This indicates the number of users or devices originating traffic traversing the firewall.
Barracuda CloudGen Firewall is designed to secure a company’s wide area network, improve site-to-site connectivity and enable uninterrupted access to applications hosted in the cloud - all while simplifying administration. Barracuda CloudGen Firewall tightly integrates next-generation firewall technologies including application control, intrusion prevention, SD-WAN, web filtering, malware and advanced threat protection, spam protection, and network access control. Additionally, highly resilient VPN technology combined with intelligent traffic management and smart adaptive load balancing and bonding across multiple uplinks allow customers to significantly save on MPLS line costs and increase overall network availability. Depending on actual feature use actual appliance performance may vary.
The full-featured scenario comprises one main office connecting to the internet and cloud services and includes with remote workers connecting via VPN clients or SSL VPN.
In general, the majority of features are used and CloudGen Firewall runs full featured. This scenario is also called “stand-alone deployment”
Typical examples are single locations or university campus’ without branches.
An internet breakout at branch offices indicates full internet access with (optional) full-fledged next-generation features in place.
As users can directly reach internet and cloud resources via the local firewall, additional content security features like Malware Protection, URL filtering, and Advanced Threat Protection might be needed. The management of all branch office appliances is done centrally via Barracuda Firewall Control Center.
In general, the scenario can be seen as the classic national or international enterprise network with independent regional offices.
for branch offices
Firewall, VPN, Application Detection
The satellite/shops scenario adds branch offices that need a stable and secure connection to headquarters. The branch offices connect to headquarters via site-to-site VPN tunnels and send any compute-intensive security task, like antivirus, URL filtering, IPS, Application Control, etc., to the headquarters' firewall. At the branch firewall only main features like firewalling, application detection, and VPN are enabled. Internet connections for the branch offices are routed entirely via the headquarters’ firewall. All branch office appliances are managed centrally via the Barracuda Firewall Control Center.
This scenario can be seen as the classic shop-to-headquarters scenario.
Sizing and throughput numbers are based on a typical traffic mix. The maximum recommended number of (concurrent) users depends on their usage level and is split into low, medium, or high.
All recommended user numbers are based on average email, web, and firewall usage with parameters outlined within the table below. If usage requirements are located in High or Low ranges you may consider choosing an appliance with either higher or lower capacity according to the following overview:
Downloads per user and day:
Low: Up to 2
Medium: Up to 4
High: More than 4
Low: Minor peaks
Medium: Equally spread throughout the day
High: Many peaks
Low: Mostly webmail/wikis/news
Medium: Mostly webmail/wikis/news
High: PowerUsers (schools, universities, business applications)
Active Directory in use:
IPS in use:
Number of VPN tunnels per user:
Medium: Up to 1
High: More than 1
Number of recieved emails in inbox:
Low: Up to 20
Medium: Up to 50
High: More than 50
Number of large emails:
Medium: Up to 3 emails with attachments of up to 500kB
High: More than 3 emails and/or with attachments bigger than 1MB
Medium: Up to 10% of all emails
High: More than 10% of all emails
All performance values are measured under optimized conditions and are to be considered as “up to” values and may vary depending on system configuration and infrastructure:
Firewall throughput measured with large packets (MTU1500) UDP packets, bi-directional across multiple ports, if applicable measured with 10Gbps ports.
VPN throughput is based on Barracuda TINA VPN protocol, 1415 Byte UDP packets using AES128 NOHASH, bidirectional using BreakingPoint traffic generator.
IPS throughput is measured using large packets (MTU1500) UDP traffic and across multiple ports, if applicable measured with 10Gbps ports.
NGFW throughput is measured with IPS, application control, and web filter enabled, based on BreakingPoint Realworld-IPS-Enterprise-Traffic-Mix, bidirectional across multiple ports, if applicable measured with 10Gbps ports.
Threat protection throughput is measured with IPS, application control, web filter, and cloud-based antivirus and SSL inspection enabled (as part of an active Advanced Threat Protection subscription), based on BreakingPoint Realworld-IPS-Enterprise-Traffic-Mix, bidirectional across multiple ports.