It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

TINA VPN Tunnels

  • Last updated on

TINA, the Barracuda VPN protocol, is a proprietary extension of the IPsec protocol developed to improve VPN connectivity and availability over the standard IPsec protocol.

Because the TINA protocol offers more advantages than IPsec, it is the main protocol that is used for VPN connections between Barracuda CloudGen Firewalls. IPsec is only used for VPN tunnels between CloudGen Firewalls and a system from a different manufacturer.

The Barracuda CloudGen Firewall offers most of the advanced VPN features of the Barracuda CloudGen Firewall based on our proprietary TINA VPN protocol.

  • Modified initial handshake improving denial-of-service protection for X.509 certificate based authentication. 
  • Multiple encapsulation transports: ESP, UDP, TCP, TCP/UDP hybrid mode or routing (no encapsulation).
  • Heartbeat monitoring and fast failover support.
  • Continuous bandwidth and throughput evaluation. 
  • Immunity to NAT devices or proxies (HTTPS, SOCKS) between two tunnel endpoints.

Creating TINA Site-to-Site VPN Tunnels

To connect two networks protected by CloudGen Firewalls, TINA Site-to-Site VPN tunnels are used. An active Site-to-Site TINA VPN tunnel transparently connects the published networks.

For more information, see How to Create a TINA VPN Tunnel between CloudGen Firewalls.

Example of TINA Tunnel Variations

Using different connection objects for the access rule matching the VPN traffic can control if and how the VPN network is visible from the other side of the VPN tunnel.

For more information, see Examples for TINA VPN Tunnels.

TINA Tunnel Settings

There are many settings and parameters for configuring TINA VPN tunnels. The TINA Tunnel settings include a description for each setting and configuration option.

For more information, see TINA Tunnel Settings.

Traffic Intelligence

Traffic Intelligence (TI) is the logical layer used to manage multiple parallel VPN tunnels (transports) in one VPN tunnel configuration. Traffic Intelligence also handles loadbalancing, fail-over, and traffic routing for all transports of the VPN tunnel. Switching between different transports is completely transparent to the user.

WAN Optimization

WAN Optimization reduces the amount of traffic sent through the tunnel by using deduplication. This means that the same data does not have to be sent repeatedly over the WAN since it is cached and delivered from the local cache of the branch site instead. In the beginning of the data transfer, the first system creates hashes for chunks of the TCP stream. This information, instead of the data, is sent to the other system. If the same data chunk has been transferred previously, the data can be found in the dictionary of the peer. Bandwidth is saved because only the reference must be transferred. If the peer recognizes that the data is not available, it sends a request for the RAW data from the first system to integrate this information into its own dictionary. The chunk size is 512 bytes. This is a hardcoded value that cannot be changed.