I got my 210 earlier this week and was able to get it up and running fairly quickly after a call to tech support. There is a known issue on the post installation procedure, and the work-around can be found here
.Since then, I have had the opportunity to play with most of the features available on the 210 (save clustering) and gauge the unit in a production environment. I would normally test it in an off-line setting, but my customer had a compelling need, so we dove in with both feet.What follows are my impressions and requests for change. I am very interested in what everyone else has to say as well.I was pretty excited to get the firewall in. The chasis is in a rackmount configuration, and the color scheme and general design are very sleek. I mounted the 210 into a standard telco rack along with my switches and patch panels and it makes a handsome addition to the equipment already installed. For giggles, I also checked it against my HP rack, and it would have mounted there just fine if I had room.The installation process is seamless with the exception noted above. Basically, anyone with even a limited knowledge of networking should be able to install and configure the Barracuda Spyware Firewall. Since it is a layer 2 device, it acts as a transparent bridge and assigning an IP address is only needed for management purposes. There is no need to change any of your IP addressing scheme (gateway, DNS) with the Barracuda. Using TCP port 8000 at the assigned IP address, you can perform all management functions via a web browser (I was pleased to see no problems using Firefox). I was surprised to find that secure http (https) was not an option for management, and this is something that Barracuda should probably consider in future releases.In essence, the 'Cuda is a proxy server with a nice web interface for configuration and basic reporting purposes. While, with a huge amount of work, you could attain a similar result using a basic LAMP setup running Squid, the Barracuda Spyware Firewall comes with "Energizer Updates" that save you the hassle of trying to stay on top of the multitude of spyware websites and virus signatures floating around. Additionally, basic content blocking is built in although the implementation is somewhat crude at this point. Actually, most of the functionality is crude at this point, but I can certainly see that this is a diamond in the rough. Being an early adopter is normally a pain, but in the case the early adoption goes to the software, not the hardware.In other words, this isn't like buying a Beta when VHS is in the works.The network I installed the unit on has over 100 nodes, to include VPN Terminal Server Sessions:Spyware:
The Barracuda does an excellent job of identifying client PC's with spyware installed. I was able to identify 3 computers that were infected with various spyware software (we have an extremely tight image, so 3 was actually somewhat of a surprise). We use AdAware for spyware removal, and while the Barracuda identified Alexa as Ads.Mediaplex, the end result was the same. We were able to locate and fix the infected machines, although I feel we had to take an extra step. The Barracuda gives the IP of the infected machine, but I had to do a ping -a to get the host name, at which point I could nail things down to a specific machine. It would be nice if the unit would use a host name instead of an IP for management purposes.The firewall also seems to do a good job of blocking inbound spyware requests. All in all, AdAware seems to back up our clients state of operations in comparison to the Barracuda - Limited to no spyware and I have yet to find anything on a client that the Barracuda missed.Viruses
Based on the online help file, the Barracuda only scans for viruses within emails. I am a little hazy on this point, although I would assume that outbound virus traffic would be detected and blocked if it attempted to use port 80. Documentation on the Spyware Firewall is sorely lacking, and is something the company needs to address. This will be a handy feature, however, if you have a client using webmail. At least, I think it would. Again, documentation would be helpful.Content Filtering
Very crude. I hate to be blunt, but this is the case. To give some real life examples:Eonline (Entertainment Online) is classified as porn. Dating sites are similarly classified. While this might not seem to be much of an issue, consider things from the end user side. They attempt to surf to a site they have always used (policies vary per organization, but these are not overly racy sites) and get a notification in their browser that the website they are trying to access is "porn". You end up with some very concerned users, and rightfully so. I would have thought that an administrator would be able to access the content database to add or remove items, but this isn't the case. While you can "whitelist" a site to avoid the browser notifications, you can only do so after a notification has been received from a frazzled network user or after reviewing the log file. The lack of access to the database is understandable to an extent (since this is the truly saleable aspect of the product) but it makes administration like swinging a stick at a pinata. You are always blindfolded, and you are just hoping to get the candy.The ability to modify the browser notifications will be a nice change when (if) implemented. I don't want to scare my end users silly. Also, as stated, being able to browse the sites listed in each category would be a plus. If these features aren't implemented (and they should be) make sure you communicate with your end users extensively so they don't feel singled out. Also, well written web usage policies will help to ease the pain.Reporting
Statistics are the butter on the IT departments bread. The stats currently available on the Barracuda Spyware Firewall meet the minimum standards, but lack any major degree of sophistication. I do feel I can justify the (upcoming) purchase of the unit based on the stats, but some of the reports are just flakey. Barracuda needs to work on filtering results and tailoring reports to at least some degree.Additionally, parsing the log files could use some enhancements also. I like a little more granularity when I am searching for certain things in large files. While being able to search the access log by using the category "Blocked Requests" is nice, I would like to further refine the search to category "Blocked Requests" and reason "Advertising". Being able to search "Blocked Resuests" by "Category" by "Source IP Address" (or hostname, which is better) would kick butt.While we are at it, let's go ahead and measure bandwidth in terms of http requests, and allow for the blocking of users based on IP address or host name.The potential is there for this to be the killer app for SMB markets, and guarding bandwidth is still a part of the mix (especially in state or local government agencies with limited budgets). While this is addressed with the cacheing functionality in the larger units, the ability to block web requests in areas like advertising, content, and IM's make the Barracuda a compelling product for many businesses.First Impressions
I am EXTREMELY impressed with the potential of this unit, and plan to recommend that my customer purchase it. Again, while some of the functionality is still crude at this point, all of the basics are in place and the upside for improvement is tremendous.Tech Support is a little overwhelmed (my opinion) as a result of their advertising blitz, but once you get in touch with them they are very knowledgeable. Also, this option is not off-shored (apparently) and the employees seem to be very excited about the direction the company is headed in. That is something I haven't seen a lot of since the dot.com bust.I am buying into the Barracuda Spyware Firewall for at least a year. If they address some of the concerns I have listed here, I will be a life long customer.Given the ability to upgrade the unit remotely (daily/hourly for spyware and virus definition updates) coupled with the apparent desire of the company to make a world class enterprise box (not to mention the cost, which is so far below the competition that is is insane) hanging in for there for the long run is the smart move.