We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Firmware Version Is End-Of-Support

As of December 1st, 2018, all new sales for Barracuda NextGen Firewall X Series products have ceased. Only renewals of software and hardware subscriptions for a maximum of one year are available for a limited time. December 1st 2019: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires, or until the End of Life definition as described in the End of Support and End of Life Information.

How to Configure a Transparent Redirection to a Barracuda Web Security Gateway

  • Last updated on

The Barracuda NextGen Firewall X-Series can transparently redirect all HTTP and HTTPS traffic to a Barracuda Web Security Gateway or any other HTTP/S processing device. The Barracuda Web Security Gateway can then process the HTTP/HTTPS request using the original source and destination IP addresses. After the Barracuda Web Security Gateway applies all local policies and collects the statistics, the web traffic is then forwarded to the Internet via the X-Series Firewall. This configuration allows the proxy to apply all policies as if it were directly connected to the client. It also allows the proxy to create meaningful statistics and connection information.

The Barracuda Web Security Gateway may be any device processing HTTP or HTTPS.

transparent_redirect_rule.png

Before your Begin

  • The X-Series Firewall and the Barracuda Web Security Gateway must be connected to the same subnet (within the same ARP domain).

Step 1. Create a Transparent Redirect DNAT Access Rule

Create the DNAT access rule to forward all HTTP traffic to the Barracuda Web Security Gateway.

  1. Go to FIREWALL > Firewall Rules.
  2. Click Add Access Rule.
  3. Create an access rule to transparently redirect all HTTP and HTTPS traffic through your Barracuda Web Security Gateway:
    • Action – Select DNAT.
    • Source – Select Trusted LAN. Alternatively, select IP Address and enter the network the client using the Barracuda Web Security Gateway is in.
    • Destination – Select Internet.

    • Network Services – Select HTTP+S.

    • Redirect Select IP Address and enter the IP address of the Barracuda Web Security Gateway. E.g.. 172.16.0.10

      Do not use network objects containing host names (DNS objects). The firewall does not redirect traffic to a hostname or FQDN. 

    • Connection – Select No SNAT.
    • Application Control – Set to No.

    transparent_redirect_68_01.png
  4. In the Add Access Rule window, click the Advanced tab.
  5. In the Other section, set Transparent Redirect to Yes.
    transparent_redirect_68_02.png
  6. Click Save.
  7. Drag and drop the access rule so that it is the first rule that matches the traffic that you want it to forward. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
  8. Click Save.

Step 2. Create an Allow Access Rule for the HTTP Proxy to Access the Internet

  1. Go to FIREWALL > Firewall Rules.
  2. Click Add Access Rule.
  3. Create an ALLOW rule to allow the Barracuda Web Security Gateway to access the Internet:
    • Action – Select Allow
    • Source – Select IP Address and enter the IP address of the Barracuda Web Security Gateway.
    • Destination – Select Internet.
    • Network Services – Select HTTP+S.

    • Connection – Select Dynamic SNAT.
    • Application Control – Set to No.

    transparent_redirect_68_03.png

  4. In the Add Access Rule window, click the Advanced tab.
  5. In the Denial of Service and Spoofing Protection section, set Interface Group to Any.
    transparent_redirect_68_04.png 
  6. Click Save.
  7. Drag and drop the access rule so that it is the first rule that matches the traffic that you want it to forward. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
  8. Click Save.

Step 3. Create an Allow Access Rule for the Barracuda Web Security Gateway to Access the Client

To allow the Barracuda Web Security Gateway to access the client, create an access rule with the following settings:

  • Action – Select Allow
  • Source – Select IP Address and enter the IP address of the Barracuda Web Security Gateway.
  • Destination – Select Trusted LAN
  • Network Services – Select HTTP+S.

  • Connection – Select No SNAT.
  • Application Control – Set to No.

transparent_redirect_68_05.png

Step 4. Configure the Barracuda Web Security Gateway

In order to successfully send the connection from the Barracuda Web Security Gateway to the Internet you must configure the device to:

  • Route to the Internet using the X-Series Firewall as the gateway.
  • Route to the internal client network using the X-Series Firewall as gateway.
  • HTTP traffic must use the IP address of the Barracuda Web Security Gateway as the source IP for outgoing connections.

For more information, see Barracuda Web Security Gateway - Overview.

Last updated on