The Barracuda Network Access and VPN clients provide an effective and cost efficient end-user integrity solution that combines administered remote endpoint security with a network access control (NAC) framework without the need to implement major changes to your existing network infrastructure. The Barracuda Network Access Client integrates with the Access Control Service of the Barracuda NextGen Firewall F-Series and lets you configure access policies and rules depending on various criteria such as identity and client health state. The Barracuda VPN client lets you configure and establish client-to-site virtual private networks (VPNs) to allow mobile workers remote access to corporate information resources. Suitable server-side functionality is included with the Barracuda NextGen Firewall F-Series and X-Series.
The Barracuda VPN Client
The Barracuda VPN Client secures remote and mobile desktops connecting to the corporate LAN through the Internet. The VPN client establishes a secure connection to a VPN service. The Barracuda VPN Client is available for Windows, and as a separate client for macOS and Linux.
The Barracuda Network Access Client
The Barracuda Network Access Client is a suite of applications available for Windows (Windows 2000, XP, Windows 7, Windows 8, Windows 8.1, and Windows 10) that lets you control network and VPN client access based on rules and policies.
The Barracuda Network Access Client provides a managed personal firewall solution with periodic health assessments. Both the outcome of the assessment and the identity of the machine and/or current user will influence the policy applicable to the endpoint. The Barracuda Network Access Client lets you easily distinguish between visitors and guest network users and can allow or deny network access attempts based on date and time, identity, health state, and type of network access. For example, different policies can be configured for users that connect from within a corporate network or users that access WLAN hotspots to build a secure VPN connection.
The Barracuda Network Access Client consists of client-side (WIndows 32-bit or 64-bit) and server-side components that the client software periodically communicates with to have the health state of its underlying operating system verified and its network access rights assessed. The client's health state is evaluated prior to initial network connection; afterwards, system health assessments are carried out periodically to detect changes.
Installable Software Components
The Barracuda Network Access Client contains the following subsystems that can be installed all-in-one or separately:
- Barracuda Access Monitor – Monitoring software, responsible for sending the endpoint health status to the Access Control Service for baselining. The Barracuda Access Monitor is dynamically downloaded and updated as required.
- Barracuda Personal Firewall – A centrally managed host firewall that can handle up to four different rulesets at once, depending on the policy applicable to user, machine, date, and time.
- Barracuda VPN Client – VPN client that secures mobile desktops connecting to the corporate LAN through the Internet.
The VPN client will establish a secure connection to a VPN service. The Barracuda Access Monitor will then communicate with the responsible System Health Validator (SHV) through the VPN tunnel. In this case, the VPN server fully controls the virtual connection.
With the Barracuda VPN Client, you can set up client-to-site TINA VPNs. TINA is a Barracuda Networks proprietary VPN protocol that offers a secure end-to-end solution without requiring additional third-party software or input. TINA offers substantial improvement over the IPsec protocol, providing:
- High level of security. For supported encryption standards, see Authentication, Encryption, Transport, and VPN Routing.
- A full-featured Certificate Authority (CA) for TINA VPNs on every Barracuda NextGen Firewall, for use with self-signed certificates.
- X.509 certificate-based VPN authentication with password request.
- Immunity to NAT or proxy (HTTPS, SOCKS) traversal.
Installable Software Components
The following VPN clients are supported for use with Barracuda VPNs:
- Barracuda VPN Client for Windows – Standard VPN client that is included with the Barracuda Network Access Client, but can also be installed or uninstalled separately.
- Barracuda VPN Client for macOS – A graphical VPN client for macOS.
- Barracuda VPN Client for Linux – A command-line VPN client for the Linux and macOS.
Features and Benefits
The Barracuda Network Access and VPN clients offer support for numerous authentication methods, quick restoration of VPN tunnels after dropped connections, 'Always On' VPN connections for PCs, support for redundant VPN gateways, selective routing of network traffic through the tunnel, automatic selection of the optimal VPN gateway based on the client's location, and much more. When using a Barracuda NextGen Firewall as the VPN gateway, you can also deploy and manage the Windows clients centrally. Every Barracuda NextGen Firewall includes a root-level Certificate Authority (CA), letting you create, delete, and renew X.509 certificates for strong authentication.
For information on how to configure the Barracuda NextGen Firewall F-Series or the Barracuda NextGen Firewall X-Series for client-to-site VPN, see: