At its core, the Barracuda WAF is a firewall that is capable of monitoring Layer 7 network traffic, so it can look all the way down to the application level, as well as monitor the bulk of the traffic moving through Layer 4. It is deployed as hardware, a virtual appliance or within the Amazon Web Services or Microsoft Azure public cloud. If deployed virtually or through the cloud, it will update is 
drivers and expand its capacity automatically based on need. If the hardware version is used, Barracuda will upgrade the box to the latest and greatest equipment every four years, free of charge.
Calling the Barracuda WAF a firewall is seriously selling it short. It’s more like the core of an independent bastion of cybersecurity, able to inspect both inbound and outgoing traffic. The WAF functions like a reverse proxy, and is placed at the front of the data pathway. It intercepts all traffic, inspecting it for attacks and blocking them before they make it to any servers. In fact, it only allows traffic through that conforms to security policies, and that includes both incoming and outbound flows.
Read the entire review, only in CSO Online.