The Barracuda Spam Firewall VMware Appliance (Vx) finally exists!

When I started at my current company, spam was handled with a separate server running SpamAssassin and a few other services. This sort of got the job done but required babysitting. I wasn’t part of the Sysadmin team at that point but I know they had to restart SpamAssassin relatively frequently, manually clear out the email queue when people noticed they weren’t receiving email, etc.


After a few months, someone wised up and purchased a Barracuda Spam Firewall. I assumed this was basically a pretty GUI wrapper around the same tools we had already been using, but it was certainly worth the money. In addition to the basic filtering of spam it filtered for viruses, performed recipient verification against AD via LDAP, had nice graphing and reporting.

We bought the unit in October, 2005 and it’s mostly been great. There’ve been some hiccups over the years but all things considered it’s performed very well. However, when we recently updated the firmware from the 3.x series to the 4.x series we started experiencing problems: intermittent outages (connection refused for ports 25 and 443), CPU load pegging at 100%. We called support and, as I suspected, the problem is most likely due to the age of the hardware. It’s been nearly 5 years so I figured it was time to replace the unit. The original unit was a model 300, so I was considering a Model 400, which, in addition to the updated hardware, offered SNMP monitoring (of which I am a big fan).

It was at that point that I saw they now offer a VMware Virtual Appliance. I requested a demo license and downloaded the appliance, which was just a zipped .ovf. A demo key was emailed to me. I imported the OVF, gave it 6GB memory (we have plenty to spare in our ESX cluster – our original 300 unit only had 512 MB) and powered it on. It booted to a standard Linux console prompting me for a username and password. I didn’t know what the default was (and I needed this to configure the network info) but Google turned up PDF instructions that revealed the default username/password to be admin/admin (which I probably should have just guessed). After that I was able to configure networking and access the web UI. I exported the config from our 300 unit and imported it into the Vx appliance which restored most of the settings (including our massive whitelist).

I haven’t tried routing any actual mail through it yet but so far it seems great – the same UI as the 300 but much faster – it takes just 1-2 seconds to login versus 60-90 on our old box, and the menus are much more responsive.

I was somewhat apprehensive about moving our inbound MX from a physical server to a VM in case of some outage affecting VMware, but that’s only happened once in the two years we’ve been running VMware, and was due to a network misconfiguration. In the end I decided to risk it, though, because the virtual appliance costs $1,000 plus $180/year for each 100 users versus $3,999 for the Model 400 + $1,099 for the first year of updates (with no limit on the number of users). Plus, the appliance has all the software features of the highest-level model.

I don’t expect any problems, but this is my first virtual appliance purchase so I’m mildly apprehensive. Here’s hoping it works out. šŸ™‚

Advertisements

7 Replies to “The Barracuda Spam Firewall VMware Appliance (Vx) finally exists!”

  1. Evan,

    when you say all the features of the highest level model, does it have the ability to change the logo or banner on the quarantine messages?

    I’ve always wanted this feature with our current 300 model but it was always for much higher and pricer models.

    thanks

  2. Yes, I’ve changed the logo and banner on the Vx, and I think on the SMTP greeting as well. Basically all the software features of the highest-end model. So far I’ve been very pleased with the Vx.

  3. Evan,

    We are currently in the same situation as you were! New hardware or Virtual appliance? How has the Vx Appliance performed for you thus far? Our model 300 appliance is well past due for replacement and I have thought about going the virtual route. I guess my quesion is bascially if you had it to do over would you still opt for the Vx Solution.

    Thanks.

    1. Hi Adam,

      I’ve been very happy with the Vx appliance. The performance is fantastic – we’re running ESX 4.1 on HP DL360 G6 with Xeon X5550 CPUs, and I gave the Vx 6 GB memory. It was taking nearly 5 minutes just to login to our old 300, it now takes under 2 seconds. It was the cheapest solution for us and made sense in other ways – power savings, less hardware to manage, basically all the reasons to go with VMs over physical boxes.

      In addition, since the performance improved so much we were able to use the Vx as our outbound SMTP relay in addition to standard inbound. We already had a Linux VM performing this task with Postfix but the Vx has some nice features like bounce-spoof prevention. We weren’t able to use this with the 300 because it was already half dead.

      But to answer your question, I would definitely go with Vx again.

      Evan

      1. Adam,

        Thanks for the info.

        What was the price difference between the yearly energize upates and the equipment protection vs the yearly licensing of the Virtual appliance? I just got a quote from my rep that must be screwed up. The quote for 1 year of energize updates is $633.22 and 1 Year instant replacement costs $406.75.

        So I asked for a quote for the cost of a comparible Virtual Appliance. The quote he gave me was $1499 for 1 year!

        Does that jive with the price your paying because it doesn’t really make sense to me.

        Thanks,

        Paul

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s