What to do with an out-of-warranty Barracuda Spam/Web filter?

I'm working with an organization that would like to start using a old Barracuda Spam Filter 300 unit. I've sold and configured plenty of these, but was surprised to see that this unit's warranty lapsed by 6 months. The company was acquired and this equipment came along in the transfer. I called in to Barracuda and was promptly directed to their Warranty and License agreement. In short, they will not renew or extend a warranty on their hardware products to anyone except for the original owner. No exceptions! This means no firmware or virus updates.

A little more probing and I discovered dozens of used Barracuda devices on eBay available for a tiny fraction of the original price because they are ineligible for Barracuda's subscription firmware and updates. This is upsetting, as these units are basically "bricked" from the manufacturer's perspective. The rigid practice of not allowing ownership transfers is ridiculous.

I did find a company, BarracudaPro, that focuses on restoration and repair of these units, but I'm curious if any other admins are running their Barracuda Spam/Web Filters without updates in an unsupported capacity. Any problems? Anything to watch out for?

I would suggest that they're trying to suppress the market in second hand Barracuda devices. Many are sold with 3yrs up-front, fire-and-forget, and a number end up out of use before it is over. I am sure Barracuda would rather people come and buy a brand new unit than get the last year of an old one and work from there.

Certainly it is unusual though - I speak to a fair few ex-Barracuda customers (i work for Smoothwall) and they are one of only a handful of vendors that won't play nice when you move. All we ask is that you're willing to make sure the licence is renewed, and we can move it, but then having come from a software background, we're less hung up on actual tin.

My advice would be not to bother with a system that's going to run more and more out of date - I recognise that this advice is possibly slightly biased, working for a security vendor I am bound to be keen on people staying up-to-date :) - but you're only going to get complaints down the line as performance tails off, and then you're looking at a decent sized job to replace it, even with another Barracuda, as the software will have altered in the interim.

I agree with the idea of re purposing the box. I had an old barracuda box and installed m0n0wall on it. It now provides a captive portal for wireless at one of my remote sites. It was pretty easy to set up. I even found an image that I printed out that says "Zombiecudda Back from the dead." I can't remember where I got it but I printed it out and stuck it on the front of the box. It has worked like a charm.

I would imagine it would be fine for a while, but over time as SPAM evolves and your Barracuda appliance has not been updated, you'll start seeing more and more spam and viruses.

If it were me, I would ditch it if it's not supported. If this is something that's a critical piece of your infrastructure (i.e. if it dies or has a problem, you have no email), it's good to play by the manufacturer's rules to be sure your a** is covered.

I've been through this over and over where the business wants to cheap out now because they don't want to purchase whatever needs to be purchased, then in 4 months it dies or has some major problem and you have no solution but to buy a new one, configure it, test it, etc. and 3 days later it's working again. Meanwhile the boss is pointing the finger at you when the business has no email.

Long story short, if it's critical to your business, set it up correct now, then you don't have to worry about it.

As a side note, I work with a few different manufacturers of these devices (namely Sonicwall and Cisco) and none of them have ever given me grief about transferring ownership and renewing support agreements under the new owner.