Barracuda Web Application Firewall Reviews & Insights

Score5.2 out of 10

19 Reviews and Ratings

Community insights

TrustRadius Insights for Barracuda Web Application Firewall are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Effective Spam and Junk Email Filtering: Users appreciate the ability of the Barracuda web app firewall to effectively filter spam and junk email, preventing clutter in their inbox. Several reviewers have mentioned that this feature has significantly reduced the amount of unwanted emails they receive.

Intuitive Graphical User Interface: The intuitive graphical user interface of the Barracuda web app firewall is highly praised by users, as it makes navigation and understanding of the software easy. Many reviewers have mentioned that they were able to quickly familiarize themselves with the UI, leading to a seamless user experience.

High Performance and Reliability: The Barracuda web app firewall is commended for its high performance and reliability, making it easy to manage. Numerous users have expressed satisfaction with the consistent performance of the firewall, stating that it has successfully protected their network without any downtime reported over several years.

Reviews

6 Reviews

Barracuda Web Application Firewall decide in just few minutes

Rating: 8 out of 10

July 28, 2025

Use Cases and Deployment Scope

-Barracuda Web Application Firewall is being used to protect all our on prem applications -It protects against all layer 7 web attacks like SQL injection, XSS, etc -It provides protection against top ten Owasp as well -It provides protection against bot attacks -It provides protection against Dos attacks, - It mitigates Dos attacks as well, - It has a content updates as well that provides mitigates against zero day attacks, - the URL and Parameter profile has a very granularity to mitigate false positives, -learning if the traffic also provides easy to make an application ready to enforce in blocking

Pros

Attack patterns are regularly updates through contents via Barracuda Web Application Firewall update servers
Bot Protection has a good line feature to verify between the genuine clients like browsers and bots
Dos Protection also good level of protection to mitigate Layer 7 attacks
Allow Deny Rules provides a lot of granular controls to allow and deny the traffic
URL profiles has a very granular control to mitigate false positives
Parameter profiles has a very granular control to mitigate false positives
Risk score feature for the clients to mitigate attacks is also very good feature
Client fingerprint module can be used against malicious user to enhance security
Separate XML and JSOn profile for all the URL profiles of the application is plus
API security is very much effective and shadow API can also be identified

Cons

STM crashes sometimes happen due to unusual traffic pattern
Obfuscation on the client side user credentials which appears in the developer tools of browser
URL Profiles redundancy during the learning of traffic needs to be fixed
Dos Protection should be more granular like escalation period to throw JS challenge, Captcha and rate limit when escalation period hits until the WAF stops the attack
Client Fingerprinting should work as expected when verifying the clients as in rare some scenarios, it creates issues

Likelihood to Recommend

-Companies have to focus on budget like their budget is very strict -Companies have less number application to protect and they want performance rather than protection of numerous number of applications -Where load balancing is less priority and application security is the only focus -Companies doesn’t want to spend too much on WAF engineer to handle it and require an admin with less knowledge as it provides very easy interface to handle it - It is best where companies need to stay away from additional charges from using Dos, Bot, client fingerprinting, rate limiting, risk scoring featues

Verified User

Engineer in Information Technology (10,001+ employees)

Vetted Review

4 years of experience

An excellent, reliable solution for Education

Rating: 8 out of 10

Incentivized

September 30, 2022

Use Cases and Deployment Scope

Previously used a virtualised TMG server that slowed our internet connection as it didn't have the required throughput. Switching to a dedicated solution improved throughput and provided more granular control over the Firewall. It also gave us a failover for the web-filter, allowing us to maintain our dedicated web-filter whilst the Barracuda unit provided continuity of service.

Pros

Easy to use management interface
Granular control of processes
Excellent reliability - have had zero downtime over the last 5 years

Cons

Reporting can be a little difficult
Quick block/unblock is hidden away
Live view of traffic shows lots of web 'furniture'

Likelihood to Recommend

Easy to use and reliable, with very little maintenance required and zero downtime to date. For the education sector, ease of use is hugely important as IT Managers/Technicians are often "Jack of all trades" with a good, broad general knowledge but perhaps lacking specific expertise in certain aspects. Being provided with easy-to-follow tutorials and instructions has been very useful in setting up and configuring the firewall, especially as my background is more in desktop support.

Verified User

Professional in Information Technology (51-200 employees)

Vetted Review

7 years of experience

Best Product for Email Security

Rating: 9 out of 10

June 15, 2021

Use Cases and Deployment Scope

It has been a best product for us as an MSP and also for our clients. Some of our clients used to get hit with phishing attempts 5 - 7 times a day and this has reduced that to almost 98%. The checks that it performs to analyse the emails is record breaking and will only allow emails to go through if they pass these check. Would highly recommend this product as a solution.

Pros

Email Filtering and Inspection
Web-based intrusions and attacks
Traffic Patterns

Cons

More features in Web UI
Integrated Control
Allow user feedback before newer firmware versions

Likelihood to Recommend

Best Suited for Customer Environments with O365 Setup - Would recommend it for small, medium, or even large-sized organizations. Need to make some adjustments if you have an automated email setup for some apps.

Verified User

Partner in Information Technology (11-50 employees)

Vetted Review

Reseller

3 years of experience

Barracuda Web Application Firewall: The Watchdog you want!

Rating: 10 out of 10

April 27, 2021

Use Cases and Deployment Scope

We block entire countries which is a balancing act as we are global, but with increased risks of brute force, attacks we us [for] the firewall [is] our first line of defense.

Pros

We can block entire countries.
Support is Awesome.
Setup is straightforward and adding licenses is easy.

Cons

Some ports are open by default which if not caught can leave us wide open for attacks.

Likelihood to Recommend

After we were hit with a brute force attack, we [...] had to recover servers from backups. [So,] we used the firewall to block the county where the attack originated and closed additional ports.

Verified User

Technician in Information Technology (51-200 employees)

Vetted Review

3 years of experience

Easy To Navigate!!

Rating: 8 out of 10

Incentivized

November 6, 2019

Use Cases and Deployment Scope

We use Barracuda to protect against emerging threats.

Pros

Web application security.
Blocks emails that could be spam.
Blocks websites we don't people on here at the school district.

Cons

Reports could be somewhat confusing.
The initial setup was a little difficult for our Security Admin team.

Likelihood to Recommend

It could really help a smaller business keep users off websites you don't want them on.

Tony Ortiz

Database Administrator in Information Technology at Northside ISD (501-1000 employees)

Vetted Review

1 year of experience

Barracuda WAF Review

Rating: 9 out of 10

Incentivized

December 22, 2017

Use Cases and Deployment Scope

We are a reseller of Barracuda products. Therefore we sell and implement it at our clients' sites. These appliances are available as a physical or a virtual instance. For companies that are hosting applications/databases in the cloud, this is a must.They provide security as well as bandwidth "conditioning" for the users and the company data. A huge selling factor is that the appliance provides SD-WAN without the overhead cost that you would incur if being provided through the ISP.

Pros

SD-WAN
Traffic conditioning
Reasonable cost

Cons

Learning curve to implement
If using SD-WAN, multiple devices required

Likelihood to Recommend

If you have a database in AWS or Azure with a lot of transactions, SD-WAN is a must. This appliance provides the needed feature at a fraction of the cost of going through an ISP. If you do not have lots of application "transactions" an F series firewall would be more appropriate (and also less expensive).

Verified User

Director in Information Technology (11-50 employees)

Vetted Review

Reseller

2 years of experience

Loading Reviews List....

Barracuda Web Application Firewall decide in just few minutes

Rating: 8 out of 10

July 28, 2025

Use Cases and Deployment Scope

Pros

Attack patterns are regularly updates through contents via Barracuda Web Application Firewall update servers
Bot Protection has a good line feature to verify between the genuine clients like browsers and bots
Dos Protection also good level of protection to mitigate Layer 7 attacks
Allow Deny Rules provides a lot of granular controls to allow and deny the traffic
URL profiles has a very granular control to mitigate false positives
Parameter profiles has a very granular control to mitigate false positives
Risk score feature for the clients to mitigate attacks is also very good feature
Client fingerprint module can be used against malicious user to enhance security
Separate XML and JSOn profile for all the URL profiles of the application is plus
API security is very much effective and shadow API can also be identified

Cons

STM crashes sometimes happen due to unusual traffic pattern
Obfuscation on the client side user credentials which appears in the developer tools of browser
URL Profiles redundancy during the learning of traffic needs to be fixed
Dos Protection should be more granular like escalation period to throw JS challenge, Captcha and rate limit when escalation period hits until the WAF stops the attack
Client Fingerprinting should work as expected when verifying the clients as in rare some scenarios, it creates issues

Likelihood to Recommend

Verified User

Engineer in Information Technology (10,001+ employees)

Vetted Review

4 years of experience