Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses...
Transcript of Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses...
![Page 1: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/1.jpg)
Barracuda CloudGen FirewallProtection and Performance for the Cloud Era
Florian Vojtech, Sales Engineer
![Page 2: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/2.jpg)
Transportation Financial Retail Manufacturing Industry
Broadcasting Government NGO Healthcare
Legal
Food
![Page 3: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/3.jpg)
CloudGen? Facebook is no longer the challenge
Technological and Digital Transformation
Cloud Service Utilization Connected ThingsPublic Cloud Computing
There are new requirements, environments and operators.
Additional attack surface, new vulnerabilities and threats
![Page 4: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/4.jpg)
NextGen + SD-WAN + Cloud Ready
Cloud Generation Firewall
![Page 5: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/5.jpg)
Speed of deployment ?
Initial Configuration ?
Cost of Deployment ?
Cost of small units ?
Virtual ?
Cloud ?
Mgmt. of hundreds of boxes?
Multiple Admins ?
Audit & traceability ?
Ongoing OPEX ?
Compliance ?
Reporting ?
Cost ?
Control ?
Security ?
Availability ?
Multi-Provider Mgmt. ?
Performance / Bandwidth ?
Data Theft
Spyware/Botnets
APT / Ransomware
Employee Productivity
Network Security / Hacking
Internet Access compliance
Operations
Security
Deployment
Connectivity &
Secure SD-WAN
Challenges Barracuda CloudGen Firewalls Solve
![Page 6: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/6.jpg)
Zero Touch Deployment
Pool Licensing
Disaster Recovery
Multi-Tenancy
Native Cloud
Hardware
Virtual
Central Management & Lifecycle
Granular Admin Concept
Revision Control
Troubleshooting
GTI & Live Status
OPEX expenses
Reporting
Multi- ISP
WAN compr.
VPN + SSL-VPN
Traffic Intelligence
Traffic Shaping / QoS
Virtual WAN Balancing
Application-Based Link Selection
IPS/IDS
SSL Interception
User Awareness
Antivirus / Web Filter
Stateful FW + AppDetect
Advanced Threat Protection
(ATP)
+ Botnet & Spyware Detection
Operations
Security
Deployment
Challenges Barracuda CloudGen Firewalls Solve
Connectivity &
Secure SD-WAN
![Page 7: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/7.jpg)
Security
![Page 8: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/8.jpg)
10.) Malware Protection & Anti-
Virus
1.) Geo IP Control
2.) DoS / DDoS
8.) Web Filtering + Mail Security
4.) SSL Inspection
9.) File Content Filter
5.) Botnet & Spyware Protection
6.) Intrusion Prevention System
(IPS)
Advanced Threat Protection
On-box
Cloud Service
Barracuda
Global Threat
Intelligence Network
sing
le p
ass
in
spect
ion
continuous updates
upload for inspection
Threat Intelligence Push
7.) Application Control
3.) User Identity Awareness
1.) Advanced Signatures Analysis
2.) Behavioral & Heuristics
Analysis
4.) Sandboxing (Detonation)
3.) Static Code Analysis
Full Next-Generation Security
![Page 9: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/9.jpg)
Advanced Threat Protection (ATP)
Supported Protocols• HTTP/S
• SMTP/S
• POP3/S
• FTP
Block file
Allow file
on-box malware protection
on-box IPS
on-box hash database Filetype Policies
• First Scan, Then Deliver
• First Deliver, Then Scan
![Page 10: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/10.jpg)
Layered Defense-in-Depth• CPU Emulation based Sandbox
• Analysis and detonation of advanced threats
• Scans 900+ attributes in seconds
• Examination of commands in code / scripts for common viral
activities such as:
• File over-writes, replication, registry access, obfuscation
techniques etc.
• Analysis of suspicious coding such as:
• Excessively long timers and loops, that run for days etc.
• Signatures collection from and shared with over 250,000
endpoints
• Multi-opined A/V engines
• Blocks spam, viruses, phishing, and other traditional malware
Signatures Analysis
Static Analysis
Sandboxing
(CPU emulation)
Behavioral Analysis
Machine Learning
• Examines executable file without actually executing it
• De-obfuscates code constructs
• Rapid pre-filtering of malware prior to sandboxing
>95%
Eff
icie
ncy
4
3
2
1
![Page 11: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/11.jpg)
ATP: Botnet & Spyware Protection
DNS Sinkhole using hostname reputation DB (needs ATP)
Malware Host
Command & Control Server
Bots
DNS Sinkhole
ATP - Threat
Intelligence
bad.com
1.2.3.4
bad.com?
1.2.3.4
bad.com
1.1.1.1
![Page 12: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/12.jpg)
App Detection - Protect the Business
• Control and throttle acceptable traffic
• Preserve bandwidth and speed-up business critical applications
![Page 13: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/13.jpg)
User Awareness
NTLM
LDAP/S
RSA SecurID x.509 TACACS
+
SMS Passcode
(VPN)
Local authentication database
Microsoft TSCitrix
TS
Active
DirectoryDC Agent
TS Agent
Wi-Fi Controllers
RADIUS
![Page 14: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/14.jpg)
URL Filtering
• URL filter service with 96 categories
• Customizable response pages
• Allow / Block / Alert / Warn & Continue / Override
• White & Blacklists
![Page 15: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/15.jpg)
File Content & User Agent Control
![Page 16: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/16.jpg)
Connectivity &
Secure SD-WAN
![Page 17: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/17.jpg)
Application-Based Provider Selection
Custom
App
General
Games
General Games
Custom
App
use X use Y use Zuse Y or Z
Application Control
ISP X
ISP Y
ISP Z
Application Usage & Risk Report.pdf
![Page 18: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/18.jpg)
Traffic Intelligence / WAN Virtualization
xDSL
MPLS
xDSL
MPLS
![Page 19: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/19.jpg)
Traffic Intelligence / WAN Virtualization
xDSL
MPLS
xDSL
MPLS
Surfing: 50% Class2
Email: 50% Class1
VoIP 50%: NoDelay
Business 50%: Class1
![Page 20: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/20.jpg)
Traffic Intelligence / WAN Virtualization
xDSL
MPLS
xDSL
MPLSVoIP: 70% NoDelay
Business: 70% Class1
Email: 20% Class2
Surfing: 10% Class3
![Page 21: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/21.jpg)
Traffic Intelligence / WAN Virtualization
xDSL
MPLS
xDSL
MPLS
LTE LTEVoIP: 90% NoDelay
Business: 90% Class1
Email: 10% Class2
No surfingOnly important applications
No surfing
![Page 22: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/22.jpg)
Traffic Intelligence / WAN Virtualization
xDSL
MPLS
xDSL
MPLS
LTE LTE
VoIP: 70% NoDelay
Business: 70% Class1
Email: 20% Class2
Surfing: 10% Class3
![Page 23: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/23.jpg)
Traffic Intelligence / WAN Virtualization
xDSL
MPLS
xDSL
MPLS
LTE LTE
Surfing: 50% Class2
Email: 50% Class1
VoIP 50%: NoDelay
Business 50%: Class1
![Page 24: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/24.jpg)
Virtual WAN Balancing
Up to 24 Transports for one Tunnel
Session BalancingPacket Balancing
![Page 25: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/25.jpg)
WAN Optimization
• De-Duplication & Data Caching
• Multiple Transport modes (Encapsulation)
• Compression (Stream/Packet)
• Application Acceleration
De-Duplication
Compression
Application Accel.
Caching
De-Duplication
CompressionTCP encapsulation
UDP encapsulation
HYBRID encapsulation
![Page 26: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/26.jpg)
Dynamic Bandwidth/Latency Detection
• Initial Active Probing and Monitoring
• Passive Probing every 15mins
• Active Re-Probing every 60mins
![Page 27: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/27.jpg)
Performance-based Traffic Selection
• Selection based on „Connection Object“
• Configuration per access/application rule
![Page 28: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/28.jpg)
Adaptive Bandwidth Protection
• NoDelay (VoIP) QoS band is always prioritized over standard traffic
• Reserves 30% for NoDelay traffic
• Reserves 70% for standard traffic
• Traffic Duplication for VoIP
![Page 29: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/29.jpg)
Dynamic Meshed VPN
Classic Hub&Spoke setup
Branch 1
Branch 6
Branch 5
Branch 2
Branch 3
Branch 4
HQ
![Page 30: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/30.jpg)
Dynamic Meshed VPN
Hub detects traffic between branches
Branch 1
Branch 6
Branch 5
Branch 2
Branch 3
Branch 4
HQ
![Page 31: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/31.jpg)
Dynamic Meshed VPN
Hub triggers automatic configuration update
Branch 1
Branch 6
Branch 5
Branch 2
Branch 3
Branch 4
HQ
![Page 32: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/32.jpg)
Dynamic Meshed VPN
Branches create temporary tunnels
Branch 1
Branch 6
Branch 5
Branch 2
Branch 3
Branch 4
HQ
![Page 33: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/33.jpg)
Effective Operations
VPN is hard to setup, to maintain, to troubleshoot?
![Page 34: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/34.jpg)
User VPN access
Public Cloud
Private Cloud
Internal Apps
Hosted in Public Cloud
Hosted on-premises
CudaLaunch app
Browser-based
SSL VPN
VPN & NAC Client
Road
Warrior
Ad
Hoc
Home
Office
![Page 35: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/35.jpg)
![Page 36: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/36.jpg)
Barracuda’s Industry and IoT Solutions
![Page 37: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/37.jpg)
Security Connectivity
![Page 38: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/38.jpg)
Security
![Page 39: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/39.jpg)
From Individualism to Patterns
![Page 40: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/40.jpg)
From Individualism to Patterns
![Page 41: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/41.jpg)
![Page 42: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/42.jpg)
Connectivity
![Page 43: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/43.jpg)
The Barracuda Approach
![Page 44: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/44.jpg)
Zusammenspiel zwischen IT und OT
![Page 45: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/45.jpg)
Rollout mit ZTD
SC SC SC SCSC
MASB
![Page 46: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/46.jpg)
Konzeption einer smart Factory 4.0
![Page 47: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/47.jpg)
Blueprint für Industrie 4.0 (IoT/ICS)
![Page 48: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/48.jpg)
Blueprint für Industrie 4.0 (IoT/ICS)
![Page 49: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/49.jpg)
Blueprint für Industrie 4.0 (IoT/ICS)
![Page 50: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/50.jpg)
Blueprint für Industrie 4.0 (IoT/ICS)
![Page 51: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/51.jpg)
Blueprint für Industrie 4.0 (IoT/ICS))
![Page 52: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/52.jpg)
Blueprint für Industrie 4.0 (IoT/ICS)
![Page 53: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/53.jpg)
Supporting Industrial Protocols
![Page 54: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/54.jpg)
S7 Sub-Protocols:
S7 UserData - Mode Transition S7 Alarm Lock Indication S7 Forces
S7 Stop S7 Alarm Query S7 UserData - Other Functions
S7 Warm Restart S7 Message Service S7 PLC Password
S7 Run S7 Notify-8 Indication S7 PBC BSend/BRecv
S7 UserData - Cyclic Data S7 Diagnostic Message S7 Request/Response
S7 Cyclic Data Unsubscribe S7 Alarm-8 Lock S7 PLC Stop
S7 Cyclic Data Memory S7 Scan Indication S7 Write
S7 Cyclic Data DB S7 Alarm Unlock Indication S7 Download
S7 UserData - Block Functions S7 Alarm-SQ Indication S7 CPU Services
S7 List Blocks S7 Alarm-S Indication S7 Upload
S7 List Blocks of Given Type S7 UserData - Time Functions S7 PLC Control
S7 Get Block Info S7 Read Clock S7 Setup Communication
S7 UserData - CPU Functions S7 Set Clock S7 Read
S7 Read SZL S7 UserData - Programmer Commands S7 Other
S7 Notify Indication S7 Remove Diagnostic Data S7 Ack
S7 Alarm-8 Indication S7 Erase S7 Server Control
S7 Alarm-8 Unlock S7 Request Diagnostic Data S7 User Data
S7 Alarm Ack S7 Variable Table S7Comm (legacy)
S7 Alarm Ack Indication S7 Read Diagnostic Data
![Page 55: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/55.jpg)
IEC 60870-5-104 Sub-Protocols
IEC 60870-5-104 Process Information in Monitoring Direction
IEC 60870-5-104 Integrated Totals with Time Tag IEC 60870-5-104 Single Command
IEC 60870-5-104 Measured Value - Short Floating Point Number
IEC 60870-5-104 Packed Start Events of Protection Equipment with Time Tag
IEC 60870-5-104 Set Point Command - Normalized Value
IEC 60870-5-104 Packed Single-Point Information with Status Change Detection
IEC 60870-5-104 System Information in Monitoring Direction
IEC 60870-5-104 Set Point Command - Scaled Value
IEC 60870-5-104 Measured Value - Normalized Value without Quality Descriptor
IEC 60870-5-104 End of Initialization IEC 60870-5-104 Set Point Command - Normalized Value with Time Tag
IEC 60870-5-104 Single-Point Information with Time Tag IEC 60870-5-104 System Information in Control Direction IEC 60870-5-104 Regulating Step Command
IEC 60870-5-104 Measured Value - Short Floating Point Number with Time Tag
IEC 60870-5-104 Counter Interrogation Command IEC 60870-5-104 Bitstring of 32 Bits
IEC 60870-5-104 Packed Output Circuit Information of Protection Equipment with Time Tag
IEC 60870-5-104 Read Command IEC 60870-5-104 Single Command with Time Tag
IEC 60870-5-104 Double-Point Information IEC 60870-5-104 Interrogation Command IEC 60870-5-104 Set Point Command - Short Floating - Point Number with Time Tag
IEC 60870-5-104 Step Position Information IEC 60870-5-104 Reset Process Command IEC 60870-5-104 Bitstring of 32 Bits with Time TagIEC 60870-5-104 Measured Value - Scaled IEC 60870-5-104 Delay Acquisition Command IEC 60870-5-104 Double CommandIEC 60870-5-104 Integrated Totals IEC 60870-5-104 Test Command with Time Tag IEC 60870-5-104 Set Point Command - Short Floating Point
NumberIEC 60870-5-104 Double-Point Information with Time Tag IEC 60870-5-104 File Transfer IEC 60870-5-104 Double Command with Time Tag
IEC 60870-5-104 Step Position Information with Time Tag IEC 60870-5-104 File Ready IEC 60870-5-104 Regulating Step Command with Time Tag
IEC 60870-5-104 Bitstring of 32 Bits with Time Tag IEC 60870-5-104 Section Ready IEC 60870-5-104 Set Point Command - Scaled Value with Time Tag
IEC 60870-5-104 Event of Protection Equipment with Time Tag
IEC 60870-5-104 Directory IEC 60870-5-104 Parameter in Control Direction
IEC 60870-5-104 Single-Point Information IEC 60870-5-104 Call Directory, Select File, Call File, Call Section
IEC 60870-5-104 Parameter of Measured Value -Normalized Value
IEC 60870-5-104 Bitstring of 32 Bit IEC 60870-5-104 ACK File - ACK Section IEC 60870-5-104 Parameter of Measured Value - Scaled Value
![Page 56: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/56.jpg)
IEC 61850 Sub-ProtocolsIEC 61850 Goose IEC 61850 SMV
IEC 61850 MMS IEC 61850 General
MODBUS Sub-ProtocolsMODBUS Data Access MODBUS Mask Write Register MODBUS Report Server IDMODBUS Read Coils MODBUS Read FIFO Queue MODBUS Diagnostic Check
MODBUS Read Discrete Inputs MODBUS Read Input Register MODBUS Get Communication Event CounterMODBUS Read Holding Registers MODBUS File Access MODBUS Encapsulated Interface Transport
MODBUS Write Single Register MODBUS Read File Record MODBUS Read Device IdentificationMODBUS Read/Write Multiple Registers MODBUS Write File Record MODBUS CAN-Open General ReferenceMODBUS Write Single Coil MODBUS Diagnostics Modbus (legacy)MODBUS Write Multiple Coils MODBUS Read Exception StatusMODBUS Write Multiple Registers MODBUS Get Communication Event Log
DNP3 Sub-Protocols
DNP3 Control Functions DNP3 Start Application DNP3 Authentication ErrorDNP3 Operate DNP3 Stop Application DNP3 Freeze FunctionsDNP3 Select DNP3 Warm Restart DNP3 Freeze and ClearDNP3 Direct Operate DNP3 Initialize Data DNP3 Freeze with TimeDNP3 Direct Operate no ACK DNP3 Configuration DNP3 Immediate FreezeDNP3 Time Synchronization DNP3 Save Configuration DNP3 Freeze and Clear no ACK
DNP3 Delay Measurement DNP3 Enable Spontaneous Messages DNP3 Immediate Freeze no ACKDNP3 Record Current Time DNP3 Assign Class DNP3 Freeze with Time no ACKDNP3 Transfer Functions DNP3 Disable Spontaneous Messages DNP3 File Access
DNP3 Read DNP3 Activate Configuration DNP3 Open FileDNP3 Write DNP3 Response Messages DNP3 Delete File
DNP3 Confirm DNP3 Unsolicited Response DNP3 Abort FileDNP3 Application Control DNP3 Authentication Response DNP3 Authenticate File
DNP3 Cold Restart DNP3 Response DNP3 Close FileDNP3 Initialize Application DNP3 Other DNP3 Get File Info
DNP3 Authentication Request
![Page 57: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/57.jpg)
FSC2 Family
FSC2.0
![Page 58: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/58.jpg)
Deployment
![Page 59: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/59.jpg)
Hardware – Entry Level / Branch OfficesF12 F18 F80 F82.DSLA F82.DSLB F180 F183 F183R F280
Firewall Throughput 1.2 Gbps 1.0 Gbps 1.5 Gbps 1.5 Gbps 1.5 Gbps 1.7 Gbps 2.0 Gbps 2.1 Gbps 3.7 Gbps
VPN Throughput 220 Mbps 190 Mbps 240 Mbps 240 Mbps 240 Mbps 300 Mbps 300 Mbps 320 Mbps 1.1 Gbps
IPS Throughput 400 Mbps400
Mbps400 Mbps 400 Mbps 400 Mbps 500 Mbps 580 Mbps 790 Mbps 1.2 Gbps
NGFW Throughput 250 Mbps340
Mbps400 Mbps 400 Mbps 400 Mbps 550 Mbps 700 Mbps 800 Mbps 1.0 Gbps
Threat Prot. Throughput 230 Mbps320
Mbps380 Mbps 380 Mbps 380 Mbps 480 Mbps 600 Mbps 700 Mbps 900 Mbps
Concurrent Sessions 80,000 80,000 80,000 80,000 80,000 100,000 100,000 100,000 250,000
New Sessions per Sec. 8,000 8,000 8,000 8,000 8,000 9,000 9,000 9,000 10,000
Form Factor Desktop Desktop Desktop Desktop Desktop Desktop Desktop Compact Desktop
1 GbE Copper 5x 4x 4x 4x 4x 6x 6x 5x 6x
1 GbE Fibre SFP - - - 1x 1x - 2x 2x -
10 GbE Fibre SFP+ - - - - - - - - -
Integrated Switch - - - - - 8-port - - 8-port
Integrated Modem - - - A, RJ11 B, RJ45 - - - -
![Page 60: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/60.jpg)
Hardware – Mid LevelF400 F600
F380 .STD .F20 .C10 .C20 .F10 .F20 .E20
Firewall Throughput 5.2 Gbps 7.1 Gbps 9.0 Gbps 11 Gbps 11 Gbps 11 Gbps 11 Gbps 20 Gbps
VPN Throughput 1.4 Gbps 2.3 Gbps 2.3 Gbps 3.1 Gbps 3.1 Gbps 3.1 Gbps 3.1 Gbps 5.6 Gbps
IPS Throughput 2.0 Gbps 2.8 Gbps 3.0 Gbps 4,6 Gbps 4,6 Gbps 4,6 Gbps 4,6 Gbps 8.0 Gbps
NGFW Throughput 1.4 Gbps 2.2 Gbps 3.0 Gbps 4.2 Gbps 4.2 Gbps 4.2 Gbps 4.2 Gbps 6.4 Gbps
Threat Protection Throughput 1.2 Gbps 2.0 Gbps 2.7 Gbps 4,0 Gbps 4,0 Gbps 4,0 Gbps 4,0 Gbps 5.8 Gbps
Concurrent Sessions 400,000 500,000 500,000 2,100,000 2,100,000 2,100,000 2,100,000 2,100,000
New Sessions per Sec. 15,000 20,000 20,000 115,000 115,000 115,000 115,000 115,000
Form Factor 1U Rack 1U Rack 1U Rack 1U Rack 1U Rack 1U Rack 1U Rack 1U Rack
1 GbE Copper 8x 8x 8x 12x 12x 8x 8x 8x
1 GbE Fibre SFP - - 4x - - 4x 4x -
10 GbE Fibre SFP+ - - - - - - - 2x
Power Supply Single Single Dual Single Dual Single Dual Dual
![Page 61: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/61.jpg)
Hardware – High LevelF800 F900 F1000
.CCC .CCF .CCE .CCC .CCE .CFE .CFEQ .CE0 .CE2 .CFE .CFEQ
Firewall Throughput 30 Gbps 30 Gbps 30 Gbps 35 Gbps 35 Gbps 35 Gbps45
Gbps40 Gbps 40 Gbps 40 Gbps 46 Gbps
VPN Throughput7.5
Gbps
7.5
Gbps
7.5
Gbps
9.3
Gbps
9.3
Gbps
9.3
Gbps13.5 Gbps 10 Gbps 10 Gbps 10 Gbps 10.3 Gbps
IPS Throughput8.3
Gbps
8.3
Gbps
8.3
Gbps11.3 Gbps 11.3 Gbps 11.3 Gbps 13 Gbps 13 Gbps 13 Gbps 13 Gbps 14 Gbps
NGFW Throughput7.7
Gbps
7.0
Gbps
7.0
Gbps
8.0
Gbps
8.0
Gbps
8.0
Gbps12 Gbps 10.2 Gbps 10.2 Gbps 10.2 Gbps 13 Gbps
Threat Prot.
Throughput
7.6
Gbps
7.6
Gbps
7.6
Gbps11.5 Gbps 11.5 Gbps 11.5 Gbps 11.5 Gbps
4.0
Gbps
4.0
Gbps
4.0
Gbps12 Gbps
Concurrent Sessions 2,500,000 2,500,000 2,500,000 4,000,000 4,000,000 4,000,000 4,000,000 10,000,000 10,000,000 10,000,000 10,000,000
New Sessions per Sec. 180,000 180,000 180,000 190,000 190,000 190,000 190,000 250,000 250,000 250,000 250,000
Form Factor 1U Rack 1U Rack 1U Rack 1U Rack 1U Rack 1U Rack 1U Rack 2U Rack 2U Rack 2U Rack 2U Rack
1 GbE Copper 24x 16x 16x 32x 16x 8x 8x 16x 32x 16x 16x
1 GbE Fibre SFP - 8x - - - 8x 8x - - 16x 16x
10 GbE Fibre SFP+ - - 4x - 8x 8x 4x 4x 8x 8x 6x
![Page 62: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/62.jpg)
Virtual DeploymentVF10 VF25 VF50 VF100 VF250 VF500 VF1000 VF2000 VF4000 VF8000
# of protected IPs 10 25 50 100 250 500 unlimited unlimited unlimited unlimited
Allowed Cores 1 2 2 2 2 2 2 4 8 16
Available Subs
Malware Protection - Yes Yes Yes Yes Yes Yes Yes Yes Yes
Adv. Threat
Protection- Yes Yes Yes Yes Yes Yes Yes Yes Yes
Adv. Remote Access - Yes Yes Yes Yes Yes Yes Yes Yes Yes
![Page 63: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/63.jpg)
Public Cloud DeploymentLevel 1 Level 2 Level 4 Level 6 Level 8
Virtual Cores 1 1 2 4 8
Protected IP
Addresses10 Unlimited Unlimited Unlimited Unlimited
Available Subs
Malware ProtectionOptiona
l
Optiona
l
Optiona
l
Optiona
l
Optiona
l
Adv. Threat
Protection
Optiona
l
Optiona
l
Optiona
l
Optiona
l
Optiona
l
Adv. Remote AccessOptiona
l
Optiona
l
Optiona
l
Optiona
l
Optiona
l
Premium SupportOptiona
l
Optiona
l
Optiona
l
Optiona
l
Optiona
l
![Page 64: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/64.jpg)
Rollout Process = Disaster Recovery
![Page 65: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/65.jpg)
Zero Touch Deployment
Deliver – Plug in – Play (manage)
![Page 66: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/66.jpg)
Zero Touch Deployment
Lean IT • Zero-touch self-provisioning hardware for rapid deployment
• No on-site IT needed• Order the NGF appliance
• Configure NGF remotely
• Appliance arrives at location
• Plug in the NGF appliance
• Appliance self-provisioning
ZTD
Portal
1 NGF contacts ZTD Service
3 ZTD send basic config to NGF
![Page 67: Barracuda CloudGen Firewall - arxes-tolina.de · Troubleshooting GTI & Live Status OPEX expenses Reporting Multi- ISP WAN compr. VPN + SSL-VPN ... techniques etc. • Analysis of](https://reader034.fdocuments.in/reader034/viewer/2022042212/5eb4a00587bcac367d116d7b/html5/thumbnails/67.jpg)
Thank You