data or a data stream is stored in a location too short to hold its entire length. May occur automatically, such as when a long string is written to a smaller buffer, or deliberately, when only a portion of the data is wanted.

database instance

An isolated database environment. A database can be opened by more than one instance, but an instance can open only one database. 


Document that summarizes the performance and other technical characteristics of a product, machine, component (e.g., an electronic component), material, a subsystem (e.g., a power supply) or software in sufficient detail to be used by a design engineer to integrate the component into a system.

DC Agent

When configured with Microsoft Active Directory (MSAD) authentication, the Barracuda DC Agent (Domain Controller Agent) allows transparent authentication monitoring with the Barracuda Networks products and Microsoft domain controllers.

  • Also known as: Distributed Computing Environment Remote Procedure Call

Remote procedure call system that allows programmers to write distributed software without having to worry about the underlying network code.

  • Also known as: Distributed Denial of Service

A Distributed Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet, using more than one, often thousands of, unique IP addresses.

dedicated host

An Internet hosting option where an organization leases an entire server, fully dedicated to their use. This is also an option in the public cloud. The price for a Dedicated Host varies by instance family, region, and payment option.

dedicated instance

Amazon EC2 instance that runs on single-tenant hardware dedicated to a single customer.

dedicated reserved instance

An option you can purchase from a cloud vendor to guarantee that sufficient capacity will be available to launch Dedicated Instances into a virtual private cloud (VPC).

  • Also known as: intelligent compression, single-instance storage

​Method of removing redundancies from data before transmission.

deep packet inspection
  • Also known as: DPI

A form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination.


An attack on a website that changes the visual appearance of the site or a web page.

demilitarized zone
  • Also known as: DMZ

A physical or logical sub-network that contains and exposes an organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN). An external network node has direct access only to equipment in the DMZ, rather than to any other part of the network.

deployment group
  • Also known as: Amazon Web Services

In AWS CodeDeploy, a set of individually tagged instances, EC2 instances in Auto Scaling groups, or both.

destination NAT

Changing the destination address/port in the IP header of a packet. Example: redirecting incoming packets with a destination of a public address/port to a private IP address/port inside the network.

  • Also known as: Dedicated High Availability, Direct High Availability

The standalone form of the high availability (HA) cluster, that does not use the NextGen Control Center.

DHCP Relay service
  • Also known as: DHCP Relay agent, Dynamic Host Configuration Protocol

Allows passing DHCP broadcast messages to network segments a client computer is not directly attached to.

DHCP service

The DHCP service on the CloudGen Firewall automatically assigns IP addresses to clients that reside in a defined subnet.

dictionary attack

A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by systematically entering every word in the dictionary.

  • Also known as: DH

Key exchange algorithm that allows two devices to establish a shared secret over an unsecure network.

digital signature

A mathematical scheme for demonstrating the authenticity of a digital message or document.

direct server return
  • Also known as: DSR

An option associated with a destination server that allows for increased outbound traffic throughput when performing sustained uploads, such as streamed audio or visual media.

disaster recovery

Involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

  • Also known as: Linux Distribution

A distribution form of Linux. For example, Red Hat and SuSe.

  • Also known as: DomainKeys Identified Mail

An email authentication method designed to detect email spoofing. It enables an email recipient to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. This protocol attempts to prevent the use of forged sender addresses in emails, a technique often used in phishing and email spam. 

  • Also known as: Domain-based Message Authentication, Reporting, and Conformance

An email-validation system designed to detect and prevent email spoofing. DMARC helps to counter certain phishing and spam email exploits, such as using false sender addresses in email messages that appear to originate from legitimate organizations. It counters the illicit usage of the exact domain name in the From: field of email message headers. DMARC is built on top of SPF and DKIM. You must have both an SPF and a DKIM record published for the domain to set DMARC policies.

  • Also known as: Domain Name System

Distributed database that translates domain names, like, into unique IP address.

DNS Cache
  • Also known as: DNS resolver cache

A temporary database, maintained by a computer's operating system, that contains records of all recent visits and attempted visits to websites and other Internet domains.

DNS interception

Allows redirection or blocking of DNS queries for specific domains. In the Barracuda CloudGen Firewall, this is achieved by applying policies. When creating a policy, you can also specify allowing (whitelisting) certain domains.

DNS record

Database record used to map a URL to an IP address.

DNS record set

The collection of DNS records in a zone that have the same name and are of the same type. Also known as a resource record set.

DNS reputation filtering

Filtering mail traffic based on a DNS reputation database. Used by the Spam Filter service (blacklist, DNSBL).

DNS service

Service on the Barracuda CloudGen Firewall F-Series that makes the firewall an authoritative DNS server, returning definitive answers to DNS queries about domain names specified in its configuration.

DNS sinkhole

A DNS server that gives out false information, to prevent the use of a domain name. Also known as a black hole DNS.

DNS zone

Portion or administrative space within the global Domain Name System (DNS). Each DNS zone represents a boundary of authority, subject to management by certain entities. The total of all DNS zones are organized in a hierarchical, tree-like order of cascading lower-level domains and form the DNS namespace.


Open-source software that automates the deployment of applications inside virtualized software containers.

Docker image

A layered file system template that is the basis of a Docker container. Docker images can comprise specific operating systems or applications.

DomainKeys Identified Mail
  • Also known as: DKIM

Email authentication method designed to detect email spoofing.

DoS attack
  • Also known as: Denial of Service attack, spoofing

A  cyber-attack where the perpetrator seeks to make a computer or network resource unavailable to users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of Service attacks are typically accomplished by flooding the target with superfluous requests in an attempt to overload systems and prevent legitimate requests from being fulfilled. See also Distributed Denial of Service or DDoS.

Dst NAT rule
  • Also known as: Destination NAT Firewall Rule

Access rule that redirects traffic sent to an external IP address to a destination in the internal network.

dynamic firewall rule

A forwarding acces rule with a time schedule.

dynamic mesh site-to-site VPN

A central firewall acts as VPN hub. Remote units are connected by a static tunnel. When relay traffic from a remote firewall to another remote NextGen Firewall is detected by the hub, a dynamic VPN tunnel is imitated between the two remote firewalls. 

dynamic path selection

Term used in context with Traffic Intelligence (TI). Using dynamic path selection, the session is balanced depending on the amount of traffic.

dynamic routing

Routing that adjusts automatically to network topology or traffic changes. Also called adaptive routing.

dynamic routing protocol

Protocol used for dynamic routing. The Barracuda CloudGen Firewall provides dynamic routing support for OSPF, RIP, and BGP.


A fully managed Amazon NoSQL database service that provides fast and predictable performance with seamless scalability.

  • Also known as: Amazon Elastic Block Store

Provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud. Instances that use Amazon EBS for the root device automatically have an Amazon EBS volume attached.

  • Also known as: Amazon Elastic Compute Cloud

Forms a central part of AWS by allowing users to rent virtual computers on which to run their own computer applications.

ECC Memory
  • Also known as: Error-correcting code memory

A type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing.

edge location

Used by the AWS service CloudFront. Feature that offers content to end users via geographically closer locations to improve their experience.

  • Also known as: electronic discovery, e-discovery

The legal procedure of discovery - finding data with the intent to use it as evidence in a legal case - as it pertains to information and evidence in electronic form.

  • Also known as: Exterior Gateway Protocol

Internet protocol for exchanging routing information between autonomous systems. 

Elastic Beanstalk

A web service for deploying and managing applications in the AWS cloud without worrying about the infrastructure that runs those applications.

elastic computing

The ability to dynamically provision and deprovision computing and storage resources to stretch to the demands of peak usage, without the need to worry about capacity planning and engineering around uneven usage patterns.

Elastic IP address

A static public IP address that belongs to an AWS account. Can be associated with an instance to make it accessible from the Internet. The Elastic IP is natted/mapped by AWS to the private IP.

elastic load balancer

AWS web service that improves an application's availability by distributing incoming traffic between two or more EC2 instances.


An open-source, real-time, distributed search and analytics engine used for full-text search, structured search, and analytics. Elasticsearch was developed by the Elastic company.

email continuity

Email failover system that allows email communication to continue during mail server outage.

email encryption

Encrypting email messages to prevent their content by being read by anyone other than the intended recipient.


Placing one protocol inside of another. 


To convert information or data into a cipher or code, especially to prevent unauthorized access. Antonym: unencrypt. 

Energize Updates

Provides Barracuda Networks products with protection from the latest Internet threats. These updates are sent out hourly, or more frequently if needed, to ensure that appliances always have the latest and most comprehensive protection. Barracuda Energize Updates subscriptions must be purchased with any Barracuda Networks appliance. Includes basic support, firmware maintenance, security updates, and early release firmware.

enterprise network

A networking system that allows communication and resource sharing among all of a company's business functions and workers.

Entrust IdentityGuard

A two-factor authentication solution. The Barracuda SSL VPN can authenticate users with login information from Entrust IdentityGuard servers.

envelope encryption

The use of a master key and a data key to algorithmically protect data. The master key is used to encrypt and decrypt the data key and the data key is used to encrypt and decrypt the data itself.


Local area network technology that uses special twisted pair or fiber optical cables. As per the OSI model, Ethernet provides services up to and including the data link layer.

Ethernet bundle

Ethernet bundles combine multiple physical ports to a single virtual link to increase the physical bandwidth available for the connection.


Contract between the Barracuda and the purchaser, establishing the purchaser's right to use Barracuda software.


Bypassing an information security device in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.

exception profiling

Technique of working with generated log files to refine security settings, customizing them to the web application.See also adaptive profiling.


The use of software, data, or commands to 'exploit' a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack, Trojan horses, worms, or viruses.

external blocklist services
  • Also known as: RBLs, DNSBLs

Lists of IP addresses from which potential spam originates.

external Control Center admins

false positive

A result that indicates a given condition is present, when it is not.

federated search

Allows searching across multiple connected Barracuda Message Archivers and Barracuda Cloud from a single search query.

firewall object

A named collection that represents specific networks, services, applications, user groups, or connections for reference in access rules on the Barracuda CloudGen Firewall. 


Model version of a Barracuda Networks product.


A Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic.

Flow Logs

AWS service that enables you to capture information about the IP traffic going to and from network interfaces in a VPC.


Techniques of examining digital media with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.

forward lookup zone

Forward lookup zones support the primary function of Domain Name System (DNS), that is, the resolution of host names to IP addresses.

forward proxy

An intermediary for requests from clients under an administrator's control to areas that are not under the administrator's control. Sometimes called "proxy" without the word "forward".

Forwarding Firewall service

Configurable firewall service of the Barracuda CloudGen Firewall. The Forwarding Firewall service can be added to every virtual server.

  • Also known as: Fully Qualified Domain Name

The Fully Qualified Domain Name includes host name, as well as all enclosing domains, and is often distinguished by the use of a terminating dot: (host.subdomain.domain.).

front end

The front end is responsible for collecting input in various forms from the user.

front-end server

The front-end server is an extension of the back-end server and is designed to provide scalability.

  • Also known as: Secure Access Concentrator

The Secure Access Concentrator (FSAC) device is a Barracuda NextGen FSC-Series feature that forwards management traffic from Secure Connectors (FSACs) to a NextGen Control Center.

  • Also known as: Secure Connector

A Secure Connector (FSC) device is a Barracuda CloudGen FSC-Series feature that connects to a regional Secure Access Concentrator (FSAC) via TINA VPN, that then forwards management traffic to a Firewall Control Center.

FSC Firewall

A firewall service on tha Barracuda CloudGen Firewall FSC-Series that allows you to create rules defining access, source, and destination NAT based on network zones defined for Secure Connectors (FSCs).

  • Also known as: File Transfer Protocol

Standard network protocol used to transfer files between a client and server on a computer network.

FTP Gateway service

Service on the Barracuda CloudGen Firewall that provides access to an FTP server, handles FTP traffic, and lets the administrator define user-specific profiles with permissions and restrictions for FTP access.

FTP proxy

Allows the proxy to control FTP traffic. When a client uploads or downloads files, the proxy identifies the traffic as FTP, allowing the appliance to control file transfers using TCP optimization and caching.


Extension to FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

full duplex

A communication system between two entities in which either entity can transmit simultaneously. Compare to half duplex.

fuzzy search

A simple search query that uses approximate string matching (fuzzy matching) to correct for typographical errors and misspellings.

G Suite Password Sync (GAPS)
  • Also known as: GAPS

Enables you to synchronize users' G Suite passwords with their Microsoft Active Directory passwords.

gateway route

Next-hop route to a network that cannot be directly accessed. Example: default route (, that forwards packets not belonging to a the directly attached network to the remote gateway provided by the ISP. 


A gigabit, or 10^9 bits.


A gigabyte, or 10^9 bytes, or 8000 million bits.

generic forwarding

With generic forwarding, requests from networks are forwarded without any firewall intervention even if the firewall is switched off.

generic network object


Locating a computer's geographic location based on its IP address.

  • Also known as: gigahertz

A unit of frequency equal to 10^9 hertz, which is defined as one cycle per second.


A gibibyte. A contraction of "giga" "binary" byte, a gibibyte is 2^30 or 1,073,741,824 bytes. It is slightly larger than a gigabyte (GB), which is 10^9 or 1,000,000,000 bytes.


Amazon AWS cloud archiving service for storage of old data (commonly after 30 days).

Global Server Load Balancing
  • Also known as: GSLB

Distributing traffic among multiple resources in different geographies.

Google Accounts Enforcement

Integration of Google Accounts, for example in authentication processes.

Google Active Directory Sync
  • Also known as: GADS

Enables you to synchronize the data in your Google domain with your Microsoft Active Directory or LDAP server.

Google App Engine

A service that enables developers to create and run web applications on Google's infrastructure and share their applications via a pay-as-you-go, consumption-based plan with no setup costs or recurring fees.

granular scheduling

Selecting specific sets of data to back up and configure multiple schedules for each data source, each with a different set of selected data.

  • Also known as: Generic Routing Encapsulation

Generic Routing Encapsulation is a tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. 

Group Policy Object
  • Also known as: GPO

A collection of settings that define what a system will look like and how it will behave for a defined group of users.

GTI Editor
  • Also known as: Graphical Tunnel Interface

The Barracuda CloudGen Firewall VPN Graphical Tunnel Interface (GTI) Editor displays VPN site-to-site tunnels on a graphical interface.

guest access

Feature that lets you set up a confirmation page or ticketing system to temporarily grant guests access to the network.


Standard that defines the protocols to provide audio-visual communication sessions on any packet network. H.323 addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multi-point conferences.

half duplex

A communication system between two entities in which data transmission occurs in only one direction at a time between a sending station and a receiving station. Compare to full duplex.

hardware refresh

Barracuda program that allows existing appliance customers with an active Energize Updates subscription to migrate to the latest hardware platforms at a reduced price -- ensuring customers benefit from the latest hardware improvements and firmware capabilities.

high availability
  • Also known as: HA

Deployment method that ensures that the services running on the system are always available even if one system is down due to maintenance or a hardware fault.


The Health Insurance Portability and Accountability Act of 1996, gives patients in the US rights over their health information and sets rules and limits on who can look at and receive health information. The Privacy Rule applies to all forms of individuals' protected health information, whether electronic, written, or oral. The Security Rule is a Federal law that requires security for health information in electronic form. For details, visit

  • Also known as: Hash-based Message Authentication Code

A specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key. 

hop distance

A unit of measure used to express the number or routers that a packet must pass through its way to its destination.

host firewall service

The firewall service responsible for governing traffic to and from local services running on the Barracuda CloudGen Firewall F-Series and Barracuda Firewall Control Center. 

hosted zone

A collection of resource record sets that Amazon Route 53 hosts. Like a traditional DNS zone file, a hosted zone represents a collection of records that are managed together under a single domain name.


Label assigned to a device connected to a computer network. Used to identify the device in various forms of electronic communication.

hostname object
  • Also known as: hostname network object

Network objects on the Barracuda CloudGen Firewall where the IP addresses are determined by DNS resolution.

  • Also known as: Hypertext Transfer Protocol

Protocol for submitting data over a network, commonly used to load website content in a web browser.

HTTP Proxy service

Service on the Barracuda CloudGen Firewall that acts as an intermediary for HTTP and HTTPS requests from network clients. The HTTP Proxy can cache and scan web traffic.

HTTP referer

HTTP header field that identifies the address of the webpage (i.e., the URI or IRI) that links to the resource being requested. (Originally a misspelling of referrer.) 

  • Also known as: Hypertext Transfer Protocol Secure

Consists of communication over HTTP within a connection encrypted by TLS or SSL. The main motivation is authentication of the visited website and protection of the privacy and integrity of the exchanged data.

hub and spoke
  • Also known as: hub-and-spoke

Network architecture that uses a central connecting point.


Hardware Virtual Machine (HVM) virtualization allows the guest VM to run as though it is on a native hardware platform, except that it still uses paravirtual (PV) network and storage drivers for improved performance.

hybrid cloud

The combination of a public cloud provider (such as AWS) with a private cloud platform. The public and private cloud infrastructures operate independently of each other, and integrate using software and processes that allow for the portability of data and applications.

hybrid network

Internetwork made up of more than one type of network technology, including LANs and WANs.


Native Hypervisor on Windows, created by Microsoft.


Computer software, firmware, or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a "host machine". Each virtual machine is called a "guest machine".

  • Also known as: Infrastructure as a Service

Cloud infrastructure services in which a virtualized environment is delivered as a service by the cloud provider.

  • Also known as: Identity and Access Management

The Identity and Access Management feature of cloud services (like AWS)  that lets you control who can use the provider's services and resources (authentication) and what resources they can use in which ways (authorization).

  • Also known as: Internet Assigned Numbers Authority

The Internet Assigned Numbers Authority organization delegates authority for IP address-space allocation and domain-name assignment to the NIC and other organizations and maintains a database of assigned protocol identifiers used in the TCP/IP stack, including autonomous system numbers.

  • Also known as: Internet Gateway Protocol

Internet protocol used to exchange routing information within an autonomous system. Examples of common Internet IGPs include IGRP, OSPF, and RIP.

  • Also known as: Internet Key Exchange protocol

Internet Key Exchange protocol, used to set up a security association (SA) in the IPsec protocol suite.

Infrastructure Services

Infrastructure is the backbone of all of your business operations.

inline authentication

Authentication method that intercepts unauthorized users HTTP or HTTPS connections and redirects them to a login page, for example, on the Barracuda NextGen Firewall. After successful authentication the user is forwarded to the original destination.

inline deduplication

The removal of redundancies from data before or as it is being written to a backup device. This reduces the amount of redundant data in an application and the capacity needed for the backup disk targets, in comparison to post-process deduplication. However, inline deduplication can slow down the overall data backup process.


A "copy" of a virtual appliance/image/machine that is being installed, brought up, configured, etc. In the context of an AWS deployment, a virtual product (for example, a Barracuda CloudGen Firewall) that runs on Amazon Web Services (AWS).

instant replacement

With an Instant Replacement subscription, if your Barracuda Networks product fails, we will ship you a replacement unit within one business day so you can get back up and running soon. Instant Replacement subscriptions also work toward getting updated hardware through the Hardware Refresh program.

Intrusion Detection System

Network security feature that monitors local and forwarding firewall traffic for malicious activities.

Intrusion Prevention System
  • Also known as: IPS, IDS, Intrusion Detection System

Configurable network security feature that monitors local and forwarding firewall traffic for malicious activities.

Invalid Bounce Suppression

Feature used to determine whether the bounce address specified in a message is valid. It is designed to reduce the number of bounce messages to forged return addresses.

  • Also known as: input/output operations per second

Performance measurement of input/output operations per second, used to characterize computer storage devices like hard disk drives (HDD), solid state drives (SSD), and storage area networks (SAN).

  • Also known as: Internet of Things

Devices that can now intercommunicate with each other and the Internet.

IP address
  • Also known as: Internet Protocol address

A numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.

IPFIX streaming
  • Also known as: IP Flow Information Export , IPFIX, Internet Protocol Flow Information Export

Standard for exchange of network monitoring information. Feature that enables the Barracuda NextGen Firewall to stream log data to IPFIX collectors. 

  • Also known as: Internet Protocol security

A framework of open standards for protecting communications over Internet Protocol (IP) networks.

IPv4, IPv6

The fourth and sixth versions, respectively, of the Internet Protocol (IP). Following are examples of notation for each type of address:IPv4    2001:0db8:0000:0042:0000:8a2e:0370:7334

  • Also known as: intermediate system

Routing node in an OSI network.

  • Also known as: Internet Security Association and Key Management Protocol

Protocol defined by RFC 2408 for establishing Security Associations (SA) and cryptographic keys in an Internet environment. It is part of IKE.

  • Also known as: Integrated Services Digital Network

Communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.

  • Also known as: Internet Service Provider

Organization that provides access to the Internet.


Barracuda Web Security Agent


Measure of the difference in packet delay, that is, the difference in the space between packet arrival times. Jitter can be remedied somewhat with a jitter buffer.


A file system that keeps track of changes not yet committed to the file system’s main part by recording the intentions of such changes in a data structure known as a “journal”. In the event of a system crash or power failure, such file systems can be brought back online quicker with lower likelihood of becoming corrupted.

  • Also known as: JavaScript Object Notation

An open, text-based data exchange format (like XML), that is human-readable and platform-independent. Data formatted according to the JSON standard is lightweight and can be parsed by JavaScript implementations.


A kilobit.


A network authentication protocol, designed to provide strong authentication for client/server applications by using secret-key cryptography. Available for free from the Massachusetts Institute of Technology, also available in commercial products.

Kerio connect

Messaging and collaboration product with functionality across platforms.

  • Also known as: Kernel-Based Virtual Machine

A virtualization infrastructure for the Linux kernel that turns it into a hypervisor. KVM requires a processor with hardware virtualization extension.

  • Also known as: Layer 2 Tunneling Protocol

A network protocol that supports tunneling of layer 2 frames between two networks over the Internet.


Delay in transmission time that occurs while information remains in a device's buffered memory (such as a bridge or router) before it can be sent along its path.

Launch Configuration

AWS template that an Auto Scaling group uses to launch EC2 instances. Contains AMI, instance type, key pair, security groups, and block device mapping.

layer 4

The transport layer from the ISO/OSI model, which provides end-to-end or host-to-host communication services for applications within a layered architecture of network components and protocols.

Layer 7 Application Control

A legacy feature of the Barracuda NG Firewall. Barracuda Networks recommends using the new Application Control in Barracuda NextGen Firewall instead.

  • Also known as: Lightweight Directory Access Protocol

Application protocol used to manage and access the distributed directory information service.

  • Also known as: LDAP over SSL, Secure LDAP

Connection protocol used between application and Network Directory or Domain Controller. LDAPS communication is encrypted and secure.


Latest maintenance release for the previous major firmware version.


A universal lossless data compression algorithm

link aggregation
  • Also known as: 802.3ad Link Aggregation, LAG

Operating mode for Ethernet bundles that uses the LACPDU protocol to negotiate automatic bundling links.

link balancing

Dynamically balancing traffic across multiple Internet Service Provider (ISP) links to ensure Internet continuity and availability, even during ISP outages.

link bonding
  • Also known as: multiport link aggregation

Allows you to aggregate multiple physical network links into a single logical link. You can use link aggregation to achieve multi-gigabit capacity to services and servers.

Link Protection

Barracuda service that automatically rewrites a deceptive URL in an email message to a safe Barracuda URL, and delivers that message to the user.

link state routing
  • Also known as: Open Shortest Path First

A routing protocol that takes link loading and bandwidth when selecting between alternate routes. Example: OSPF.


Method of storing or transmitting data in which the least significant bit or byte is presented first. Compare with big-endian.


Allows administrators to instantly recover VMware virtual guest machines.


Enables administrators to view and traverse file structures inside all backed up VMware and Hyper-V VMDK, VHD, and VHDX files. Files and directories can also be downloaded within VMware and Hyper-V snapshots.

local authentication database

Built-in user database for local authentication on the firewall.

local bridge

Bridge that directly interconnects networks in the same geographic area.

local control

Enables administrators to manage their Barracuda Backup appliance in a “connectionless” state, independent of the Barracuda Networks Cloud.

Log Viewer

  • Also known as: link-state advertisement, link state advertisement

Broadcast packet used by link-state protocols that contains information about neighbors and path costs. Used by the receiving routers to maintain their routing tables.


Macintosh Operating System. Formerly known as Mac OS X.

Mail Gateway service

Barracuda CloudGen Firewall service that lets you set up a secure mail gateway. Provides antivirus integration, POP3 scanning, content stripping, grey listing, and blocklists, and generates log files.

mail server

A server that receives, stores, sends, and processes emails.

malicious site

An Internet site that attempts to install malware onto your device, usually to steal your personal information or to disrupt the operation of your system.

  • Also known as: Microsoft Application Programming Interface

A programming library for Windows developers that provides messaging services to their applications.


Modifying the source IP address and port of a packet (Source NAT) to be the primary IP address assigned to an outgoing interface with a dynamic address (DHCP).


A megabit.


A unit of measure used to describe the rate of data transmission equal to one millions bits per second.

mesh network

A network topology in which each node relays data for the network. All mesh nodes cooperate in the distribution of data in the network.

  • Also known as: megahertz

A unit of frequency equal to 10^6 hertz, which is defined as one cycle per second. 

  • Also known as: Management Information Base

A database used for managing the entities in a communication network. Often associated with SNMP.

Microsoft Azure

Microsoft's cloud computing platform. Barracuda Networks was the first Microsoft Azure Certified Security Solution Provider, with a product line that includes the Barracuda Web Application Firewall, CloudGen Firewall, Message Archiver, and Email Security Gateway.

Microsoft Exchange
  • Also known as: MS Exchange

Microsoft Exchange Server is a calendaring and mail server that runs exclusively on the Microsoft Windows Server product line. A hosted version of Exchange Server is available as part of Office 365

Microsoft Office 365
  • Also known as: O365

Microsoft's software plus services model that offers Microsoft Office on a subscription-based pricing model, with cloud storage abilities.

Microsoft SharePoint

A web application platform in the Microsoft Office server suite, mainly used for document management and storage. 

MIME type

Two-part identifier for file formats and format contents transmitted over the Internet.

  • Also known as: Mean Opinion Score

Measure representing the overall quality of a system or stimulus, calculated by taking the arithmetic mean of individual values of quality. Often used for, but not limited to, video, audio and audiovisual quality.

  • Also known as: Multiprotocol Label Switching

A packet-forwarding method for high performance networks. Directs data between network nodes based on short path labels, instead of long addresses.

  • Also known as: Microsoft Challenge Handshake Authentication Protocol

Protocol used to authenticate VPN clients over L2TP/PPTP or to authenticate HTTP Proxy users.

  • Also known as: mail submission agent, message submission agent

Receives email messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) to deliver the mail.

  • Also known as: Mail Transfer Agent

Software that transports email messages from one computer to another by using a client-server architecture.

  • Also known as: Maximum Transmission Unit

A specification in a data link protocol that defines the maximum number of bytes that can be carried in any one packet on that link.

multi-factor authentication
  • Also known as: multifactor authentication, MFA

Security feature that requires at least two forms of authentication to access a destination or service. 


Single packets copied by the network and sent to a specific subset of network addresses. These addresses are specified in the destination address field.

multilayer switch

Switch that filters and forwards packets based on MAC addresses and network addresses. A subset of LAN switch.


Scheme that allows multiple logical signals to be transmitted simultaneously across a single physical channel.

  • Also known as: multitenant

The existence of multiple clients sharing resources (services or applications) on distinct physical hardware. Due to the on-demand nature of cloud, most services are multitenant.

MX records
  • Also known as: mail exchange record

Resource record in DNS that specifies a mail server responsible for accepting email messages for a recipient’s domain. Includes a preference value to prioritize mail delivery when there are multiple mail servers.

Nagle algorithm

Two separate congestion control algorithms that can be used in TCP-based networks. One algorithm reduces the sending window. the other limits small datagrams.

name server

Server connected to a network that resolves network names into network addresses.

Named Networks

  • Also known as: network address translation

The process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The simplest type of NAT provides a one to one translation of IP addresses.

NAT gateway
  • Also known as: NAT GW

A NAT device, managed by AWS, that performs network address translation in a private subnet, to secure inbound Internet traffic. A NAT gateway uses both NAT and port address translation.

NAT instance

A NAT device, configured by a user, that performs network address translation in a VPC public subnet to secure inbound Internet traffic.

NAT Traversal
  • Also known as: network address translation

A computer networking methodology with the goal to establish and maintain Internet protocol connections across gateways that implement network address translation (NAT). NAT breaks the principle of end-to-end connectivity originally envisioned in the design of the Internet.

native application
  • Also known as: native app

Locally installed application that has been developed for use on a particular platform or device.

  • Also known as: non-delivery report, bounce, non-delivery notification (NDN)

An automated email message from the mail system informing the sender that there was a delivery problem with an email message that they sent.

neighboring routers

In OSPF, two routers that have interfaces to a common network. On multiaccess networks, neighbors are dynamically discovered by the OSPF Hello protocol.

  • Also known as: Network Basic Input/Output System

API used by applications on an IBM LAN to request services from lower-level network processes. These services might include session establishment and termination, and information transfer.

Network Access Client
  • Also known as: NAC Client

Barracuda Networks product that integrates with the Access Control Service and lets you configure access policies and rules depending identity and client health state. The NAC Client consists of Barracuda Personal Firewall, Barracuda Access Monitor, and Barracuda VPN Client.

network addressable storage
  • Also known as: network addressable storage

A file-level computer data storage server connected to a computer network providing data access to a mixed group of clients.

network layer

Layer 3 of the OSI reference model. This layer provides connectivity and path selection between two end systems. The network layer is the layer at which routing occurs.

network object

A firewall object on the Barracuda CloudGen Firewall that references networks, IP addresses, hostnames, or interfaces. Network objects can be applied to access rules. 

Network Time Protocol
  • Also known as: NTP

Networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

NextGen Remote

Software that provides system administrators remote access to F-Series Firewalls and Control Centers through their iOS device. 

NextGen SSL VPN mobile portal

Mobile portal in NextGen Firewall that provides access web resources for mobile devices. (Barracuda SSL VPN is a separate product.)

  • Also known as: Network File System

Unix and Linux operating system network file sharing system. 

NG Control Center

A central administration appliance designed to manage a large number of Barracuda NG Firewalls.

non-stub area

Resource-intensive OSPF area that carries a default route, static routes, intra-area routes, interarea routes, and external routes. The only OSPF areas that can have virtual links configured across them and that can contain an ASBR.


Nonrelational database systems that are highly available, scalable, and optimized for high performance. Instead of the relational model, NoSQL databases (like Amazon DynamoDB) use alternate models for data management, such as key–value pairs or document storage.


A network administration command-line tool available for many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record.

  • Also known as: NT LAN Manager

A suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

null ciphers

Form of encryption where the plaintext is mixed with a large amount of non-cipher material.

offline authentication

Authentication method with an internal IP address as destination. Offline Authentication Works with all protocols (for example, POP3).


Refers to a location other than the subject site. Example: Barracuda Cloud Storage subscription plans provide diverse offsite storage that scales to meet your changing data requirements.

offsite replication
  • Also known as: off-site replication

Replicates backup data to another geographical location that is running a secondary Barracuda Backup appliance. This is to ensure against data loss in case of catastrophe.

offsite vaulting
  • Also known as: off-site vaulting

The ability to store longer-term backups exclusively in the cloud to free space for daily needs.

On-Demand Instance

An Amazon EC2 pricing option that charges you for compute capacity by the hour with no long-term commitment.

  • Also known as: Open Network Computing Remote Procedure Call

Remote procedure call system based on calling conventions used in Unix and the C programming language.

one-arm proxy

A deployment option where only one network interface of a device is used to transfer incoming and outgoing traffic.

one-time password
  • Also known as: OTP, one time password

An automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or session.


At the place where a business or activity happens. Compare to offsite.

onsite replication
  • Also known as: on-site replication

Replicates backup data to a secondary Barracuda Backup appliance at the same location.


A free and open-source cloud computing software platform used to control pools of processing, storage, and networking resources in a datacenter.

OSB transformation

Orthogonal sparse bigram transformation. In machine learning, a transformation that aids in text string analysis and that is an alternative to the n-gram transformation. OSB transformations are generated by sliding the window of size n words over the text, and outputting every pair of words that includes the first word in the window.

  • Also known as: Open Shortest Path First

A dynamic routing protocol. OSPF is a link state protocol that uses Dijkstra algorithm to calculate the shortest path tree.

OST file
  • Also known as: Offline Outlook Data file

Used when you have a Microsoft Exchange account and want to work offline or use the default Cached Exchange Mode. See also PST file.

Outbound Data Theft Protection

Data theft protection prevents unauthorized disclosure of confidential information such as social security number, passwords, credit card information, etc.

outbound filtering

Scanning email messages from local users before any potentially harmful messages can be delivered to others on the Internet.

  • Also known as: Outlook Web Access, Outlook Web App

Microsoft provides OWA as part of Exchange Server to allow users to connect to their email accounts via a web browser, without requiring the installation of Microsoft Outlook.

  • Also known as: Open Web Application Security Project

A worldwide, not-for-profit charitable organization focused on improving the security of software. Creator of the OWASP Top 10, a powerful awareness document for web application security, representing a broad consensus about the most critical web application security flaws. 

  • Also known as: platform as a service

Cloud platform services, where the computing platform (operating system and associated services) is delivered as a service over the Internet by the provider.

  • Also known as: pkt

A unit of data routed between an origin and a destination over a network.

packet fragmentation

Part of the processing of TCP IP traffic that consists of fragmenting, sending, and reassembling packets.


Additional, meaningless data adds to a packet to increase its size.


1. The process of responding to an API request by returning a large list of records in small separate parts. 2. Breaking a document into separate pages and assigning them numbers or letters. 

partition key
  • Also known as: hash attribute

A simple primary key, composed of one attribute. Also known as a hash attribute.

PAR file
  • Also known as: parchive file, parity archive file

Used to back up and restore configurations for the Barracuda CloudGen Firewall or the Barracuda Firewall Control Center. The PAR file contains all configuration settings. 


Series of characters that must be provided by the user for input to the cryptographic key generation process. Must be no less than eight logical characters and can contain spaces.

  • Also known as: port address translation

Conserves IP addresses by permitting multiple devices on a local network to be mapped to a single public IP address. An extension to network address translation (NAT).


  • Also known as: Payment Card Industry Data Security Standard, PCI-DSS

Standards for security practices when using payment cards (e.g., credit, debit, gift).


A device to which a computer has a network connection that is relatively symmetrical and where both devices can initiate or respond to a similar set of requests.

persistent storage

A data storage solution where the data remains intact until it is deleted.

Personal Firewall

Component of the Barracuda Network Access Client. Centrally managed host firewall that can handle up to four different rulesets at once, depending on the policy applicable to user, machine, date, and time

  • Also known as: phishing attack

Attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. See also spear phishing.

  • Also known as: Public Instance Level IP address

Public Instance Level IP address that is assigned directly to a VM and bypasses the Azure Load Balancer. 

  • Also known as: Public Key Cryptography Standards

Refers to a group of standards, in the format PKCS #n, where n =1 to 15. For example: Certificates can be downloaded in PKCS #12 format, which includes the private key and certificate.

  • Also known as: Public Key Infrastructure

A system for distributing and using public encryption keys, enabling secure data exchange over the Internet.

Placement Group

Logical grouping of AWS instances within a single Availability Zone.

policy routing

Also called source-based routing, is used when the source IP address of the connection determines, in part or completely, which route is used.

policy simulator

A tool in the IAM AWS Management Console that helps you test and troubleshoot policies so you can see their effects in real-world scenarios.


A means of Media Access Control where a device may only transmit information when it is given permission to transmit by a controller device.

polymorphic threat

A threat that appears differently to threat detection systems, but is functionally the same. An advanced threat that signatures alone cannot detect.

  • Also known as: Post Office Protocol

A protocol used to retrieve email from a mail server.

  • Also known as: PuTTY Private Key

Files created by PuTTY and used for key authentication.

  • Also known as: Point to Point Protocol over Ethernet

Network protocol for encapsulating PPP (point to point protocol) frames inside Ethernet frames.

  • Also known as: Point-to-Point Tunneling Protocol

A network protocol that is used to establish VPN tunnels.

predictive sender profiling

A method of blocking spammers who obfuscate their web identities.

Premium Support

24/7 support, offered by Barracuda Networks

printer spooler
  • Also known as: print spooler

A software process that accepts a print job from a workstation as if it were a printer and then sends the print job to an actual printer at a later time. 

private cloud

Services offered over the Internet or over a private internal network to select users. These services are not available to the general public.

private IP address

Internal IP address that belongs to the address space in a private network.

private subnet

A VPC subnet whose instances cannot be reached from the Internet.

promiscuous mode

In this mode, a network device can receive and process all of the packets on its network. Can be used in packet sniffing. 

protected IP count

The number of IP addresses being protected by the gateway.

protocol object

A firewall object that references protocols. Can be applied to an access rule on the Barracuda CloudGen Firewall.


Process of preparing and equipping a network or device to allow it to provide services to its users.

Proxy ARP object
  • Also known as: address resolution protocol

A firewall object with the purpose of letting the Barracuda CloudGen Firewall answer ARP requests on behalf of a remote interface. It can then accept packets and correctly forward packets to the remote host.

  • Also known as: Pre-Shared Key, preshared key

A shared secret that was previously shared between two parties using a secure channel before it needs to be used.

PST file
  • Also known as: personal storage table

An Outlook Data File. Used for POP3, IMAP, and web-based mail accounts. When you want to create archives or back up your Outlook folders and items on your computer, such as Exchange accounts, you must create and use additional PST files. See also OST file.

public cloud

Cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet. Examples include Amazon AWS, Google Cloud Platform, and  Microsoft Azure.

public cloud hosting

Cloud-hosted virtual machines, such as Microsoft Azure and Amazon Web Services.

Public DNS

Public Domain Name System (DNS) resolution service.

public IP address

External IP address, assigned to a computing device to allow direct access over the Internet. For example, a web server, email server or any server device directly accessible from the Internet.

public key

A value provided by a designated authority as an encryption key.  Public key cryptography (asymmetric cryptography) uses pairs of keys: public keys that may be distributed widely, and private keys that are known only to the owner.

public key encryption
  • Also known as: asymmetric encryption

Encryption that uses both a public key and a private key as a pair; one is used for encryption, the other is used for decryption.

public subnet

A subnet whose instances can be reached from the Internet.

  • Also known as: purge

Cleaning out inactive or obsolete records or data from the set of active files for archiving or deletion.

  • Also known as: paravirtual virtualization

Allows guest VMs to run on host systems that do not have special support extensions for full hardware and CPU virtualization. Cannot provide hardware-related features such as enhanced networking or GPU support.

Quality of Service
  • Also known as: QoS

Overall performance of the network, especially as seen by the network users. Includes things such as throughput, availability, and error rate. 


Isolating a file suspected of being infected with a virus to a specific area of a system to prevent it from infecting other files.


To pause or alter a device or application to achieve a consistent state, usually in preparation for a backup or other maintenance.

  • Also known as: Remote Authentication Dial-In User Service, WiFi Access Point Authentication

Networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

  • Also known as: redundant array of independent disks

Provides a way of storing the same data in different places (redundantly) on multiple hard disks.

  • Also known as: range specific

1. Relating to a set range of values.2. Global settings that apply to a range on a Barracuda NextGen Control Center.


Malicious software designed to block access to computer files or an entire system until a sum of money is paid.

  • Also known as: Realtime Blackhole List

List of IP addresses whose owners do not stop the proliferation of spam. The owners often have customers who are associated with creating or relaying the spam. 

  • Also known as: Remote Desktop Protocol

A proprietary protocol developed by Microsoft that provides a user with a graphical interface to connect to another computer over a network connection.


AWS term, managed Relational Database Service

real time
  • Also known as: realtime, real-time

The time in which an action is performed.

regular expression

A combination of characters or character classes and operators that describe text for matching purposes.

remote access client

Software that allows access to internal applications and data from remote devices. Example: VPN client, CudaLaunch.


Involves sharing information to ensure consistency between sources. By comparison, backups save data unchanged for a long period of time; replicas undergo frequent updates.

Report Creator
  • Also known as: Barracuda Report Creator

Creates customized reports using statistics and logs collected on Barracuda CloudGen Firewalls. Each report can be configured to use multiple appliances, custom or predefined report data templates, and a customizable layout and delivery method. 

Reserved Instance

A pricing option for EC2 instances that discounts the on-demand usage charge for instances that meet the specified parameters. Customers pay for the entire term of the instance, regardless of how they use it.

Reserved IP addresses
  • Also known as: RIP

IP addresses reserved for special purposes. For example, IP addresses reserved and assigned to Azure cloud services.

resource group

Group of entities in Azure, that may contain storage accounts for OS disks, source images, application data, and networking resources.

  • Also known as: Representational State Transfer, RESTful

A type of HTTP-based request interface that generally uses only the GET or POST HTTP method and a query string with parameters. Enables interoperability between a computer system and the Internet.

  • Also known as: Representational State Transfer API

A software architecture style for building scalable web services. REST gives a coordinated set of constraints to the design of components in a distributed hypermedia system that can lead to a higher performing and more maintainable architecture.An API (Application Programming Interface) is the means by which third parties can write code that interfaces with other code.

REST API Interface

Provides remote administration of products including the Barracuda CloudGen Firewall and the Barracuda Web Application Firewall, using JSON-RPC request (get or set variables) corresponding to field values in the configuration database.

retention policy

Rules that determine whether data older than a defined age will be deleted of offloaded to another device or cloud.

reverse lookup zone

Support the secondary function of Domain Name System (DNS) - the resolution of IP addresses to host names.

reverse proxy

The HTTP Proxy directs incoming requests from other servers to clients without providing the origin details.

Revision Control System
  • Also known as: RCS

Allows you to view, revert and keep track of configuration changes on the Barracuda Nextgen Control Center.

  • Also known as: Routing Information Protocol

Protocol used in dynamic routing. RIP is a distance-vector routing protocol that employs the hop count as a routing metric.

RIP/OSPF/BGP service

Barracuda CloudGen Firewall service that allows dynamic routing configuration.

  • Also known as: Routing Information Protocol

Numbered authorization provided by a merchant, like Barracuda Networks, to permit the return of a product.

rogue app threats

Forms of Internet fraud using computer malware to trick users into revealing financial and social account details or paying for bogus products. The apps are rogue, because they do not appear to be malicious.

role-based administration
  • Also known as: role based administration

Gives administrators the ability to assign specific privileges to users and to present the user with only the tools and permissions necessary to perform specific tasks, based on their role within the organization.


A return to a previous state after an installation or configuration failure.

root certificate

A CA-signed or self-signed public key certificate that identifies the root certificate authority (CA).

Round-Robin policy

Method of traffic balancing among links/interfaces in circular order.

Route 53

AWS service for DNS-based load balancing that connects user requests to EC2 instances, ELBs, S3 buckets, and Internet applications and provides health checks for monitoring or to route traffic to healthy endpoints.

route table

In AWS, a set of routing rules that controls the traffic leaving any subnet that is associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time.

routed bridging

Bridging mode where the router acts as a bridge.

RPC protocols
  • Also known as: Rate Control Protocol, ONC-RPC, DCE-RPC

Congestion control algorithm designed for fast download times such as user response times, or flow-completion times. 

RPC tracking
  • Also known as: remote procedure call tracking

Used to support RPC based services across the firewall. The RPC tracking modules supervise traffic to and from RPC portmapper(s).


One of the four storage classes in AWS. 99.9& SLA reduced redundancy storage, lower fault tolerance, stored in 1 region.


A hardware token for performing two-factor authentication for a user to a network resource.


A collection of one or more access or application rules.

  • Also known as: Simple Storage Service, Amazon Web Services

Object-based, scalable object storage in the AWS cloud.

  • Also known as: software as a service, software-as-a-service

Software licensing and delivery system in which software is licensed on a subscription basis and is centrally hosted.


Feature of Google Search that acts as an automated filter of pornography and potentially offensive content.


An online SaaS company that is best known for delivering customer relationship management (CRM) software to companies over the Internet.

SAML 2.0
  • Also known as: Security Assertion Markup Language 2.0

A version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority (an identity provider) and a SAML consumer (a service provider). SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.


A security mechanism for separating untested or untrusted programs or code, without risking harm to the host environment.

  • Also known as: Sox

A United States federal law that sets requirements for all US public company boards, management, and public accounting firms to individually certify the accuracy of financial information.


The suitability of a network system to operate properly and efficiently when configured on a large scale.

scaling policy

In AWS, a description of how Auto Scaling should automatically scale an Auto Scaling group in response to changing demand.

  • Also known as: Signalling Connection Control Part, Skinny

Network layer protocol that provides extended routing, flow control, segmentation, connection orientation, and error correction facilities in Signaling System 7 telecommunications networks.

  • Also known as: Simple Certificate Enrollment Protocol

Protocol that supports the secure issuing of certificates to network devices in a scalable manner, using existing technology whenever possible. 

  • Also known as: Small Computer Systems Interface

A specification (ANSI X3T9.2) for a short distance Local Area Network (up to 6 meters) using bus topology for up to eight devices. 

  • Also known as: software-defined networking in a wide area network, software-defined WAN

A wide area network controlled by software. Control and data are decoupled, simplifying both network hardware and management.

  • Also known as: software development kit

Set of software development tools that allows the creation of applications for a certain software package.

Security Group
  • Also known as: SG

In AWS, a set of firewall rules that control traffic for the instance.

security policy

Definition of what it means to be "secure" for an organization or for a system. Barracuda Networks products use your security policies to help protect your organization and system.

serial port

A port on a computing device that is capable of either transmitting or receiving one bit at a time. 

Server Agent
  • Also known as: Barracuda SSL Server Agent

The Barracuda Server Agent is used to proxy traffic for resources located in a network that cannot be reached directly by the Barracuda SSL VPN.

server certificate

Certificate for a server, signed by a valid, trusted entity, that allows access without further validation.

service certificate

Certificate for a service, signed by a valid, trusted entity, that allows access without further validation. 

service object

A firewall object that references services on the Barracuda CloudGen Firewall. Can be applied to an access rule. 

session layer

The layer in the OSI 7-Layer Model that is concerned with managing the resources required for the session between two computers.

  • Also known as: secure hash algorithm

A secure hash algorithm, or a set of algorithms, developed by the National Institutes of Standards and Technology (NIST) and other government and private parties.

single pass

Algorithm that reads its input exactly once, in order, without unbounded buffering. Generally requires O(n) time and less than O(n) storage (typically O), where n is the size of the input.

Single Sign-On
  • Also known as: SSO

A session and user authentication service that permits a user to use one set of login credentials to access multiple applications. 

single-instance storage
  • Also known as: SIS, intelligent compression, deduplication, single instance storage

A method of reducing storage needs by eliminating redundant data. Only one unique instance of the data is retained on storage media. Redundant data is replaced with a pointer to the unique data copy.


Communications protocol for signaling and controlling multimedia communication session such as voice and video calls.

SIP Proxy service
  • Also known as: Session Initiation Protocol

In VoIP (Voice over Internet Protocol) technology, SIP proxies are elements that route SIP requests to user agent servers and SIP responses to user agent clients. The SIP Proxy service on the Barracuda NextGen Firewall helps establish a VOIP call with an external SIP provider.

site to site replication
  • Also known as: site-to-site replication

Replicating data from one site to another. For example, backup data replication from an on-premise Barracuda Backup to another on-premise Barracuda Backup unit.

Site-to-Site VPN

Securely connects entire networks to each other, for example, connecting a branch office network to a company headquarters network.

  • Also known as: service level agreement, service-level agreement

A contractual agreement by which a service provider defines the level of service, responsibilities, priorities, and guarantees regarding availability, performance, and other aspects of the service.

slow client attack

Occurs when an attacker deliberately sends multiple partial HTTP requests to the server to carry out an HTTP DoS attack on the server. The client attempts to slow the request or response so much that it holds connections and memory resources open on the server for a long time, but without triggering session time-outs.

smart host

Email message transfer agent that allows a Simple Mail Transfer Protocol (SMTP) server to route email to an intermediate mailserver rather than directly to the recipient's server.

  • Also known as: SMBv1, SMBv2, SMBv3, Server Message Block

Operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

SMS Passcode

Multi-Factor Authentication (MFA) solution that adds an extra security layer for a broad range of authentication clients.

  • Also known as: Simple Mail Transfer Protocol

Internet standard for electronic mail transmission.

  • Also known as: Systems Network Architecture

IBM's communications architecture and strategy.


Capture of the state of a system at a particular point in time.

  • Also known as: Server Name Indication

An extension to the TLS computer networking protocol, where a client indicates to which hostname it is attempting to connect at the start of the handshaking process.

  • Also known as: Simple Network Management Protocol

A standard for management of networked devices using a simple request-response data retrieval mechanism. Used for collecting information, along with configuring network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

SNMP service

The SNMP service is used to remotely monitor the network and system state of a Barracuda NextGen Firewall using a network management system (NMS).

  • Also known as: simple notification service

Feature to push notifications to mobile services and trigger actions, in Amazon Web Services (AWS).

  • Also known as: Simple Network Time Protocol

Network package format for time synchronization, similar to NTP, only recommended for simple applications.

  • Also known as: Simple Object Access Protocol

Protocol specification for exchanging structured information in the implementation of web services in computer networks.

Social Security number
  • Also known as: SSN, ss number

A nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents for social security purposes.

Source NAT

Changing the source address/port in the IP header of a packet. Example: changing a private IP address/port into a public address/port in the IP header of a packet leaving the network.

source-based routing
  • Also known as: policy routing

Used when the source IP address of the connection determines, either in whole or in part, which route is used.


Unwanted email messages, usually for advertising purposes and usually sent in bulk.

SPAM Filter service

Service on the Barracuda CloudGen Firewall that detects, filters, and removes spam.


Mail filter that is integrated in the Barracuda NextGen Firewall SPAM Filter service.

  • Also known as: honey pot, honeypot, honey trap, honeytrap

An email address that is set up by an anti-spam entity, not for correspondence, but to monitor unsolicited email. 

spear phishing
  • Also known as: spearphishing

A form of phishing that is more targeted. The sender of the fraudulent phishing email knows something about the intended victim, making it more likely that they will divulge personal information, like birth dates and passwords.

  • Also known as: Sender Policy Framework

A protocol enabling the owner of an Internet domain to specify which computers are authorized to send mail with envelope-from addresses from their own domain. 

SPF record
  • Also known as: Sender Policy Framework record

Type of DNS record that identifies which mail servers are permitted to send email on behalf of your domain.

  • Also known as: Simultaneous Peripheral Operations Online

Putting jobs in a buffer, a special area in memory, or on a disk where a device can access them when the device is ready. Spooling is useful because devices access data at different rates. The buffer provides a waiting station where data can rest while the slower device catches up.

Spot Instance

Purchasing option that allows a customer to purchase unused Amazon EC2 computer capacity at a highly-reduced rate.


Software that gathers information about a person or organization without their knowledge.

  • Also known as: Structured Query Language

A standard metalanguage for data base access and management.

SQL server

Microsoft SQL Server is a relational database management system (RDBMS) designed for enterprise environments.

  • Also known as: Amazon Simple Queue Service, Amazon SQS

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service.

  • Also known as: solid-state drive, solid state drive

A solid-state storage device that uses integrated circuit assemblies as memory to store data persistently.

SSH Proxy service

Service on the Barracuda NextGen Firewall that allows regulating SSH connections. 


Filesystem client based on the SSH File Transfer Protocol.

  • Also known as: Secure Sockets Layer

Standard security technology for establishing an encrypted link between a server and a client - typically a web server and a browser, or a mail server and a mail client.

SSL certificate

A digital certificate that is installed on a web server, authenticates the identity of the website, and encrypts the data that is transmitted.

SSL Encryption
  • Also known as: Secure Sockets Layer encryption

The standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.Transport Layer Security (TLS) is the successor to SSL, and is sometimes referred to as "SSL".

SSL Inspection
  • Also known as: SSL Interception

SSL Inspection transparently unencrypts, inspects, and and re-encrypts HTTPS traffic. Also has the ability to block a small section of an HTTP site (for example, allowing Google traffic, but blocking Google Play).

SSL Interception

Barracuda CloudGen Firewall feature, used to examine HTTP/S traffic.

SSL offloading
  • Also known as: Secure Sockets Layer

Relieves a web server of the processing burden of encrypting and/or decrypting traffic sent via SSL. The processing is offloaded to a separate device designed specifically to perform SSL acceleration or SSL termination.

SSL stripping
  • Also known as: man in the middle attack

A man-in-the-middle attack which changes HTTPS sessions to unencrypted HTTP sessions or makes unencrypted HTTP sessions look like safe HTTPS sessions, even including a padlock icon.

SSL VPN client

VPN client that can be installed on the Barracuda CloudGen Firewall and then accessed through the Barracuda SSL VPN web portal. (Barracuda SSL VPN is a different product.)

SSL VPN service

Service on the Barracuda CloudGen Firewall that manages SSL VPN connections. (Barracuda SSL VPN is a different product.)

stateful packet inspection
  • Also known as: stateful packet forwarding

Firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

static route

Route that is explicitly configured and entered into the routing table. Static Routes take precedence over routes chosen by dynamic routing protocols.

static website hosting

Hosting of a static website in Amazon S3. When a bucket is enabled for Static website hosting, all content is accessible to web browsers via the Amazon S3 website endpoint of the bucket.

statistic cooking

Procedure that defines how statistic logs are processed and how long they are kept on a system.

statistics services

Services that collect data from systems and process it according to specified transfer settings.

storage account

A secure account that gives you access to services in Microsoft Azure storage.

stream and packet compression

Data compression technique used in wireless networks.

  • Also known as: Amazon elastic block store, AWS, Amazon Web Services, striped

Method to combine performance and throughput of Amazon EBS volumes to a single logical volume.

stub area
  • Also known as: Open Shortest Path First, Autonomous System Boundary Router

OSPF area that carries a default route, intra-area routes, and interarea routes, but does not carry external routes. Virtual links cannot be configured across a stub area, and they cannot contain an ASBR.


Offloading large attachments from a mail server.

subnet mask
  • Also known as: subnetwork mask, netmask

Helps you know which portion of the IP address identifies the network and which portion identifies the node. You can use subnet masks to divide networks in to subnetworks and to identify the subnetwork an IP address belongs to.


Partitioning of an IP address space into several smaller address spaces.

syslog streaming

Method for handling of log file messages that are to be transferred to another system for analyzing purposes.

  • Also known as: Terminal Access Controller Access-Control System Plus

A service for external authentication that provides centralized user and group management and offers extended logging options.


An intrusion into a network cable by a connector.


A terabyte. 10^12 or 1,000,000,000,000 bytes. 1,000 GB.

TCP Flow Optimization
  • Also known as: TFO

Improves the TCP stack and brings uniformity to TCP sessions. Mitigates the inherent lack of performance in TCP slow start and general flow control, which can slow data transfers. TFO techniques fill the pipe and reduce latency, resulting in faster transfers and optimal bandwidth use.

TCP Proxy

The TCP Proxy is placed between browser and web server and filters requests and responses in TCP streams.

TCP stream reassembly

Part of the processing of TCP IP traffic that consists of fragmenting, sending, and reassembling packets.

  • Also known as: Transmission Control Protocol/Internet Protocol

A Transport and Network Layer Protocol, respectively, used for communication in the Internet and often in private networks.


A protocol to access a remote computer system, often a Unix system, over the network. Origin: Teletype Network.

temporary access

A time-restricted grant of access to certain areas that are usually off-limits, without having to change the usual organization's policy. For example, for a special project on a certain date, teachers can grant temporary access for students to view specific domains or categories of domains that are usually blocked by school policy.

terminal server

Communications processor that connects asynchronous devices such as terminals, printers, hosts, and modems to any LAN or WAN that uses TCP/IP, X.25, or LAT protocols.

  • Also known as: Trivial File Transfer Protocol

A simplified version of FTP (file tranfer protocol).

threat vector

The path along which an attack occurs, like a web application, email, or a remote user.

  • Also known as: throttle

The automatic restricting or slowing down of a process based on one or more limits.

Ticket Authentication

A sub-feature of Guest Access that allows administrators to create voucher codes for access authentication.

  • Also known as: time stamp

A date/time string to mark an occurrence of an event. 


The abbreviation TINA stands for Transport-Independent Network Architecture. It is the Barracuda VPN protocol. The Barracuda VPN protocol. A proprietary extension of the IPsec protocol developed to improve VPN connectivity and availability over the standard IPsec protocol.

top level domain
  • Also known as: TLD

The last part of a hostname.

traffic intelligence

In addition to site-to-site VPN, enables locations to maintain connectivity even if one or more transports are down. See also Dynamic Path Selection.

traffic optimization
  • Also known as: Traffic Shaping

Feature that is designed to improve the speed and reliability of business-critical applications by prioritizing important traffic.

Traffic Prioritization

A WAN optimization technique that allows a certain amount of available bandwidth for mission critical applications and traffic. See also Traffic Shaping.

Traffic Shaping

Traffic shaping prioritizes network resources according to factors such as time of day, application type, and user identity. Used to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of network traffic by delaying other kinds.

Transit VPC
  • Also known as: Transit Virtual Private Cloud

A central VPC, configured to minimize the number of connections required to connect multiple VPCs and remote networks.

transparent client

A VPN client that lets you establish transparent network access (Layer 3) to internal company network infrastructures.

transparent failover

Synchronization of all forward packet sessions (inbound and outbound TCP, UDP, ICMP-Echo, and other IP protocols) of the firewall server between two HA partners. 

transparent proxy
  • Also known as: inline proxy

The HTTP Proxy operates transparently to the clients in the network.

Transport Layer Security
  • Also known as: TLS

Cryptographic protocol that provides communications security over a computer network.