If you want to configure client-side SSL inspection, see Client-side SSL inspection with the Barracuda WSA for version requirements and instructions.
For satellite offices, mobile workers and students, the Barracuda WSA allows secure web browsing access for any computer at any location, that complies with the web access and security policies of the organization. For more information about the Barracuda WSA, see Overview.
By default, the Barracuda WSA routes client web traffic through the Barracuda Web Security Gateway, which monitors traffic and applies policies before routing the traffic.
However, when using Policy Lookup Only mode, the Barracuda WSA deployed on the remote machine looks up policies configured on the Barracuda Web Security Gateway for that user/client, applies the policies, then routes allowed web traffic from the remote machine via the usual path to the Internet. Traffic is not routed through the Barracuda Web Security Gateway. To enable this mode, simply set Policy Lookup Only Mode to Yes on the ADVANCED > Remote Filtering page of the Barracuda Web Security Gateway web interface.
Policy Lookup Only mode saves corporate bandwidth and reduces traffic through your Barracuda Web Security Gateway; however, the following considerations may mitigate these advantages:
- Since the remote client traffic does not pass through the Barracuda Web Security Gateway, virus and malware scanning is not applied to this traffic. This is an important consideration when deciding whether or not to enable Policy Lookup Only Mode.
- When using Policy Lookup Only mode, because client web traffic is not routed through the Barracuda Web Security Gateway, SSL Inspection of HTTPS traffic is not available unless you configure Client SSL Inspection for the Barracuda WSA (see below). Seen Using SSL Inspection With the Barracuda Web Security Gateway for more information. If you want to be able to regulate social media applications such as Facebook or Twitter, block applications at the URL level or use Safe Search over HTTPS, you need to use SSL Inspection and set Policy Lookup Only Mode to No.
Using Client-side SSL Inspection
Client-side SSL Inspection is supported with the Barracuda WSA:
- For Mac_ when running version 11.0 or higher of the Barracuda Web Security Gateway and version 5.0 or higher of the Barracuda WSA for Macintosh
- For Windows: when running version 12.0 or higher of the Barracuda Web Security Gateway and version 5.0 or higher of the Barracuda WSA for Windows
This is configured on the ADVANCED > Remote Filtering page of the Barracuda Web Security Gateway and requires setting Policy Lookup Mode to Yes (enabled). See also Client-side SSL inspection with the Barracuda WSA.