It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall


  • Also known as: Simple Storage Service, Amazon Web Services

Object-based, scalable object storage in the AWS cloud.

  • Also known as: software as a service, software-as-a-service

Software licensing and delivery system in which software is licensed on a subscription basis and is centrally hosted.


Feature of Google Search that acts as an automated filter of pornography and potentially offensive content.


An online SaaS company that is best known for delivering customer relationship management (CRM) software to companies over the Internet.

SAML 2.0
  • Also known as: Security Assertion Markup Language 2.0

A version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority (an identity provider) and a SAML consumer (a service provider). SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.


A security mechanism for separating untested or untrusted programs or code, without risking harm to the host environment.


The suitability of a network system to operate properly and efficiently when configured on a large scale.

  • Also known as: Signalling Connection Control Part, Skinny

Network layer protocol that provides extended routing, flow control, segmentation, connection orientation, and error correction facilities in Signaling System 7 telecommunications networks.

  • Also known as: Simple Certificate Enrollment Protocol

Protocol that supports the secure issuing of certificates to network devices in a scalable manner, using existing technology whenever possible. 

  • Also known as: Small Computer Systems Interface

A specification (ANSI X3T9.2) for a short distance Local Area Network (up to 6 meters) using bus topology for up to eight devices. 

  • Also known as: software-defined networking in a wide area network, software-defined WAN

A wide area network controlled by software. Control and data are decoupled, simplifying both network hardware and management.

  • Also known as: software development kit

Set of software development tools that allows the creation of applications for a certain software package.

serial port

A port on a computing device that is capable of either transmitting or receiving one bit at a time. 

Server Agent
  • Also known as: Barracuda SSL Server Agent

The Barracuda Server Agent is used to proxy traffic for resources located in a network that cannot be reached directly by the Barracuda SSL VPN.

server certificate

Certificate for a server, signed by a valid, trusted entity, that allows access without further validation.

service certificate

Certificate for a service, signed by a valid, trusted entity, that allows access without further validation. 

service object

A firewall object that references services on the Barracuda CloudGen Firewall. Can be applied to an access rule. 

session layer

The layer in the OSI 7-Layer Model that is concerned with managing the resources required for the session between two computers.

  • Also known as: secure hash algorithm

A secure hash algorithm, or a set of algorithms, developed by the National Institutes of Standards and Technology (NIST) and other government and private parties.

single pass

Algorithm that reads its input exactly once, in order, without unbounded buffering. Generally requires O(n) time and less than O(n) storage (typically O), where n is the size of the input.

Single Sign-On
  • Also known as: SSO

A session and user authentication service that permits a user to use one set of login credentials to access multiple applications. 


Communications protocol for signaling and controlling multimedia communication session such as voice and video calls.

SIP Proxy service
  • Also known as: Session Initiation Protocol

In VoIP (Voice over Internet Protocol) technology, SIP proxies are elements that route SIP requests to user agent servers and SIP responses to user agent clients. The SIP Proxy service on the Barracuda NextGen Firewall helps establish a VOIP call with an external SIP provider.

Site-to-Site VPN

Securely connects entire networks to each other, for example, connecting a branch office network to a company headquarters network.

  • Also known as: service level agreement, service-level agreement

A contractual agreement by which a service provider defines the level of service, responsibilities, priorities, and guarantees regarding availability, performance, and other aspects of the service.

  • Also known as: SMBv1, SMBv2, SMBv3, Server Message Block

Operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

SMS Passcode

Multi-Factor Authentication (MFA) solution that adds an extra security layer for a broad range of authentication clients.

  • Also known as: Simple Mail Transfer Protocol

Internet standard for electronic mail transmission.

  • Also known as: Systems Network Architecture

IBM's communications architecture and strategy.


Capture of the state of a system at a particular point in time.

  • Also known as: Simple Network Management Protocol

A standard for management of networked devices using a simple request-response data retrieval mechanism. Used for collecting information, along with configuring network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

SNMP service

The SNMP service is used to remotely monitor the network and system state of a Barracuda NextGen Firewall using a network management system (NMS).

  • Also known as: simple notification service

Feature to push notifications to mobile services and trigger actions, in Amazon Web Services (AWS).

  • Also known as: Simple Network Time Protocol

Network package format for time synchronization, similar to NTP, only recommended for simple applications.

Social Security number
  • Also known as: SSN, ss number

A nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents for social security purposes.

Source NAT

Changing the source address/port in the IP header of a packet. Example: changing a private IP address/port into a public address/port in the IP header of a packet leaving the network.

source-based routing
  • Also known as: policy routing

Used when the source IP address of the connection determines, either in whole or in part, which route is used.


Unwanted email messages, usually for advertising purposes and usually sent in bulk.

SPAM Filter service

Service on the Barracuda CloudGen Firewall that detects, filters, and removes spam.


Mail filter that is integrated in the Barracuda NextGen Firewall SPAM Filter service.

  • Also known as: honey pot, honeypot, honey trap, honeytrap

An email address that is set up by an anti-spam entity, not for correspondence, but to monitor unsolicited email. 

  • Also known as: Sender Policy Framework

A protocol enabling the owner of an Internet domain to specify which computers are authorized to send mail with envelope-from addresses from their own domain. 

  • Also known as: Simultaneous Peripheral Operations Online

Putting jobs in a buffer, a special area in memory, or on a disk where a device can access them when the device is ready. Spooling is useful because devices access data at different rates. The buffer provides a waiting station where data can rest while the slower device catches up.

Spot Instance

Purchasing option that allows a customer to purchase unused Amazon EC2 computer capacity at a highly-reduced rate.


Software that gathers information about a person or organization without their knowledge.

  • Also known as: Structured Query Language

A standard metalanguage for data base access and management.

  • Also known as: Amazon Simple Queue Service, Amazon SQS

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service.

  • Also known as: solid-state drive, solid state drive

A solid-state storage device that uses integrated circuit assemblies as memory to store data persistently.

SSH Proxy service

Service on the Barracuda NextGen Firewall that allows regulating SSH connections. 

  • Also known as: Secure Sockets Layer

Standard security technology for establishing an encrypted link between a server and a client - typically a web server and a browser, or a mail server and a mail client.

SSL certificate

A digital certificate that is installed on a web server, authenticates the identity of the website, and encrypts the data that is transmitted.

SSL Encryption
  • Also known as: Secure Sockets Layer encryption

The standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.Transport Layer Security (TLS) is the successor to SSL, and is sometimes referred to as "SSL".

SSL Inspection
  • Also known as: SSL Interception

SSL Inspection transparently unencrypts, inspects, and and re-encrypts HTTPS traffic. Also has the ability to block a small section of an HTTP site (for example, allowing Google traffic, but blocking Google Play).

SSL Interception

Barracuda CloudGen Firewall feature, used to examine HTTP/S traffic.

SSL VPN client

VPN client that can be installed on the Barracuda CloudGen Firewall and then accessed through the Barracuda SSL VPN web portal. (Barracuda SSL VPN is a different product.)

SSL VPN service

Service on the Barracuda CloudGen Firewall that manages SSL VPN connections. (Barracuda SSL VPN is a different product.)

stateful packet inspection
  • Also known as: stateful packet forwarding

Firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

static route

Route that is explicitly configured and entered into the routing table. Static Routes take precedence over routes chosen by dynamic routing protocols.

static website hosting

Hosting of a static website in Amazon S3. When a bucket is enabled for Static website hosting, all content is accessible to web browsers via the Amazon S3 website endpoint of the bucket.

statistic cooking

Procedure that defines how statistic logs are processed and how long they are kept on a system.

statistics services

Services that collect data from systems and process it according to specified transfer settings.

storage account

A secure account that gives you access to services in Microsoft Azure storage.

stream and packet compression

Data compression technique used in wireless networks.

  • Also known as: Amazon elastic block store, AWS, Amazon Web Services, striped

Method to combine performance and throughput of Amazon EBS volumes to a single logical volume.

stub area
  • Also known as: Open Shortest Path First, Autonomous System Boundary Router

OSPF area that carries a default route, intra-area routes, and interarea routes, but does not carry external routes. Virtual links cannot be configured across a stub area, and they cannot contain an ASBR.


Offloading large attachments from a mail server.


Partitioning of an IP address space into several smaller address spaces.

syslog streaming

Method for handling of log file messages that are to be transferred to another system for analyzing purposes.

  • Also known as: Terminal Access Controller Access-Control System Plus

A service for external authentication that provides centralized user and group management and offers extended logging options.


An intrusion into a network cable by a connector.

TCP Flow Optimization
  • Also known as: TFO

Improves the TCP stack and brings uniformity to TCP sessions. Mitigates the inherent lack of performance in TCP slow start and general flow control, which can slow data transfers. TFO techniques fill the pipe and reduce latency, resulting in faster transfers and optimal bandwidth use.

TCP Proxy

The TCP Proxy is placed between browser and web server and filters requests and responses in TCP streams.

TCP stream reassembly

Part of the processing of TCP IP traffic that consists of fragmenting, sending, and reassembling packets.

  • Also known as: Transmission Control Protocol/Internet Protocol

A Transport and Network Layer Protocol, respectively, used for communication in the Internet and often in private networks.


A protocol to access a remote computer system, often a Unix system, over the network. Origin: Teletype Network.

temporary access

A time-restricted grant of access to certain areas that are usually off-limits, without having to change the usual organization's policy. For example, for a special project on a certain date, teachers can grant temporary access for students to view specific domains or categories of domains that are usually blocked by school policy.

terminal server

Communications processor that connects asynchronous devices such as terminals, printers, hosts, and modems to any LAN or WAN that uses TCP/IP, X.25, or LAT protocols.

  • Also known as: Trivial File Transfer Protocol

A simplified version of FTP (file tranfer protocol).

threat vector

The path along which an attack occurs, like a web application, email, or a remote user.

  • Also known as: throttle

The automatic restricting or slowing down of a process based on one or more limits.

Ticket Authentication

A sub-feature of Guest Access that allows administrators to create voucher codes for access authentication.

  • Also known as: time stamp

A date/time string to mark an occurrence of an event. 


The abbreviation TINA stands for Transport-Independent Network Architecture. It is the Barracuda VPN protocol. The Barracuda VPN protocol. A proprietary extension of the IPsec protocol developed to improve VPN connectivity and availability over the standard IPsec protocol.

top level domain
  • Also known as: TLD

The last part of a hostname.

traffic intelligence

In addition to site-to-site VPN, enables locations to maintain connectivity even if one or more transports are down. See also Dynamic Path Selection.

traffic optimization
  • Also known as: Traffic Shaping

Feature that is designed to improve the speed and reliability of business-critical applications by prioritizing important traffic.

Traffic Prioritization

A WAN optimization technique that allows a certain amount of available bandwidth for mission critical applications and traffic. See also Traffic Shaping.

Traffic Shaping

Traffic shaping prioritizes network resources according to factors such as time of day, application type, and user identity. Used to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of network traffic by delaying other kinds.

Transit VPC
  • Also known as: Transit Virtual Private Cloud

A central VPC, configured to minimize the number of connections required to connect multiple VPCs and remote networks.

transparent client

A VPN client that lets you establish transparent network access (Layer 3) to internal company network infrastructures.

transparent failover

Synchronization of all forward packet sessions (inbound and outbound TCP, UDP, ICMP-Echo, and other IP protocols) of the firewall server between two HA partners. 

transparent proxy
  • Also known as: inline proxy

The HTTP Proxy operates transparently to the clients in the network.

Transport Layer Security
  • Also known as: TLS

Cryptographic protocol that provides communications security over a computer network.

TS Agent

Enables the Barracuda NextGen Firewall to authenticate users with login information from a Microsoft Terminal Server.

  • Also known as: Azure Route Tables, User Defined Routing

Enable you to create network routes for traffic between subnets and to the Internet.

  • Also known as: Universal Mobile Telecommunications System

A third generation mobile cellular system for networks based on the GSM standard.


To decrypt encrypted data. The antonym of encrypt.


Product or system.

URL filter database

Barracuda's database of web sites, with policies set by category. URLs are checked against the database and access granted or denied based on your policies. For example, you can prevent company staff from surfing on Facebook or adult sites during office hours.

URL filter match object

A firewall object that can be applied to an application rule on the Barracuda CloudGen Firewall. Application rules containing this type of object are only processed if the URL categories defined in the object are detected.

URL Filter service

URL filtering service on the Barracuda NextGen Firewall F-Series that can use two Web Security Gateway engines.

user agent

Software that acts on behalf of the user. For example, an agent might give information about a user's browser and operating system to a web site.

user agent string
  • Also known as: user-agent string

List of keywords used for content negotiation in HTTP, where the origin server selects suitable parameters for a response. Contributes to the information that the client sends to the server.

User Identity Awareness

Security term for traffic monitoring based on username, host, and IP address.

user object

A firewall object that references users and groups. Can be applied to an access or application rule on the Barracuda CloudGen Firewall. 

  • Also known as: unified threat management, unified security management, USM

The evolution of the traditional firewall into an all-inclusive security product, able to perform multiple security functions within one single system.