We just raised a $30M Series A: Read our story

Barracuda CloudGen Firewall Alternatives and Competitors

Get our free report covering Fortinet, Sophos, Cisco, and other competitors of Barracuda CloudGen Firewall. Updated: November 2021.
552,136 professionals have used our research since 2012.

Read reviews of Barracuda CloudGen Firewall alternatives and competitors

Quoc Vo
Director Of Technology at La Jolla Country Day School
Real User
Protects our network from various malicious activities by filtering and inspecting traffic

Pros and Cons

  • "It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
  • "There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."

What is our primary use case?

We basically use it to protect our network from various malicious activities out there. We have two subscriptions. We have the WildFire subscription, which is similar to DNS filtering. We also have Threat Protection, which allows the firewall to inspect traffic up to Layer 7. It inspects applications as well as unknown applications, quarantining and stopping things. So, you are not always chasing, "What applications should I be running on this device?" It does a good job of all of that. The management of it is a little tricky, but that is how it goes.

We are running the PA-3250s. We have two of them. They operate in Active/Passive mode. Therefore, if one fails, then the other one takes over. 

What is most valuable?

It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things.

What needs improvement?

There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex.

The VPN is only available for Windows and Mac iOS environments. We have a variety of iPads, iPhones, and Android stuff that wouldn't be able to utilize the built-in VPN services.

I would like easier management and logging. They can set up some profiles instead of having you create these reports yourself. However, you should be able to set it up to give you alerts on important things faster.

For how long have I used the solution?

We have had this in place for four years. I have been at the school for almost a year and a half. So, this is my second year here at the school, so my experience with it has probably been a year and change. I use other firewall solutions, but I have gotten pretty comfortable with the Palo Alto solution.

What do I think about the stability of the solution?

It is very stable. We have never had any issues with any failures on it.

I haven't felt any performance lags on it. It has been handling everything just fine.

What do I think about the scalability of the solution?

We purchased it a few years ago. Since then, we have had a lot more clients on our network, and it has handled all that fine. You go into it and just have to scale it higher. Palo Alto doesn't give you too many choices. There is not a medium; it is either very small or very big. So, you don't have a choice in that.

How are customer service and support?

We have never had to call Palo Alto. Secure Works does all our support maintenance on it.

Which solution did I use previously and why did I switch?

I have been here for a year and a half. Before, the firewall that they were using (Barracuda) was barely adequate for what we were doing. We got new ones simply, not because we had a software/hardware-type attack, but because we had a social engineering attack where one of the folks who used to work for us went on to do some crazy things. As a result, the reaction was like, "Oh, let's get a new firewall. That should stop these things in the future."

How was the initial setup?

The initial setup was pretty complex because they did not do it themselves. They actually hired some folks who put it in. 

What about the implementation team?

We use Secureworks, which is a big security company. They actually send an alert when there are problems with the firewall or if there are security issues. They handled the deployment. 

We also use another company called Logically to monitor the firewall in addition to all our other devices.

What's my experience with pricing, setup cost, and licensing?

Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time.

I would suggest looking at your needs, because this solution's pricing is very closely tied to that. If you decide that you are going to need support for 1,000 connections, then make sure you have the budget for it. Plan for it, because everything will cost you.

If another school would call and ask me, I would say, "It's not the cheapest. It's very fast, but it's not the cheapest firewall out there."

Which other solutions did I evaluate?

I have been looking at different firewalls because our service and maintenance contracts are up on it. We have two different outsourced folks who look at the firewall and help us do any configurations. My staff and I lack the knowledge to operate it. For any change that we need to make, we have to call these other folks, and that is just not sustainable.

We are moving away from this solution because of the pricing and costs. Everything costs a lot. We are moving to Meraki MS250s because of their simplicity. They match the industry better. I have called the bigger companies, and Meraki matches the size, then the type of institution that we are.

If someone was looking for the cheapest and fastest firewall product, I would suggest looking at the Meraki products in the educational space. I think that is a better fit.

What other advice do I have?

Its predictive analytics and machine learning for instantly blocking DNS-related attacks is doing a good job. I can't be certain because we also have a content filter on a separate device. Together, they kind of work out how they do DNS filtering. I know that we haven't had any problems with ransomware or software getting installed by forging DNS.

DNS Security for protection against sneakier attack techniques, like DNS tunneling, is good. I haven't had a chance to read the logs on those, but it does pretty well. It speaks to the complexity of the firewall. It is hard to assess information on it because there is just a lot of data. You need to be really good at keeping up with the logs and turning on all the alerts. Then, you need to have the time to dig through those because it could be blocking something, which it will tell you.

I haven't read the NSS Labs Test Report from July 2019 about Palo Alto NGFW, but it sounds interesting. Though it is a little bit of snake oil, because the worst attacks that we had last year were purely done through social engineering and email. I feel like this is an attack vector that the firewall can't totally block. So, before you put something in, like Palo Alto Firewalls, you need to have your security policy in place first.

I would rate this solution as eight out of 10. Technically, it is a good solution, but for usability and practicality, I would take points off for that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Charanjit Bhatia
AGM Cyber Security CoE at Bata Group
Real User
Top 5
Flexible, provides good visibility, and it's easy to manage with a centralized dashboard

Pros and Cons

  • "It creates granular security policies based on users or groups to identify, block or limit the usage of web applications."
  • "Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult."

What is our primary use case?

We use this solution for complete protection against advanced zero-day threats with Threat Emulation and Threat Extraction. We also use:

  • NSS Recommended IPS to proactively prevent intrusions
  • Antivirus to identify and block malware
  • Anti-bot to detect and prevent bot damage
  • Anti-Spam to protect an organization's messaging infrastructure
  • Application Control to prevent high-risk application use
  • URL Filtering to prevent access to websites hosting malware
  • Identity Awareness to define policies for user and groups
  • Unified Policy that covers all web, applications, users, and machines
  • Logging and Status for proactive data analysis

How has it helped my organization?

The solution has improved the organization with respect to the following:

  • Simple implementation and operation
  • Central dashboard for managing branch firewalls
  • Easy measurement of security effectiveness and value to the organization
  • Proactive protection with the help of many inbuilt blades
  • SandBlast Threat Emulation and Extraction provides us zero-day protection from known and unknown threats in real-time 
  • Great visibility on the number of threats being blocked at the dashboard
  • Helps to clean traffic, both egress and ingress
  • A simplified URL filtering option is available for users with detailed granularity to map user/departments with respect to specific access
  • It does deep packet inspection for checking HTTPS traffic. There is a shift towards more use of HTTPS, SSL, and TLS encryption to increase Internet security. At the same time, files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data
  • It helps in the identification of C&C via Anti-Bot
  • It provides geolocation restrictions that may be imposed via IPS
  • Excellent Application Control for the administrator to manage the access for users
  • Secure remote access is configured with mobile access connectivity for up to five users, using the Mobile Access Blade. This license provides secure remote access to corporate resources from a wide variety of devices including smartphones, tablets, PCs, Mac, and Linux

What is most valuable?

We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-

  • Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.
  • IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.
  • AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.
  • Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.
  • URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.
  • Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.

What needs improvement?

I would like to see the provision of an industry-wide and global benchmark scorecard on leading standards such as ISO 27001, SOX 404, etc., so as to provide assurance to the board, and confidence with the IT team, on where we are and how much to improve and strive for the best.

Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult. This integration would be helpful in providing a full security picture across the organization. I am looking forward to the go-ahead of R81 with MITRE framework adoption in the future.

For how long have I used the solution?

We have been using the Check Point NGFW for the last four years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

It is highly scalable on cloud and does provide customers with lot of flexibility while performing the sizing of the appliance.

How are customer service and technical support?

Technical Support needs improvement, especially the L1 engineers.

Which solution did I use previously and why did I switch?

Prior to this solution, we were using GajShield. However, due to limited visibility and support, we opted for a technical refresh and upgrade of products.

How was the initial setup?

Yes initial setup was complex as migration of policies from one OEM to another is a challenge. however we meticulously planned and completed the implementation in phases.

What about the implementation team?

Yes we took help of the Certified Vendor. Vendor support was good.

What was our ROI?

We did not calculate our ROI; however, it provides good visibility to us.

What's my experience with pricing, setup cost, and licensing?

Check Point is competitively priced; however, there is an additional charge for the Annual Maintenance Contract (AMC) and it is easy to understand.

My advice is to negotiate upfront with a support contract of between three and five years.

Which other solutions did I evaluate?

We evaluated Palo Alto, Barracuda, and Fortinet.

What other advice do I have?

In summary, this is an excellent product and featured consistently in Gartner for the last 10 years. They have good R&D and support services across the globe. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Bernard Otieno
Technical Engineer at Harnssen Group Limited
Reseller
Top 20
Easy to set up with good technical support and good stability

Pros and Cons

  • "We've deployed quite a number for our users and our customers, and the feedback is quite positive in terms of management and also administration."
  • "XG is at its end of life. People are moving to XGS."

What is most valuable?

I enjoy synchronized security, where you have to synchronize both the firewall and the endpoint. When I deploy a firewall, I integrate it with the endpoint so that they can send the security heartbeat from the endpoint to the firewall. In the Sophos firewall, there's deep inspection, which works quite well. Sophos has the web application firewall inbuilt. This is unlike other firewalls, where you have to integrate with another standalone web application firewall. Being inbuilt in Sophos, you just have to configure an application so that it's more of a policy, and you're good to go. It's pretty simple in terms of the user. 

We've deployed quite a number for our users and our customers, and the feedback is quite positive in terms of management and also administration.

The technical support is pretty good. 

The initial setup is easy.

There's quite a number of items on offer. When you look at Gartner, it's doing well. The uptake in the market has been wonderful and currently, it's competing with other top firewalls such as Check Point, Fortinet, and Palo Alto.

What needs improvement?

XG is at its end of life. People are moving to XGS. With those changes on the horizon, a client might end up in, maybe 10 years, having four or five appliances, which they might not use. I don't know what Sophos is doing to maybe change this. Right now, we've moved from XG to XGS.

Another feature, which might be good and which other vendors are maybe exploring is the NAC. Sophos doesn't have a NAC solution. 

Maybe they can improve on their WAF. Currently, they have the inbuilt. 

They could work on their SD-WAN solution. I have seen it. It's not that competitive compared to other vendors. We've had some device issues.

For how long have I used the solution?

I've been dealing with the solution for the last four years.

What do I think about the stability of the solution?

In terms of when it's in the network, it's stable compared to other firewalls, where I have had some issues. I had a case with another firewall, which the client changed to Sophos and it was not that stable as the client had to go and actually restart the firewall. The challenge comes in terms of stability when, let's say, the engineer doing the scoping does the round-sizing for the firewall. This causes the IPS to become overloaded or overworked, so it disconnects the traffic at the port level. In terms of stability, I might say sometimes we might experience challenges maybe when the sizing is not done correctly. That's why we might experience that disconnect at the interface level where the internet gets disconnected, however, that's the case of sizing, not the product itself. In terms of stability, it's stable in the network.

How are customer service and support?

In terms of Sophos' support, they have been wonderful. I had a device issue and I found the return policy to be quite simple. 

Their technical support is pretty straightforward. When you raise a ticket, the feedback is immediate, and you are assigned a support person. It's been a wonderful experience.

Even to the end-user, it's a pretty straightforward system that they have. A user would just log into support.id, then key in their credentials and raise a support ticket. It's pretty simple.

Which solution did I use previously and why did I switch?

I'm also familiar with Check Point, FortiGate, and Palo Alto. We also used to use Sonic Wall, however, we've moved to Sophos.

How was the initial setup?

The initial setup is pretty straightforward. It's not overly complex.

Which other solutions did I evaluate?

I've compared Check Point, CloudGen Network Security, and Sophos XG previously for clients. Not being biased to any vendor, normally, in this region, what normally happens is the budget. You might recommend Check Point to a customer, however, Check Point is a bit expensive, so you might end up losing the deal. What you would recommend, is Check Point as the Quantum, as the firewall. Sophos is doing quite well in terms of the endpoint for the workstations and the servers, the physical and the virtual. Likely it would be a good idea to recommend Sophos Security. That said, if the client has the budget, you'd recommend Check Point as a firewall. It's always good to do a bit of comparison and advise the client as to what is best for them.

What other advice do I have?

We've actually deployed and supported quite a number of the products, from XG105 to XG3430.

Sophos is on-prem mostly, however, now there's another product for Sophos, for the endpoints, which is cloud-based.

I'd rate the solution at a ten out of ten. It's one of the best products. We have deployed quite a number of them - almost 20 - and I've not seen any of my clients complain.

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
SR
IT and Operations Manager at a financial services firm with 1-10 employees
Real User
Top 20
Scalable with an easy initial setup but technical support is terrible

Pros and Cons

  • "The initial setup is a breeze."
  • "When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions."

What is our primary use case?

We primarily use the solution on the VPN for protection purposes. We utilize its antivirus capabilities as well.

What is most valuable?

I really like their general IT.

I like how it's possible for me to block other countries immediately if I see the need to do so.

The initial setup is a breeze.

What needs improvement?

The support the solution offers needs a lot of improvement. GFI took over the product and since the takeover, the support, the backups, the after-sales support, etc., has basically dropped off quite a bit.

When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions.

For how long have I used the solution?

I've been using the solution for about five years now.

What do I think about the stability of the solution?

The solution is very stable. Organizations won't have to worry about the solution crashing. I consider it to be very reliable. We have only had one firewall go down in the five years we've been using it, and I can't recall any other problems.

That said, when it comes to major updates, they need to do a lot more testing before they release things. Last year there had been a lot of bugs in major releases. It may have been because of the takeover. GFI has since taken over the brand.

What do I think about the scalability of the solution?

The solution is pretty scalable. I updated it about two years ago and I didn't have trouble scaling. A company shouldn't have any problems expanding it.

How are customer service and technical support?

Technical support is not the best. As an example, this past weekend I had an issue. It took me four days to get a hold of their support team. I'm a premium client. I tried everybody: America, Germany, UK, Africa. Everybody. That's unacceptable. There is no reason that their response should be that slow. In the past, I had managed to resolve issues quickly. That's not the case anymore. We're very dissatisfied with the level of service they are providing their clients.

Which solution did I use previously and why did I switch?

I've previously come across Barracuda. I've spoken to the team there. In terms of meeting our needs, I've found that, with a lot of other products, it's very modular. Kerio tends to keep everything in-house. Due to that, there are certain functionalities that I prefer to have with Kerio as opposed to other solutions.

How was the initial setup?

The fact that the setup is so easy is one of the solution's great selling points. It's straightforward. It's not complex at all.

It only takes one person to deploy and maintain the solution. The deployment itself only takes about an hour or two. Looking at the branches, it may just be 10-15 minutes of work for them. It's pretty quick. Of course, it depends on how many walls. A super basic setup is 10-15 minutes, however, if you have to put in a lot of rules, it will take longer because that process takes time.

What about the implementation team?

I handled the implementation myself.

What other advice do I have?

We're using the latest version of the solution.

I would recommend the solution. It doesn't take too many people to set it up or maintain it, like, for example, Cisco, which is a bit more complex and difficult.

I would rate the solution seven out of ten, and that's mostly due to the fact that their support is so awful right now. If their support was better and more reliable, I would rate them much higher.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SegunIyanda
Software Developer/ IT Analyst at AIICO Capital Limited
Real User
Top 5
Good encryption detection, good administration capabilities, and one of the best on the market overall

Pros and Cons

  • "In terms of administration, it's perfect."
  • "The interface needs to be updated and simplified."

What is our primary use case?

We primarily use the solution for LAN connections.

What is most valuable?

The solution has similar attributes to other competitors. 

The encryption detection is good.

In terms of administration, it's perfect.

What needs improvement?

The encryption detection could be improved. In my opinion, I think Sophos has better encryption detection than this solution.

The security of the solution could be better.

The interface needs to be updated and simplified.

The management could be more in-depth or clear. 

For how long have I used the solution?

I've been using the solution for close to a year now. I've also been working with Fortigate's firewall solution for about two and a half years.

What do I think about the stability of the solution?

We haven't faced any issues with stability since I've been with the company. I haven't witnessed any bugs or glitches. Our organization is satisfied with the level of stability it has provided.

What do I think about the scalability of the solution?

About 50% of our network users are currently on the solution. For the two companies that we have on the solution currently, there's probably 100 users in each company that use the solution.

How are customer service and technical support?

I personally have never been in touch with technical support for Fortigate. I can't speak to any kind of experience. I have heard good reviews from other people, however.

Which solution did I use previously and why did I switch?

I've used Sophos in the past.

There are some technical issues with Sophos, at least on the older version, but with XG they kind-of did an upgrade. The interface of Sophos is great. It makes it easy to manage. In terms of functionality, both Fortigate and Sophos are very good and have almost the same functionality. It does depend on the license you apply for, however.

If you subscribe to Sandstorm in Sophos, you should expect that you get the functionality of Sandstorm. 

They are both quite equal on the market for the most part.

How was the initial setup?

In terms of the initial setup, a vendor did that for us. We just manage it. The solution was already in place before I started at the company. I don't have details in relation to its initial complexity or how long it took.

What about the implementation team?

Our vendor set up the solution for us.

What's my experience with pricing, setup cost, and licensing?

At this time, I'm unsure of what the costs related to the solution are. It's my understanding that support is part of the OEM fee and you do have to pay that yearly. However, it does depend on the arrangements with the OEM.

Which other solutions did I evaluate?

We did look at Barracuda, but we decided against them because it gets a bit too technical. Also, unlike Sophos, for example, you can't pick the license you want and instead have to buy a package that may include things you don't need. Barracuda's interface looks like something designed in the 90s as well, which was a turn-off.

What other advice do I have?

We used to be on the cloud, but we phased it out more than a year ago.

I'd recommend the solution. It's one of the best on the market. It's great for financial services institutions. Security is important because of the type of companies that are typically dealing with it.

I'd advise that users use it within a firewall, to create a double layer of protection or something similar.

I'd rate the solution eight out of ten, especially when comparing it to other solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering Fortinet, Sophos, Cisco, and other competitors of Barracuda CloudGen Firewall. Updated: November 2021.
552,136 professionals have used our research since 2012.