Sold by: Barracuda Networks
Deployed on AWS
Centralized management system that allows administrators to manage multiple geodispersed Barracuda Web Application Firewalls with varying configurations from a single console.
4.1
Overview
The Barracuda Application Security Control Center is the centralized management system that allows administrators to manage multiple geo-dispersed Barracuda Web Application Firewalls with varying configurations from a single console. A single Application Security Control Center can manage hybrid hardware, virtual, and cloud deployments; providing efficient, secure management for system administrators. Centralized notification view gives consolidated, granular info on the status of all configured services. The built-in Certificate reports provides a single pane view of all the certificates installed on the various connected Barracuda WAF units, and provides expiration reporting based on expiration date ranges. Role-based administration makes it easy to centrally manage multi-tenant deployments of the Barracuda Web Application Firewall.
Highlights
- Single pane of glass view of all connected Barracuda WAF units
- Built-in templates make it easy to configure rapidly
- Deploy in a variety of virtual and cloud environments
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 3.4.11
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please see Barracuda's website.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
- By default, the Barracuda Web Application Firewall web interface listens on HTTP/8000 and HTTPS/8443 ports, so make sure these ports are added in the Inbound Rule of the security group which is associated with the Barracuda Web Application Firewall VM.
- Allow a few minutes before taking any further actions in the EC2 Portal after deploying the Barracuda Web Application Firewall. During this time, the Barracuda Web Application Firewall is getting provisioned and licensed.
- Access the Barracuda Web Application Firewall using the associated Public IP/Public DNS with port 8000 over HTTP i.e. http://<public IP>:8000.
- You will see the blue loading screen for some time and eventually you will be presented with the End User License Agreement (EULA).
- Click Accept button and you will be redirected to the login page.
- Log in as admin to begin configurations. Your initial password is the EC2 instance ID, and can be changed later from Basic > Administration page.
For Deployment Guide and other instructions, visit the Barracuda campus at https://campus.barracuda.com/product/webapplicationfirewall/article/WAF/AWS/
Resources
Vendor resources
Support
Vendor support
Please have your AWS Account ID available when you contact Support; it is required for the support technician to assist you. Hours: Basic Support Hours: 8:00 AM - 5:00 PM PST, Monday - Friday. Email & Phone Support offered 24x7 without any phone trees. You will actually speak to a live person. Website: https://www.barracuda.com/support Email: support@barracuda.com Support Phone Numbers: North America - 408 342 5300 Europe - +44 (0) 1256 300 102 Australia - +612 8019 7254 China - +86 400 720 8200 Japan - +81 3 5436 6236 India - +91 804 904 8600 Germany, Austria, Switzerland - +43 (0) 508 100 800 Support Website:https://www.barracuda.com/support Support Email:support@barracuda.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Barracuda CloudGen Firewall for AWS provides SD-WAN to AWS and security to your public cloud deployments. Connect remote VPCs, datacentres, offices and mobile workers while providing user and app-aware segmentation with strong access controls and full visibility of your network traffic.
Barracuda CloudGen Firewall for AWS brings SD-WAN on-ramp and network security to your public cloud deployments. Connect remote VPCs, datacentres, offices and mobile workers while providing user and app-aware segmentation with strong access controls and full visibility of your network traffic.
The Barracuda CloudGen WAF provides proven application security and data loss prevention for your applications on AWS
Massively scalable complete Central Management Solution for all Barracuda CloudGen Firewall & SD-WAN as well as Secure Connector products for all deployment types, massively decreasing administrative overhead and providing ongoing expenditure savings.
Customer reviews
reviewer2797602
Advanced application protection has reduced manual monitoring and improved attack visibility
Reviewed on Mar 18, 2026
Review from a verified AWS customer
What is our primary use case?
I have been working with Barracuda Web Application Firewall for more than almost three and a half years.
Its main use case is to provide security to applications, to strengthen their security policies, to protect the applications from cyber attacks and to make them compliant against OWASP Top 10. Moreover, it allows only legitimate traffic, reduces false positives, makes application access easy, filters out non-legitimate traffic, verifies what exactly comes within the payload of the request, inspects everything that comes with a request, and fine-tunes according to the application logic based on the contents the application serves to their clients.
For example, if we consider a company that has an application with a payment gateway configured, which provides services including money transactions, we deploy Barracuda Web Application Firewall for that application. We host the service in Barracuda Web Application Firewall . When a client requests access to the application, the request goes to Barracuda Web Application Firewall first, which will verify the request contents and create a separate TCP connection to the backend server if the request is legitimate. This process protects against attacks including SQL injection or cross-site scripting, where Barracuda Web Application Firewall will block any request that matches attack signatures.
How has it helped my organization?
We have seen a return on investment as the manual work for monitoring attacks and generating reports is reduced significantly, saving money. Barracuda Web Application Firewall's features fulfill our requirements well, preventing us from needing to switch to more expensive vendors while still meeting our needs effectively.
What is most valuable?
For example, if we consider a company that has an application with a payment gateway configured, which provides services including money transactions, we deploy Barracuda Web Application Firewall for that application. We host the service in Barracuda Web Application Firewall. When a client requests access to the application, the request goes to Barracuda Web Application Firewall first, which will verify the request contents and create a separate TCP connection to the backend server if the request is legitimate. This process protects against attacks including SQL injection or cross-site scripting, where Barracuda Web Application Firewall will block any request that matches attack signatures.
The reporting features are quite good as they have reporting charts and dashboards that provide lists of attacks and real-time verification of those attacks, helping in better reporting by tracking requests based on time and unique endpoints.
I believe URL Profiles and Website Profiles are the most unique features offered. They create separate endpoints for each request integrated with the application, providing different security profiles based on the requirements. Moreover, the learning feature is very comprehensive, allowing us to monitor the applications before switching to protect mode, creating automatic profiles based on learned traffic, which helps to fine-tune security policy.
Barracuda Web Application Firewall's user interface automates the blocking of malicious IP addresses, reducing the manual burden. Additionally, enabling the learning feature allows for quick preparation of security profiles, creating URL profiles automatically, which significantly reduces manual intervention and false positives.
What needs improvement?
The areas where it could be better are in security profiles, where a single service can have only one policy. There is no feature to add multiple security policies for separate endpoints within the same application, and the traffic manager is not flexible enough to handle unusual traffic patterns, sometimes leading to crashes.
I believe there are improvements needed in API security and bot protection within Barracuda Web Application Firewall. Additionally, enhancing the traffic handling capabilities for unusual patterns is necessary to avoid simply relying on failovers to manage traffic efficiently.
What do I think about the stability of the solution?
Barracuda Web Application Firewall is stable in my experience, although as our resources grow, we might need to upgrade to different hardware solutions to maintain seamless traffic management.
What do I think about the scalability of the solution?
The scalability of Barracuda Web Application Firewall is fine. We tend to go for higher versions to ensure we have enough resources as needed, and the VMSS feature allows for easy upgrades or scaling of virtual editions.
How are customer service and support?
The support is excellent. However, regarding integrations, there are limitations with AWS , where bugs occur during integration that need fixing in order to enhance overall sales.
I believe the customer support for Barracuda Web Application Firewall is excellent, with knowledgeable and experienced technical assistance that surpasses other vendors including F5, Imperva, and Cloudflare .
I would rate customer support a solid ten, as they are consistently on top of every issue, addressing them without delays and providing excellent support twenty-four hours a day, seven days a week.
Which solution did I use previously and why did I switch?
Barracuda Web Application Firewall was our first choice, and we did not deploy any other Web Application Firewall prior to using it.
What was our ROI?
We have seen a return on investment as the manual work for monitoring attacks and generating reports is reduced significantly, saving money. Barracuda Web Application Firewall's features fulfill our requirements well, preventing us from needing to switch to more expensive vendors while still meeting our needs effectively.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for Barracuda Web Application Firewall are reasonable. They are competitive when compared to other vendors including F5 and Imperva, who tend to have higher prices.
Which other solutions did I evaluate?
Before choosing Barracuda Web Application Firewall, we evaluated F5, Imperva, and Cloudflare .
What other advice do I have?
If budget is a constraint and security is a priority, I advise others to consider Barracuda Web Application Firewall without hesitation. They would get the best return on investment by starting with Barracuda Web Application Firewall instead of jumping to higher-end vendors. I have provided this review with an overall rating of eight.
Shahzad Abid
Has protected our legacy applications effectively but has required constant manual filtering due to false positives
Reviewed on Oct 21, 2025
Review provided by PeerSpot
What is our primary use case?
I am not using the API protection feature right now because I don't host any APIs through Barracuda Web Application Firewall . I use a second procedure for API, which is point-to-point VPN connectivity with the banks. I'm using their API, and they are using my APIs, so our connectivity is over point-to-point VPN. Therefore, that traffic does not go through Barracuda Web Application Firewall , which is why I'm not using API protection at this moment.
How has it helped my organization?
The detailed analytics provided by Barracuda Web Application Firewall help in understanding application traffic patterns, although I find the built-in reports to be basic and not of a very advanced level. They are normal reports, not extraordinary analytics.
Real-time traffic monitoring is a time-consuming activity for my organization, and it often results in a lot of false positive events. When I go to check the real-time logs, it is difficult to find a valid attack among the false positives.
I have seen a return on investment because my application behind Barracuda Web Application Firewall is becoming obsolete technology-wise. My development team is working on the latest language tools or applications, so until then, this web application firewall is essential in my network to protect my existing online assets or software. It is definitely a good choice, providing a good ROI. I can imagine the consequences if I did not have it. During the COVID pandemic, we received plenty of attacks on our application, and at that time, I didn't have a web application firewall. Since implementing Barracuda, I sleep smoothly knowing I have protection.
What is most valuable?
I find the basic features of Barracuda Web Application Firewall plus advanced bot protection to be very valuable features, along with backup subscriptions.
What needs improvement?
I assess the effectiveness of the machine learning-driven threat detection in Barracuda Web Application Firewall as sometimes behaving abnormally, often showing me false positive attacks, so I have to fix these attacks from time to time.
From a stability point of view, I would definitely rate Barracuda Web Application Firewall a seven out of ten. There is definitely some room for improvement; nothing is perfect in the world.
I am not satisfied with the technical support from Barracuda. I am somewhat disappointed with the technical support that I have received so far. Whenever I generate a ticket for my problem, it goes to the Indian support team, and they all the time start with the most junior team member, consuming all my precious time. At the end, I have to close that ticket without any satisfactory solution. I have complained that they should shift my support to any other region because I don't need Indian support; they are simply pathetic and not up to mark.
To improve Barracuda Web Application Firewall, customers should be given ongoing training opportunities regarding the product and its features. I am not familiar with many features that are available, only using those which are necessary for my applications. I believe Barracuda must provide clearer product information or training sessions to make it more user-friendly, as sometimes its interface can be rigid and lacking in helpful resources or user tutorials about its features.
For it to get closer to a ten, I think advanced reporting is missing because, as I mentioned earlier, there are many false positive events being recorded. Often, when I analyze these attacks, they turn out to be genuine customers or users interacting with my product, but Barracuda tags them as attackers. Reducing false positives must be a priority.
For how long have I used the solution?
I'm using Barracuda Web Application Firewall, and this is my fourth year using this product.
What do I think about the stability of the solution?
From a stability point of view, I would definitely rate Barracuda Web Application Firewall a seven out of ten.
How are customer service and support?
I am not satisfied with the technical support from Barracuda. I am somewhat disappointed with the technical support that I have received so far. Whenever I generate a ticket for my problem, it goes to the Indian support team, and they all the time start with the most junior team member, consuming all my precious time. At the end, I have to close that ticket without any satisfactory solution. I have complained that they should shift my support to any other region because I don't need Indian support; they are simply pathetic and not up to mark.
I would rate the technical support a two out of ten.
Which solution did I use previously and why did I switch?
Before Barracuda, I worked with other web application firewalls such as FortiWeb and F5, and I also explored a few demo versions of additional products. Compared to those, Barracuda is a very good product.
What was our ROI?
I have seen a return on investment because my application behind Barracuda Web Application Firewall is becoming obsolete technology-wise. My development team is working on the latest language tools or applications, so until then, this web application firewall is essential in my network to protect my existing online assets or software. It is definitely a good choice, providing a good ROI. I can imagine the consequences if I did not have it. During the COVID pandemic, we received plenty of attacks on our application, and at that time, I didn't have a web application firewall. Since implementing Barracuda, I sleep smoothly knowing I have protection.
What's my experience with pricing, setup cost, and licensing?
At the time I was acquiring Barracuda Web Application Firewall, I found it costly compared to other products. To overcome that price factor, I excluded some features or subscriptions to align with the pricing of other products. Now, cost is okay because last April, I renewed Barracuda Web Application Firewall for the next three years. Interestingly, I received a local quotation from a partner, and then, because we have an office in the UK, I requested a quote from Barracuda's UK team, which was half the price I was quoted in Pakistan. Thus, I renewed through the UK office, making it definitely 50% cheaper than the Pakistan offer, so the price is good.
Which other solutions did I evaluate?
I do not think it is the best one on the market. I have seen other products offering additional features as next-generation firewalls, but as a dedicated web application firewall, Barracuda performs well among the basic features. However, I know there are more advanced products available, though I have not seen those to make a direct comparison. Therefore, I can't fully evaluate against them, but Barracuda has been a good product for me so far.
What other advice do I have?
I rate Barracuda Web Application Firewall as a seven out of ten overall.
Interestingly, I received a local quotation from a partner, and then, because we have an office in the UK, I requested a quote from Barracuda's UK team, which was half the price I was quoted in Pakistan. Thus, I renewed through the UK office, making it definitely 50% cheaper than the Pakistan offer, so the price is good.
I have only been working with Barracuda Web Application Firewall. No local partner has introduced me to any other product lines. It was purely by chance that Barracuda Web Application Firewall came to me through a local partner; otherwise, local partners rarely bother introducing other products to customers.
Anne-Aimee Wollerich
Managing bot traffic effectively enhances usability for non-technical users
Reviewed on Apr 03, 2025
Review provided by PeerSpot
What is our primary use case?
Our primary use case was to track the traffic on websites or webshops to identify potential malicious actors, such as bots. This involved analyzing the type of data being collected through websites to detect possible DDoS attacks.
What is most valuable?
The most valuable feature of Barracuda Web Application Firewall is managing bot traffic. During a presentation by Barracuda, it was demonstrated that the traffic on Coolblue, a Dutch platform similar to Amazon, was significantly reduced with Barracuda's intervention. Half of the traffic was identified as bots searching for the cheapest price. This traffic analysis and bot management were used as unique selling points for other customers.
What needs improvement?
Barracuda Web Application Firewall lacks some of the more specified and structured features offered by solutions like Tenable. Although Tenable is more expensive and less easily deployable, its features are more deepened and chiseled, particularly for IT personnel. For example, Tenable provides more comprehensive dark web scanning capabilities, which Barracuda could improve upon.
For how long have I used the solution?
I have used Barracuda Web Application Firewall for approximately three years but have not worked with it in the past year.
What was my experience with deployment of the solution?
The deployment process was straightforward. Initially, it took about two and a half hours due to some internal setup configuration mistakes. However, after understanding the deployment steps, it was done in about one hour without further guidance.
What do I think about the stability of the solution?
I would rate the stability of Barracuda Web Application Firewall as seven and a half, possibly an eight.
What do I think about the scalability of the solution?
I believe Barracuda Web Application Firewall is quite scalable, and I would rate it as an eight.
How are customer service and support?
The customer service and support are exceptional, and I would give them a ten out of ten.
How was the initial setup?
The initial setup was very easy. For someone unfamiliar with IT, Barracuda Campus provides excellent resources and guidance, making it accessible even to those not specialized in IT.
Which other solutions did I evaluate?
Tenable was evaluated as an alternative solution.
What other advice do I have?
For those new to cybersecurity, Barracuda Web Application Firewall offers an affordable and easy-to-deploy solution. Its accessible nature makes it a great choice for mid-segment use. The shift towards cybersecurity awareness has created a growing market, and Barracuda fits well with this trend with its non-technical usability and corresponding price point. I would rate the overall solution as eight out of ten.
Anand K R
Advanced protection features have strengthened web security but false positives need reduction
Reviewed on Feb 14, 2025
Review provided by PeerSpot
What is our primary use case?
I use Barracuda Web Application Firewall mainly for web application protection. I have worked with Barracuda for six years, focusing on this specific product, which aligns with my company's and clients' security needs.
What is most valuable?
The most valuable features of Barracuda Web Application Firewall include advanced bot protection, DDoS protection, and addressing the top ten vulnerabilities. The solution provides robust support, which I particularly appreciate for its ability to address my inquiries and technical challenges effectively.
What needs improvement?
There are false positives that I am receiving when compared to other WAFs. The issues with false positives affect client transactions, leading to complaints about blocked transactions. Barracuda needs to improve its API security to address my evolving needs.
For how long have I used the solution?
I have used the Barracuda solution for six years.
What do I think about the stability of the solution?
I face stability issues due to false positives. These result in clients complaining about blocked transactions on a daily basis. If these were reduced, Barracuda's stability would greatly improve.
How are customer service and support?
The customer service and support from Barracuda have been excellent. I have a very supportive team that addresses my concerns. I have premium support as well.
Which solution did I use previously and why did I switch?
Before Barracuda Web Application Firewall , I did not work with any other vendors or products.
How was the initial setup?
The initial setup of Barracuda Web Application Firewall is straightforward and does not take more than half an hour. The installation is very easy.
What about the implementation team?
My team manages the setup and requires one person for installation and three people for ongoing maintenance.
What's my experience with pricing, setup cost, and licensing?
The pricing for Barracuda is quite high compared to other OEMs. Each transaction requires my purchase team to negotiate with Barracuda. Software licenses, premium support, and advanced bot protection all have different costs.
What other advice do I have?
I would rate the overall solution as a seven out of ten, primarily due to issues with false positives.
I recommend Barracuda because of the strong support team I have.
Rimon Morcos
Easy to restrict applications and utilize many features and ensures that it's not complicated to work with
Reviewed on Nov 18, 2024
Review provided by PeerSpot
What is our primary use case?
I'm using Barracuda as a web application firewall for any application. It is too smart and user-friendly, making it easy to restrict applications and utilize many features.
How has it helped my organization?
It is very easy to restrict applications and utilize many features and ensures that it's not complicated to work with.
What is most valuable?
The most helpful feature is rate limiting, which acts as a security layer against DDoS attacks. Additionally, data leak prevention is very important and ensures protection against attacks.
What needs improvement?
I faced an issue when Barracuda decided not to support Azure Stack Hub anymore, which was a significant issue as we had many customers using it on that platform. Due to this decision, we had to replace Barracuda with another vendor, which was regrettable.
For how long have I used the solution?
I have been working with Barracuda Application Firewall for more than four years.
What do I think about the stability of the solution?
When the SDM crashed, we experienced instability, yet support usually acted quickly and was very helpful, ensuring stability for customers.
What do I think about the scalability of the solution?
Scalability is strong, rated eight to nine. The solution is capable of meeting scalability requirements efficiently.
How are customer service and support?
Technical support may be rated as eight or nine out of ten. The support is very helpful and responsive.
Which solution did I use previously and why did I switch?
Due to the decision by Barracuda not to support Azure Stack Hub, we replaced Barracuda WAF with another vendor for more than ten customers.
How was the initial setup?
The setup process is too simple.
What's my experience with pricing, setup cost, and licensing?
On a scale, pricing is nine out of ten. It's a reasonable price for this product.
Which other solutions did I evaluate?
There is no comparison, as Barracuda is too smart. Compared to FortiWeb, Barracuda is much better.
What other advice do I have?
I would rate Barracuda Web Application Firewall at nine out of ten overall. I can recommend it to other users. Barracuda is one of the remarkable vendors in web security and is too smart.