It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Configure a Generic Web Forward

  • Last updated on

Create web forwards to allow SSL VPN users to access web-based internal applications or Intranet resources. There are predefined web forward types for frequently used services, such as Outlook Web Access and SharePoint servers, as well as generic settings that allow you full control over how the web content is rewritten. Web forwards can also be customized using user attributes. User attributes are defined by the administrator and filled in by the end user in the web portal. They allow for personalized URLs or Single Sign-On for web forwards.

Before you begin

Enable and configure SSL VPN on the firewall. For more information, see How to Enable SSL VPN and CudaLaunch.

Configure a generic web forward

  1. Go to the VPN > SSL VPN page and click the Resources tab.
  2. In the Web Forwards section, click Add Web Forward.
  3. In the Add Web Forward window, set Enable to Yes.
  4. (optional) Click Browse to upload a PNG file for the web portal, less than 30 kB and not larger than 80x80 pixels.
  5. Select Generic from the Web Resource Template drop-down list.

    For Outlook Web Access and SharePoint web forwards, see How to Configure an Outlook Web Access Web Forward and How to Configure a SharePoint Web Forward.
  6. In the Name field, enter the visible name for the web forward. This is the name used in the SSL VPN portal for this web forward.
  7. Enter the Root URL of the web server in the following format: Protocol type (http:// or https://) followed by the FQDN or IP address of the web server. For example, or
  8. Enter the Launch Path in the following format: "/" followed by the path and file name you want to request when starting the Web Forward. You can also include user or session attributes in the launch URL. For more information on Attributes, see How to Use and Create Attributes
    Example: /wiki/${session:username} or /lunchmenu/${user:location}/index.php
  9. (optional) In the Allowed Hosts list, add all servers that must be proxied by the SSL VPN when accessing this web forward. Enter Name, Root URL, and Launch Path in the Allowed Hosts section, and click +.
  10. In the Custom Headers section, define rules to replace or remove header values for either requests, responses, or both.
  11. (optional) To restrict access to the web forward by user group, remove the * entry in the Allowed User Groups list. Enter the user groups that can access the web forward, and click + after each entry. If no groups are added, the web forward cannot be accessed. Use question marks (?) and asterisks (*) as wildcard characters.
  12. (optional) In the Single Sign On section, change the session attribute for user attributes to enable SSO if username and password differ from the session credentials. For more information on how to create user attributes, see How to Use and Create Attributes.
  13. Click Save.
Last updated on