This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
While all of this first appeared extremely complex, F5 features a clean and informative interface coupled with outstanding documentation and technical support. The complexity was offset by the rich load balancing and traffic management features necessary for delivering application security in big pipe environments.
Citrix required a lot of manual entry, but offered a clean Windows-based configuration utility. It wasn't as time consuming as Barracuda's Web Firewall's setup or as complex as F5, which required extensive understanding about network traffic management prior to setting up the security features.
Barracuda is somewhat complex and took a long time to set up. Even though we used Barracuda's Web application wizard, an extensive amount of manual security configuration was required to effectively protect our test applications against our attacks. Since Bar-racuda boasts of its ability to be set up in a pro- duction environment without causing disruption, we initially de-ployed the box in passive mode, producing logs that identified actions that would have been taken if it was in active response mode--for example, blocking traffic from an IP that was performing a brute force login, forceful browsing or bot activity. This allowed us to effectively tune the appliance prior to switching to active mode--a real plus for security managers without the time or resources to first deploy in a mirrored test environment.
This was first published in March 2008