The URL filter is comprised of multiple components to process traffic. The Barracuda NG Web Filter engine requires an NG Web Filter subscription. With the Barracuda NG Web Filter the URL category databases can be stored locally on the Barracuda CloudGen Firewall. The Barracuda NG Web Filter additionally offers an offline database for URL categories. The Barracuda NG Web filter can not be used with Application Control.
URL Filtering Process
The following flowchart illustrates how traffic is processed by the main components of the URL filter:
Proxy - Basic ACL
An URL request from the client browser is first processed by the HTTP proxy to determine if it is allowed by the ACL. If the basic ACL does not allow Internet browsing, the request is dismissed and the proxy server's internal block HTTP page is displayed. For more information on configuring the HTTP Proxy ACL, see How to Configure User Authentication and Access Control.
To view the logs for the URL Filter service, go to the LOGS Tab of the Barracuda CloudGen Firewall. The URL Filter service generates the following log files:
- Fwauthd – Log created by the Barracuda Authentication Client that is processing the block page.
Load Sharing and High Availability
The URL filter can also be installed on both units in a high availability (HA) setup. In a HA setup, it may be useful to configure a second URL filter on the peer unit to share the load and to take advantage of the additional hardware. The second URL filter requires its own license.
The following figure illustrates such a setup where the URL filter is configured on both Box HA-1 and Box HA-2:
If Box HA-2 is down (for example, because of a hardware failure), Box HA-1 takes over the proxy server and URL filter server that were hosted by it.
This behavior is necessary to avoid fraud with multiple URL Filter servers using the same license. As a result, only 100 users (the number of users depends on the NG Web Filter licenses installed on the now active box) are allowed at the same time.