We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Agent

Configuring Preferences for Barracuda WSA Macintosh Client

  • Last updated on

The administrator can access the Barracuda WSA Preferences from the context menu or from the System Preferences interface to change settings for the Barracuda WSA from the client. The tool exposes the same settings that are configured from the administrative web interface* of either:

  • The Barracuda Web Security Service REMOTE FILTERING > Web Security Agent page  OR
  • The Barracuda Web Security Gateway ADVANCED > Remote Filtering page

* If you want to configure client-side SSL inspection on the Barracuda WSA, this must be configured in the Barracuda Web Security Gateway web interface. See Client-side SSL inspection with the Barracuda WSA for version requirements and instructions to configure.

Barracuda WSA Preferences can optionally be password protected in the administrative web interface:

  • On the ADVANCED > Remote Filtering page of the Barracuda Web Security Gateway
  • On the REMOTE FILTERING > Web Security Agent page of the Barracuda Web Security Service

Important: Leaving the password field blank allows the user to modify most of the Barracuda WSA settings.

Barracuda WSA preferences with the Barracuda Web Security Service include the following settings (see Figure 1a):

Note: The Barracuda WSA for Macintosh 5.x and above does not support the Barracuda Web Security Service.
  • Authorization Key that was created in the administrative web interface of the Barracuda Web Security Service.
  • Service Host(s) - The Barracuda Web Security Service current host and drop-down listing all available service hosts.
  • Port - the network port at which to contact the service host. 
  • Bypass - IP addresses/ranges you want the Barracuda WSA to bypass when filtering
  • Proxy Exceptions - The hostname(s) or IP address(es) of these existing proxies on the client's LAN will bypass filtering of traffic. If you have a PAC or WPAD driven proxy setup, ensure that the proxy hosts are listed here. 
  • Allow requests when service is unavailable (Fail Open) - Behavior you want to configure for the client when the service host is unavailable. See Fail Open and Fail Closed Modes with the Barracuda WSA.
  • If connecting to the Barracuda Web Security Service, Fallback host settings (see Fallback Service Hosts and the Barracuda Web Security Service).

Also see Using the Barracuda WSA with the Barracuda Web Security Service.

Figure 1a. WSA Preferences window showing the current Service Host with Barracuda Web Security Service.

ServiceHostAuthKey.png

Barracuda WSA preferences with the Barracuda Web Security Gateway include the following settings (see Figure 1b):

  • Gateway Address and Port - The external IP address and port to reach the Barracuda Web Security Gateway. See the External Hostname/IP and Destination Port fields on the ADVANCED > Remote Filtering page in the Barracuda Web Security Gateway web interface. The Barracuda WSA directs user web traffic to this IP address. Note: It is recommended that you enter the hostname of your Barracuda Web Security Gateway in case the IP address of the appliance changes. See also How to Configure the Barracuda WSA With the Barracuda Web Security Gateway.
  • Port - the network port at which to contact the Barracuda Web Security Gateway.
  • Certificate hash - With version 2.0 or higher of the Barracuda WSA for Macintosh . This value enables the Barracuda WSA to validate the identity of the Barracuda Web Security Gateway and encrypt all administrative traffic. For more information, see Authentication with the Barracuda Web Security Gateway and the Barracuda WSA.
  • Bypass - IP addresses/ranges you want the Barracuda WSA to bypass when filtering.
  • Proxy Exceptions - The hostname(s) or IP address(es) of these existing proxies on the client's LAN will bypass filtering of traffic. If you have a PAC or WPAD driven proxy setup, ensure that the proxy hosts are listed here.  
  • Allow requests when service is unavailable (Fail Open) - Behavior you want to configure for the client when the service host is unavailable. See Fail Open and Fail Closed Modes with the Barracuda WSA.
     

Also see Using the Barracuda WSA With the Barracuda Web Security Gateway.

Figure 1b. Barracuda WSA Preferences window showing the current service host with the Barracuda Web Security Gateway.

iWSA PrefsNoHash.png

Synchronizing Settings With the Service Host

The settings shown are those based on the last sync event between the Barracuda WSA and the service host - either the Barracuda Web Security Gateway or the Barracuda Web Security Service. A sync event is triggered by any of the following:

  • Restarting or waking the Macintosh from sleep
  • Logging in to another user account on the Macintosh
  • Changing network connections or WiFi access points
  • Clicking Synchronize Settings button in the Barracuda WSA Preferences as shown in Figures 1a and 1b. Note that you must be logged into the Macintosh as administrator to perform this action or to check for updates using this tool.

The sync event also updates the client with the following:

  • Browse policies configured in the Barracuda Web Security Service or the Barracuda Web Security Gateway.
  • Certificate hash (see above).

When using with the Barracuda Web Security Service, from the Service Host drop-down, you can view a list of the available service hosts.

When using the Barracuda Web Security Service, with version 4.3.0 or higher, you can select another host from the Select Service Host drop-down as shown in Figure 2. You can configure the Barracuda WSA to poll available service hosts and rank them by response times using the settings on the Security Service tab. Check Automatically switch to a faster service host, if available to have the Barracuda WSA do this check periodically and switch to the host with the fastest response time. See Fallback Service Hosts and the Barracuda Web Security Service for details about using this feature.
Figure 2. Selecting a different service host using the Fallback feature.


SelectServiceHost.png

Barracuda WSA Preferences

When you select WSA Preferences from the context menu, you see the window shown in Figure 1a or 1b. Click the Security Gateway tab if you are using the Barracuda Web Security Gateway, or the Security Service tab to view the current Host, Port and Bypass settings. Click the Applications tab to see and change filtering settings that are configured on the Barracuda Web Security Service REMOTE FILTERING > Web Security Agent page or on the Barracuda Web Security Gateway ADVANCED > Remote Filtering page, as shown in Figure 3.

Figure 3. Barracuda WSA Applications tab.

MacApplicationsWindow.png

To create exceptions to filtering policies, click the Exceptions button.

Figure 4. Setting exceptions to filtering policies.

AllowApps.png

To configure settings for allowing updates, click on the Options tab, and note the following:

Log:

The Log setting, by default, is set to Nothing. The available options are self-descriptive:

  • Nothing 
  • Network Errors Only
  • Network Errors, Policy Decisions
  • Additional Diagnostics
  • Everything

Allow user to Check for Updates: 

  • This setting is only available with the Barracuda Web Security Gateway, not with the Barracuda Web Security Service. If Allow User to Check for Update is set to Yes on the Web Security Agent tab of the Barracuda Web Security Gateway ADVANCED > Remote Filtering page, then the administrator will see this option in the preferences and can manually check for updates on the Barracuda WSA client as shown in Figure 5.

Auto-update:

  • With the Barracuda Web Security Gateway: If Auto-update is set to Yes on the Web Security Agent tab of the ADVANCED > Remote Filtering page. If enabled, the Barracuda WSA checks daily for updates and automatically installs them in the background without user interaction.
  • With the Barracuda Web Security Service: If Allow Auto-update is set to Yes in the Profile configured on the Web Security Agent page of the REMOTE FILTERING tab, the Barracuda WSA checks daily for updates and automatically installs them in the background without user interaction.

    If the Barracuda WSA is installed on the client in Silent Mode, no dialog will be displayed during an update; however, the log file shows that the Barracuda WSA checked for updates and whether an attempt was made to install an update. Recommended setting is to enable on either the Barracuda Web Security Gateway or the Barracuda Web Security Service to ensure that the Barracuda WSA client is updated as soon as updates are available.

Check for Updates Automatically:

  • This setting only applies with the Barracuda WSA and is configured on the local Mac. Check this option in the Barracuda WSA preferences (on the Options tab as shown in Figure 5) if you want the Barracuda WSA check for updates automatically each day on a 24 hour interval. This option does not automatically install updates.
  • If either Auto-update or Check for Updates Automatically are enabled, then the Barracuda WSA checks for updates daily.
  • If Auto-update is enabled on the Barracuda Web Security Gateway or the Barracuda Web Security Service, and an update is available, it will be installed in the background without user interaction.
  • If Auto-update is NOT enabled and Check for Updates Automatically in the Barracuda WSA preferences is enabled (see Figure 5), then an "update available" dialog is displayed and the user can enter a password to install the update.

Policy Lookup Only:

When checked, the Barracuda WSA deployed on the Macintosh looks up policies configured on the Barracuda Web Security Gateway for that user/client, applies the policies, then routes allowed web traffic from the Macintosh via the usual path to the Internet. Traffic is not routed through the Barracuda Web Security Gateway. For more information on this feature, see Policy Lookup Only Mode With the Barracuda Web Security Agent.

Figure 5. Options tab.

OptionsTab.png

 

Last updated on