This news was supposed to have been publicised via our Sales teams and resellers, but our Support team tell me that some customers have not been made aware and speaking to Support is the first that they're hearing about this, so I'm posting here to try and clarify the situation.
As of the beginning of this month (March 1st 2019, or the closest pricelist update) the Barracuda SSL VPN is no longer available for any new sales of either physical or virtual appliances, or 3 and 5 year renewals. 1 year renewals will be available for a further 12 months, until March 1st 2020. After this point there will be no sales or renewals of SSL VPN subscriptions available at all.
Where does this leave support? The product has already been in maintenance mode for over 2 years (this was announced in November 2016). There has been and will be no further features added to the product, including any feature requests to remove the dependency on Java. Only critical security fixes will be provided. The Support team will still be staffed and available to help for the foreseeable future, and there will be limited Engineering resource available for this legacy product. However given that we are not going to address anything around the Java dependency, it is likely (and recommended!) that you will need to look into an alternative product sooner rather than later. As it stands today there is no end-of-support date set for the product so I expect it to continue until there are no active subscriptions; but that is not something under my control. Also as the product is so dependent on Java (and as publicised since 2016 we will not be addressing this) this may change due to external constraints.
What is the Barracuda alternative? Our recommended solution is the Cloud Generation Firewall, with an Advanced Remote Access subscription. This has several advantages over the legacy SSL VPN, including:
- Better VPN connectivity; the Barracuda TINA protocol and associated architecture performs better than Network Connector and on a par with IPsec, but offers more flexible configuration and better security than common IPsec implementations
- Better access control; the Barracuda SSL VPN is not (and cannot be) a firewall and offers essentially zero access control - it's built purely for simplicity which was appropriate for a product which launched over 10 years ago, but not so much for a new deployment now
- Better clients; the CudaLaunch client is available from the appropriate app store on all major platforms so can be kept up to date much easier, and doesn't use Java so is available for mobile devices as well as desktop
- Better web portal; the design is more modern and less confusing than the legacy product, which makes it easier to use
Although this device is a firewall, it's entirely possible to use one purely as a VPN gateway behind an existing firewall, and given the security advantages of correctly being able to segregate end user VPN devices from the rest of your network this is a great reason to use one in preference to a legacy SSL VPN even if you already have another firewall solution in place, with the potential to consolidate your remote access and firewall solutions in future.
Apologies to anyone who wasn't already aware of this, regrettably we obviously didn't choose the correct channels to publicise this update.