We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Using Application Control Features with HTTP(S) Proxies

  • Last updated on

You can use Application Control features with the internal HTTP Proxy service and external proxies. Depending on what type of proxy is used, Application Control might be limited or require additional configuration.

Proxy TypeHTTP Proxy Service:
Forward Proxy on ports 3128 and 8080

HTTP Proxy Service:
Transparent Proxy

External HTTP(S) ProxyExternal HTTP + HTTPS Proxies
Application ControlYesYesYesYes
Sub-application DetectionNoYes (with an access rule for HTTPS)YesYes
SSL InterceptionYes (via HTTP Proxy Service)Yes (with an access rule for HTTPS)YesYes
Virus Scanning
Yes (via HTTP Proxy Service)Yes (via HTTP Proxy Service)YesYes
URL FilterYes (via HTTP Proxy Service or Firewall Service)Yes (via HTTP Proxy Service or Firewall Service)YesYes
ATPYesYesYesYes
Application Based Provider SelectionNoNo--
Safe SearchNoNoNoNo
Google Accounts FilteringNoNoNoNo
File Content FilteringNoNoNoNo
User Agent FilteringYesYesYesYes

HTTP Proxy Service (Forward Proxy)

When the client is configured to use the HTTP Proxy service for both HTTP and HTTPS, Application Control can be used to detect applications for HTTP connections. Clients contact the HTTP Proxy service directly on port 3128 or 8080 for both HTTP and HTTPS connections. SSL Interception is handled in the HTTP Proxy service

Please note that this setup does not work if you are using a load balanced HA deployment in which the Forwarding Firewall service and the HTTP Proxy service are not on the same virtual server.

appid_fwd_proxy.png

HTTP Proxy Service (Transparent Proxy)

When the HTTP Proxy service on the F-Series Firewall is configured as a transparent proxy, only HTTP traffic is sent to the HTTP Proxy. To pass HTTPS traffic through Application Control and SSL Interception, you must configure an explicit access rule.

It is not possible to use the built-in SSL Interception in the HTTP Proxy in a transparent proxy configuration.

appid_transparent_proxy.png

External Proxy

When clients use an external proxy for both HTTP and HTTPS traffic, there are no restrictions. Application Control can inspect all traffic coming from or going to the proxy.

appid_ext_all_in1_proxy.png

Separate HTTP and HTTPS (SSL) Proxies

No limitations apply when clients are configured to use separate external HTTP and HTTPS proxies. Application Control and SSL Interception can inspect all traffic coming from and going to the HTTP and HTTPS proxies.

appid_ext_http_ssl_proxy.png

Last updated on