This solution applies to Barracuda SSL VPNs, all firmware versions.
A tunneled web proxy can be a good choice for a Web Forward type, but this requires the Barracuda SSL VPN Agent for it to run. The SSL VPN Agent sets up a local tunnel from the client to the server and points the web browser at the local tunnel. This Web Forward type can often be used when the other Web Forward types fail, as the server does no modification of the web page source and simply connects an SSL tunnel from client to destination.
A tunneled proxy should work well with web sites that start off at the root of a web server and all links on the web pages remain on the same web server.
If you have a web site which links off to external web sites, then a tunneled web forward is not suitable, because when an external link is clicked, the connection will jump outside of the tunnel and attempt to connect directly to the destination server. This web forward type will only work with URLs that are addressed relative to the web root. For web sites that have absolute addresses defined, any connections will not go via the tunnel and a different Web Forward type should be used.
Some other problems that may exist with this Web Forward type are that some web browsers monitor the host in the HTTP headers and sometimes refuse to connect if they see 127.0.0.1 in there (which you will get as the client machine is connecting to the local end of the SSL tunnel).
Steps to configure a Tunneled proxy:
- First, access the target web site directly and make sure that all the links you need to work remain on the same web server and that in the source code, all URLs are relative.
- Navigate to Resources > Web Forwards.
- Change the Type to Tunneled Proxy.
- Enter a name for the resource.
- Enter the starting URL for the web page.
- Click Add.
- By default, a tunneled proxy opens up a random local port on the client machine and then points the browser at this random port. If you instead wish to open the same specific port on the local machine, edit the resource and change the Tunnel Port from 0 to the value of your choice (note that this must not conflict with any services running on the client machine).
proxy does not support authentication pass through, so if you need this
another Web Forward type should be used.