Skip to Main Content »

Have a Question? Call Us!
Toll Free: 866.403.5305

Welcome to

You're currently on:

NC1100-AG Barracuda Application Gateway 1100


Call and speak with our Barracuda experts! Toll-Free 866.892.5081

Purchase Orders & Company Checks Accepted.

Barracuda Application Gateway 1100

Double click on above image to view full picture

Zoom Out
Zoom In

More Views


Barracuda Web Application Controllers protect your Web site from attackers leveraging protocol or application vulnerabilities to instigate unauthorized access, data theft, denial of service or defacement of your Web site. Unlike traditional network firewalls or intrusion detection systems that simply pass HTTP, HTTPS or FTP traffic for Web applications, Barracuda Web Application Controllers proxy this traffic and insulate your Web servers from direct access by hackers. Comprehensive Website Protection As a full proxy, Barracuda Web Application Controllers inspect both request and response traffic, providing the capabilities to not only block inbound attacks, but also to cloak your Web site from hackers and filter outbound traffic to prevent potential sensitive data leakage, such as credit card numbers or Social Security numbers. In addition, Barracuda Web Application Controllers secure applications from unauthorized user access through integration with common authentication services, such as LDAP and RADIUS servers, and can provide full PKI infrastructure for use with client certificates. Advanced Traffic Management & Acceleration The Barracuda Application Gateway integrates traffic management capabilities, including caching, compression and load balancing. With the Barracuda Application Gateway, you can not only secure your Web applications but increase both their performance and availability as well. A Single Solution to a Multifaceted Problem Online Web-based applications are increasingly at risk from professional hackers who target such applications in order to commit data theft or fraud. Being compromised can damage an enterprise's reputation, result in loss of customers and impact the organization's bottom line. In addition, companies that transact online are faced with a host of growing industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all enterprise and Web applications handling credit card and account information must undergo an extensive and costly audit of custom application code. The alternative to satisfy PCI DSS compliance is simply installing a Web application firewall. The combination of these factors along with banking industry PCI DSS compliance concerns, creates demand for a more technologically and cost-effective risk protection solution for online Web applications.

Barracuda Web Application Controller Features

Traditionally, security has been considered a network issue, where system administrators lock down host computers through a network firewall. While a typical network firewall can help restrict traffic to HTTP, HTTPS and FTP, this traffic can contain command exploits leveraging vulnerabilities in the Web application itself that can result in unauthorized access, data leakage, site defacement and other attacks by hackers that compromise both the privacy and integrity of vital data. Businesses of all sizes that operate their own Web applications should ensure that their Web sites are protected against application vulnerabilities. Barracuda Web Application Controllers, including both the Barracuda Web Application Firewall and Barracuda Application Gateway, provide complete protection of Web applications and are designed to enforce policies for both internal and external data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS). At the same time, the Barracuda Application Gateway features a number of additional traffic management capabilities designed to improve the performance, scalability and manageability of today's most demanding data center infrastructures. Exentensive Website Protection Barracuda Web Application Controllers proxy all of your Web site traffic, providing complete protection in front of your Web sites. Capabilities include: • HTTP protocol compliance. At a basic level, Barracuda Web Application Controllers verify that all inbound requests comply with the HTTP specification. For example, inbound requests with more than one Content-Length header are typically the basis of HTTP request smuggling attacks; therefore they are illegal according to the HTTP specification and are blocked automatically. • Protection against common, high-visibility attacks. Hackers can take advantage of vulnerabilities in your online Web forms to attack your applications. Barracuda Web Application Controllers protect your Web applications against SQL injections, OS command injections and cross-site scripting attacks. • Protection against attacks based on session state. Barracuda Web Application Controllers protect your Web applications against any attacks based on session state, such as forms tampering or cookie tampering. • Online form field validation. Through a positive security model, Barracuda Web Application Controllers can ensure that requests conform with a developer's intention. For example, if a developer specifies that a field should contain 40 characters of text input, any attempt by an attacker to inject a Trojan or a virus will be rejected outright because it does not conform to that input pattern. • Outbound data theft protection. In addition to inspecting the request traffic, Barracuda Web Application Controllers also inspect all outbound packets for any data pattern expressible as a UNIX-style regular expression. Built-in policies protect all major credit cards and US Social Security number patterns and new data patterns can be added at any time. Inspection for outbound leakage of these patterns can be applied to security policy on-the-fly. • Web site cloaking. To prevent hackers from doing reconnaissance on your Web infrastructure, Barracuda Web Application Controllers automatically strip identifying banners of Web server software and version numbers out of all transactions. • Anti-crawling. While some Web crawlers, such as search engines, are often desirable, you may wish to prevent all other users from downloading your entire site. Barracuda Web Application Controllers can easily identify and allow legitimate crawlers while blocking more malicious ones. • Rate controls and application denial of service (DoS) protection. You can specify a performance cap for your application, above which traffic is queued. Rate controls ensure that applications are not pushed beyond their performance limits, preventing application-layer DoS. • Advanced learning modes and fine-grained control. Barracuda Web Application Controllers feature automatic "profiling" of Web sites based on traffic passing through the system as well as automatic fine-grain rules creation based on both HTTP requests and responses down to the level of individual HTML elements. Protection of XML Web Services Barracuda Web Application Controllers provide the capability to secure both traditional HTML Web applications with new XML Web services applications. Available as an option to the Barracuda Web Application Controller, the Web Services Security Edition enables a strong new layer of defense to deploy SOAP applications across the perimeter - all without requiring administrators to learn all the details of XML or Web services. • Protection against targeted XML attacks. Analogous to the protections offered for traditional HTML Web Applications, Barracuda Web Application Controllers also protect Web services applications from targeted XML attacks, including SQL injection, command injection, buffer overflow and parameter tampering. • Validation of XML schema, SOAP envelopes and XML content. To ensure full compliance to Web services protocols and specifications governing their use, Barracuda Web Application Controllers validate XML schemas, SOAP envelopes, headers and message content. Barracuda Web Application Controllers conduct full XML content inspection looking for policy violations such as oversized messages, unexpected field values and inappropriate external references. • WS-I profile validation. Barracuda Web Application Controllers ensure that all Web services transactions conform to extensive WS-I basic profile requirements for security and interoperability. • Web services cloaking. By masking the true URI of mission critical Web services, Barracuda Web Application Controllers make them more difficult for hackers to target. • Protection against XML denial of service (DoS) attacks. Barracuda Web Application Controllers protect against XML DoS attacks, such as coercive parsing, external entity attacks, jumbo payloads and recursive elements attacks. Application Access Control The Barracuda Web Application Controller implements a single point for policy enforcement and control, including authentication to ensure that users are known, access control policy for resources, session monitoring, protection against data leakage and integration with existing authentication, authorization and access control (AAA) systems. Capabilities include: • Simple single sign-on (SSO) portal. By combining built-in authentication and authorization capabilities with Web address translation and cookie session management features, administrators utilize the Barracuda Web Application Controller to present a simple front-end portal to back-end applications without requiring changes to source code, IP addressing or the server infrastructure. Authentications are logged and user credentials are forwarded in the HTML header making integration with back-end applications simple and scalable. • LDAP and RADIUS integration. For authentication and authorization, Barracuda Web Application Controllers integrate with common authentication services, including Active Directory and other LDAP-compatible directories as well as RADIUS servers. • PKI support. Barracuda Web Application Controllers provide full PKI infrastructure and can act as a Certificate Authority, including participating in a certificate trust chain. • Web access management: o Policy Enforcement Point (PEP) for CA SiteMinder. For organizations utilizing CA SiteMinder for Web access management, Barracuda Web Application Controllers offer full-scale integration that encompasses authentication, authorization and single sign-on capabilities in single domain and multi-domain environments, along with performance enhancements. The Barracuda Web Application Controllers serve as the single high-performance Policy Enforcement Point (PEP), allowing CA SiteMinder to focus on its role as the Policy Decision Point (PDP). o RSA Access Manager. Barracuda Web Application Controllers can be integrated with RSA Access Manager for Web access management. The integrated system provides a high performance setup for application layer security along with authentication, authorization and single sign-on capabilities in single domain and multi-domain environments. Application Delivery and Acceleration In addition to the security and access control benefits of Barracuda Web Application Controllers, there are also additional operational capabilities available with the Barracuda Application Gateway. Capabilities include: • Caching. The Barracuda Application Gateway can reduce load on back-end Web servers and increase performance by caching Web content and avoiding repeated requests to back-end Web servers. • Compression. To reduce network traffic requirements, the Barracuda Application Gateway can automatically apply GZIP compression to renderable HTML content to be decompressed by the browser. • Connection pooling. To reduce back-end server overhead for maintaining new TCP connections, the Barracuda Application Gateway can automatically pool multiple front-end connections into a single back-end connection. Connection pooling keeps the back-end servers focused on processing application logic rather than protocol termination. • SSL acceleration. Barracuda Web Application Controllers include hardware-based SSL Acceleration, offloading back-end servers from the computational burdens of encrypting and decrypting secure Web traffic. • Load balancing. The Barracuda Application Gateway includes integrated load balancing capabilities to distribute traffic among multiple back-end servers. It supports both Layer 4 and Layer 7 cookie persistence and includes support for Layer 7 content switching based on URL pattern, parameter or HTTP header fields. • High Availability. When inline in Bridge-path, the Ethernet Hard Bypass ensures reliable application delivery even with a single Barracuda Web Application Controller. For Web applications with stringent security requirements, Barracuda Web Application Controllers may be installed in a redundant pair configuration, providing real-time application state replication so that security and user sessions will not be compromised during a failover event. Logging, Monitoring and Reporting Barracuda Web Application Controllers feature advanced capabilities to provide immediate feedback to operations team that deploy, manage and secure mission critical applications. Capabilities include: • Comprehensive logging. Barracuda Web Application Controllers maintain a rich set of logs on the appliance, including system activity, Web Firewall activity, Web services activity, network firewall activity, and traditional Web logs. • Tamper-proof log storage. Any log can be time-stamped, digitally signed and encrypted to ensure tamper proof storage. • Syslog support. Barracuda Web Application Controllers forward logs to a syslog server for centralized and persistent storage or analysis by a third party tool. • Integration with eIQ Network Security Analyzer. Barracuda Web Application Controllers integrate with eIQ Network Security Analyzer (available separately) for comprehensive event correlation, event alerting and reporting.

Additional Information

ManufacturerBarracuda Networks

Additional Product Images:


Customer Service

» Have a product question?
» Prefer to order by phone?
» Call Toll-Free 866.892.5081
 Dreaming Tree Technology, Inc. BBB Business Review

Fast Delivery

Same day shipping when ordered before 3PM EST.

Secure Checkout

» 2048-bit encryption
» Certified Authorize merchant

Best Price Assured

We offer you the best price. If you find it cheaper let us know.

Payment Options

» PayPal & Google Checkout
» Company purchase orders
» Company check
» Wire transfers

Please wait...

Thank You.

has been added to your cart

Continue shopping
View cart & checkout