What's New in Version 5.0
- Client-side SSL inspection - Configured on the Barracuda Web Security Gateway, client-side SSL inspection offloads this processing-intensive feature to the client machine, resulting in improved overall performance of the Barracuda Web Security Gateway. See Client-side SSL inspection with the Barracuda WSA for details. This feature requires running the Barracuda Web Security Gateway version 12.0 or higher.
Enhanced authentication mechanism with the Barracuda Web Security Gateway - The Barracuda WSA can use certificates you create on, or upload to, the Barracuda Web Security Gateway to verify the identity of the Barracuda Web Security Gateway and ensure that administrative traffic (configuration, policy requests, and logging) is encrypted, both on the local intranet and when roaming on untrusted networks. See Authentication with the Barracuda Web Security Gateway and the Barracuda WSA for details. This feature requires running the Barracuda Web Security Gateway version 12.0 or higher.
- The Barracuda Web Security Service is not supported for the Barracuda WSA 5.x and above.
- The SERVICE_MODE parameter for the Barracuda Web Security Gateway is now "1" instead of "2", and is now optional for command line installations (by default set to "1").
The Tamper Protection/Watchdog feature is not supported with the Barracuda WSA 5.x and above.
- Fixed issue where Win7/Win8 users saw unsigned driver system errors. [BNWSA-2769]
- The signing certificate of the current agent expires on Jan 21, 2019. This can cause issues with installation or possibly with the agent's ability to enforce policy. This new version contains the updated certificate. [BNWSA-2762]
- Improvements on memory consumption caused by service monitoring using WMI. [BNYF-15256]
- Improvements in network monitoring for conditions where the laptop moved between networks. [BNYF-13889]
This patch includes all fixes since the release of Barracuda WSA 18.104.22.168, and is ONLY available via https://login.barracudanetworks.com/support/downloads/. Select Barracuda Web Security from the drop-down section, and download the Barracuda Web Security Agent. This patch is not available via the Barracuda WSA Auto-update feature.
Known Issue in version 5.0.2: As observed only on Windows 7 machines: If Policy Lookup Mode (PLO) is ON with Client-side SSL Inspection enabled and google.com set as an inspected domain, accessing mail.google.com may need a manual reload to show the page content.
- Improved stability and performance.
- Performance improvements with Client-side SSL Inspection enabled.
- Addressed long load times/ parts of sites not loaded for busy pages like msn.com, espn.com, cnn.com, etc.
- Fixed application errors while the Barracuda WSA is active.
- Fixed Skype For Business NOT working in inline mode.
- Fixed issue where domain wildcards were ignored for proxy exceptions and packet capture.
- Fixed issue where auto-update was always executed, even when disabled.
Fixed issue where Google Mail was inaccessible with Policy Lookup and Client-side SSL Inspection enabled, and Google domains set to be SSL inspected.
- Fixed upgrade issues to future versions (that currently affects only EA 22.214.171.124)
- Fixes for Barracuda Web Security Gateway Authentication feature:
- Allow Sync Settings via Barracuda WSA Configuration Tool if Authentication feature is disabled.
- Certificate Hash is now accepted and sanitized if manually entered with colons.
- Check for Updates option is grayed out if 'Allow update' is disabled.
- Improvement: Stability fixes and additions
- Improvement: Security additions around Auto-Update functionality
- Improvement: Configuration Tool fixes and web interface improvements, including configuration of the Barracuda Web Security Gateway authentication feature.
- Improvement: Periodic configuration sync every 24 hours.
- Fixed: HSTS blocked as appropriate in Firefox.
- Fixed: Barracuda Web Security Agent Icon in sys tray (non-silent user mode) now reflects the current proxy state.
- Fixed: 'Allow Remove' option works as expected.
- Fixed: Bypass Filter (Network Exceptions) needs bigger buffer size. [BNWSA-2362]
What's New in Version 126.96.36.199
- Added ability to enable Barracuda Web Security Service customers to transition to using the Barracuda Web Security Gateway.
- Enabled the Barracuda Web Security Agent to upgrade to the next major version 5.0 via the Auto Upgrade feature (Barracuda Web Security Gateway only).
Fixed in Version 188.8.131.52
- Resolved issue with password prompt errors if no password is set for Barracuda Web Security Service customers.
- Stability fixes.
What's New in Version 4.4.6
- Ability to override use of LSP interception technology with WFP for Windows 7 users. Choosing WFP over LSP can mitigate compatibility issues between the Barracuda WSA and 3rd party applications such as antivirus applications, resulting in better stability. You can choose WFP at installation time or using the Configuration Tool for Barracuda WSA Windows Client 4.x. Does not apply for Windows 8+, which uses WFP by default.
- Barracuda uses SHA-256 code signing for all Barracuda binaries for all supported platforms and OS versions. If you are running Windows 7 and want to be able to use WFP or Tamper Protection, you must install the Microsoft Security Advisory 3033929 security patch. Some Windows 7 installations may run into difficulties when using Tamper Protection or switching between LSP and WFP drivers for traffic interception. These features will not work as expected, as Windows 7 needs the patch to trust the SHA-256 signed kernel-mode drivers.
- Fail Open/Fail Closed trigger granularity - Previously, connectivity (health) checks were triggered by system events including log on, sync, network address changes, etc. This version provides more granular connectivity checking based on internal connection errors, resulting in more accurate triggering of Fail Open and Fail Closed modes as well as recovery from Fail Open / Fail Closed modes.
Fixed in 4.4.6
- Fixed: Updated installer to mitigate issue of IE crashing in some scenarios. [BNWSA-1375]
- Fixed: The Barracuda WSAMonitor icon no longer appears when in silent mode when auto updated from 184.108.40.206. [BNWSA-1685]
- Fixed: Toggling the Auto Update state to ON no longer requires a re-login / reboot of the machine in order to be applied. [BNWSA-1799]
- Fixed: In some cases, the Barracuda WSA would go to Inline Mode, even if not behind a Barracuda Web Security Gateway. [BNWSA-1851]
What's New in Version 4.4.5
Important: When auto-upgrading on silent installation, the Barracuda WSA Monitor icon can, in some cases, show on the client after the update is complete. To avoid this issue, Barracuda recommends pushing the upgrade by GPO or doing a manual installation.
Fail Open/Fail Closed behavior customization option - The administrator can override the default behavior of the FailOpen/FailClosed feature in terms of:
- Retry interval
- Timeout of connectivity test requests
This customization option is available as an override via registry key only. The override can be pushed out to clients via GPO, and must be applied AFTER an update or installation of the Barracuda WSA has completed and the Barracuda WSA has been started up at least once on the client. For details about using the customization option, please contact Barracuda Technical Support.
Fixed in Version 4.4.5
Barracuda Web Security Service Deployments
- The WSAMonitor icon state does not show as active in FailOpen or FailClose mode. [BNWSA-1635, BNWSA-1603]
- The Barracuda WSA FailOpen function behaves as expected. [BNWSA-1301]
- The Barracuda WSA gets disabled as expected when the user account profile is disabled on the REMOTE FILTERING > Web Security Agent page in the Web Security Agent Central Management Activation section. [BNWSA-1628]
- The client context menu always shows the current host on the host list. [BNWSA-1639]
- In the Configuration tool, the Service Port setting is disabled since it is configured automatically by the Barracuda Web Security Service. [BNWSA-1627]
- Save-Settings function does not fail on Fallback. [BNWSA-1404]
- High CPU usage mitigated when the Barracuda WSA is connected with the Barracuda Web Security Service. [BNWSA-1623]
Barracuda Web Security Gateway and Barracuda Web Security Service Deployments
- Fixed heap corruption issue in BarracudaWSA service. [BNWSA-1539]
- Fixed compatibility issues with VS2012 Express (WDExpress) when opening "Attach to process" dialog. [BNWSA-1542]
- Chrome.exe is not filtered if it’s not specified in the Applications to Filter setting. [BNWSA-1638]
- Fixed issue loading websites on Chrome browser. [BNWSA-1484, BNWSA-1558]
- WSAMonitor icon does not display after system restart when the Barracuda WSA is configured for silent installation. [BNWSA-1511]
- In the Configuration Tool, the Service Host field reflects changes as expected. [BNWSA-1368]
Fixed in Version 220.127.116.11
- When Central Management is disabled, WSA clients connected to the Barracuda Web Security Service do not fail open or request synchronization of the configuration every 30 seconds.
- When the WSA is installed on the client, applications connect properly to their web service as expected.
What's New in Version 4.4.3
- Upgraded signing certificate: Users download the Barracuda WSA installer file with the IE browser seamlessly.
- Application compatibility: IP addresses added to the Bypass Filter no longer appear in logs and are no longer intercepted by the Barracuda Web Security Agent in order to avoid incompatibilities at the protocol level.
Fixed in Version 4.4.3
- Fixed issues with handling split DNS setup for Barracuda Web Security Gateways.
- Stability and performance fixes.
What's New in Version 4.4.2
- Overall stability, installation and performance improvements
- Added the ability to hop between networks while using the WSA [BNWSA-178]
Fixed in Version 4.4.2
- Improved connection to the Barracuda Web Security Gateway. [BNWSA-1184, BNWSA-1194]
- Stabilized the running of the agent on host systems. [BNWSA-1197]
- Improved uninstallation process for agent. [BNWSA-1199, BNWSA-1192]
- Stabilized upgrade process between versions. [BNWSA-1218]
- Update notifications can be disabled effectively. [BNWSA-1231, BNWSA-1217]
- Microsoft VPN and IE compatibility changes. [BNWSA-1189, BNWSA-17]
What's New in Version 4.4.1
- Added Windows 10 support, including the new Microsoft Edge browser. [BNWSA-943]
- Security fixes for Barracuda WSA service at endpoint, as found by Kevin Fairchild [developmentgeek.com]. [BNSEC-6147]
- Improved security with transfer of password between the Barracuda Web Security Gateway or Barracuda Web Security Service and Barracuda WSA services.
Fixed in Version 4.4.1
Update Manager and Settings Management
- Improved auto-update functionality to resolve a high severity vulnerability and enhanced security for Barracuda WSA service related to user policy information, as found by Kevin Fairchild [developmentgeek.com]. [BNSEC-5990]
- Improved uninstall process to remove traces of Barracuda WSA agent.
What's New in Version 18.104.22.168
Barracuda recommends updating to this version as it resolves stability issues found in version 4.4.0.
Barracuda WSA stability fixes upon continuous browsing. [BNWSA-1142]
The Barracuda WSA Utilities Developer logs are disabled. [BNWSA-1145]
What's New in Version 4.4
Improved User Experience
- Silent installations do not prompt for an update
- Anonymized version reporting for product planning
- Opt-out functionality for anonymous data reporting
- Stability improvements during settings reload and synchronization events
- Backward compatibility of Policy Lookup Mode to Barracuda Web Security Gateway version 8.1.005
- Policy lookup requests to the Barracuda Web Security Gateway are now encrypted
- Enforced additional best practices from Microsoft
- Other security fixes that include verifying signature of installers and improved encryption of data between the Barracuda WSA and the Barracuda Web Security Gateway
Fixed in Version 4.4
Fallback Hosts (Applies to Barracuda Web Security Service)
- Existing connections do not drop when changing service host or when ranking hosts
- After switching service hosts, existing connections continue to use the previous host while new connections are switched to the currently selected host