We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Agent

Fail Open and Fail Closed Modes with the Barracuda WSA

  • Last updated on

Fail Open

The Barracuda WSA is set to a disabled state. In this state, Fail Open mode allows the user to continue accessing the network, but without being filtered by the Barracuda WSA. As a consequence, policies configured on the host are not applied to the client until connectivity with the service host is established. The Barracuda WSA then schedules another connectivity check in the preconfigured time interval. Upon reconnection with the service host, the user's traffic resumes filtering by the Barracuda Web Security Gateway. While in Fail Open state, the Barracuda WSA icon displays a red exclamation mark. Hovering the mouse over the icon shows the message "Unable to reach Barracuda Web Security Gateway: Failing Open." for the Barracuda Web Security Gateway, and "Unable to reach Barracuda Web Security Service: Failing Open." for the Barracuda Web Security Service.

During connectivity checks, client browsing is temporarily interrupted. With the Barracuda WSA for WIndows, you can change the preconfigured time interval for connectivity checks from every 30 seconds to a longer interval by modifying two subkeys in the Windows registry. See Changing the Connectivity Check Interval below for instructions.

With the Barracuda WSA for Macintosh, you cannot change the pre-configured time interval for connectivity checks, but checks are conducted periodically ranging from 1x per 60 second interval to 1x per 5 minute interval.

Fail Closed

The Barracuda WSA is configured to remain active, but no external network access is possible until connectivity with the service host is re-established. The Barracuda WSA then schedules another connectivity check in the preconfigured time interval. Upon reconnection with the service host, the user's traffic resumes filtering by the Barracuda Web Security Gateway. While in Fail Closed state, the Barracuda WSA icon displays a red exclamation mark. "Unable to reach Barracuda Web Security Gateway: Failing Closed." for the Barracuda Web Security Gateway, and "Unable to reach Barracuda Web Security Service: Failing Closed." for the Barracuda Web Security Service.

Changing the Connectivity Check Interval

With the Barracuda WSA for windows, the administrator can override the default interval for connectivity checks between the client and the service host. This includes:
1) Shorten/lengthen the test request timeout – the time passing until WSA decides WSG is not reachable (this is by default 30 secs).
2) Shorten/lengthen the Retry time interval – the time in between two retries, once WSA is in FailOpen/ FailClosed mode.

To modify either or both of the settings above, there are two subkeys in the registry:

  • Connection_RetryInterval (string value in ms)
  • Connection_TimeOut (string value in ms)

If these keys are absent in the regsitry, the default values are used (30secs / 30 secs).

Last updated on