We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Agent

Configuration Options for the Barracuda Web Security Agent

  • Last updated on

The following options can be used when installing the Barracuda WSA from the command line or with a GPO. See also:

OptionDescription

ADS (Allow Disable Service)

1 – Users are allowed to disable the Barracuda WSA.

0 – Users are NOT allowed to disable the Barracuda WSA.

ALLOW_REMOVE1 – Users are allowed to remove the Barracuda WSA.

– Users are NOT allowed to remove the Barracuda WSA.

ALLOW_UPDATE

1 (Default) – Allow users to manually update through the Barracuda WSA Monitor and Configuration Tool.

0 – Do not allow users to manually update. Note: This setting has no effect on automatic updates.

APPLICATIONSType a pipe-delimited list of applications to be filtered on all ports. Example:

APPLICATIONS= iexplore.exe|firefox.exe

BLOCKS

A pipe-delimited list of applications to block. Example:

BLOCKS=block1.exe | block2.exe

BYPASS

A semicolon delimited list of network addresses that you want to bypass the Barracuda Web Security Service, such as trusted internal networks. Guidelines:

Use a * in any octet (except the first) to indicate “any”.

Bypass entries that begin with a dot (.) include any URL that matches the dot and subsequent string(s). For example, if you use *.example.com as a bypass entry, any URL that ends with .example.com will bypass the proxy.

URL names that begin with a string (and not a dot) must match the string exactly.

CERT_HASH

Available with version 5.0 and above

This value enables the Barracuda WSA to validate the identity of the Barracuda Web Security Gateway and encrypt all administrative traffic. Configure at install time or from the ADVANCED > Remote Filtering page. See Authentication with the Barracuda Web Security Gateway and the Barracuda WSA for details.

CLIENT_SSL

Available with version 5.0 and above

1 – Client-side SSL Inspection is ENABLED.

0 – Client-side SSL Inspection is DISABLED (default).

Enabling client-side SSL Inspection on the client computer offloads resource-intensive processing from the Barracuda Web Security Gateway. See Client-side SSL inspection with the Barracuda WSA for details.

DEBUG

These specific settings available with version 5.0 and above

0 – Disable logging

1 – Log network errors (default)

2 – Log network errors, policy decisions

3 – Log additional diagnostics

4 – Log everything

DEFAULT_BEHAVIOR

1 – All application traffic is forwarded to ports 80 and 443 by default.

2 – No application traffic is forwarded by default and you specify only the applications to filter.

3 – All applications are blocked by default and only applications you specify for filtering are forwarded.

DISABLE_AUTOMATIC_UPDATES1 – Updates are DISABLED.

0 – Updates are ENABLED.

EXCEPTIONS

A pipe-delimited list of specific applications from which you don’t want to capture any traffic.

FAIL_OPEN

Available with version 5.0 and above

1 – Fail Open feature is ENABLED.

0 – Fail Open feature is DISABLED (default).

See Fail Open and Fail Closed Modes with the Barracuda WSA for more information about this setting.

LANG

Specifies the language that the Barracuda WSA uses on English operating systems.

German: de-DE

Japanese: ja-JP

Dutch: nl-NL

Chinese: zh-CN

Chinese Traditional: zh-TW

Portuguese: pt-BR

Spanish: es-ES

PASSWORDThe password that users must know to stop or configure the Barracuda WSA. Barracuda strongly recommends using a password. Leaving the password field blank allows the user to modify most of the Barracuda WSA settings.
PLO

Available with version 5.0 and above

1 – Policy Lookup feature is ENABLED.

0 – Policy Lookup feature is DISABLED (default).

Enabling this feature means that the Barracuda WSA client on the remote user's machine looks up policies configured on the Barracuda Web Security Gateway for that user/client, applies the policies, then routes allowed web traffic from the user's machine via its usual path to the Internet. See Policy Lookup Only Mode With the Barracuda Web Security Agent for more information.
PROXY_EXCEPTIONS

A semicolon delimited list of network addresses to specify proxy exceptions for internal proxies that should be reachable by Barracuda WSA clients for internal proxying and filtering. Guidelines:

Use a * in any octet (except the first) to indicate “any”. Entries that begin with a dot (.) include any URL that matches the dot and subsequent string(s). For example, if you use *.example.com as a proxy exception entry, any URL that ends with .example.com will bypass the proxy. URL names that begin with a string (and not a dot) must match the string exactly.

SERVICE_MODE

For the Barracuda Web Security Agent version 4.x and below:

1 – Use for the Barracuda Web Security Service.

2 – Use for the Barracuda Web Security Gateway.

For the Barracuda Web Security Agent 5.0 and above: (The Barracuda Web Security Service is not supported)

1 – Use for the Barracuda Web Security Gateway.

Example: SERVICE_MODE=1

SERVICE_PORT

The port number through which the Barracuda WSA communicates to the Barracuda Web Security Service or the Barracuda Web Security Gateway. This parameter follows SERVICE_URL. Example:

SERVICE _PORT=8080

SERVICE_URL

The URL of the Barracuda Web Security Service or Barracuda Web Security Gateway, followed by SERVICE_PORT and port number. The URL can be a domain name or IP address.

Example: SERVICE_URL=ple1.proxy.purewire.com

SERVICE_PORT=8080

USER_MODE

0 – (Default) Indicates ordinary operation. The Barracuda WSA Monitor appears in the task tray and the Configuration Tool appears in the Program Files menu.

1 – Runs the Barracuda WSA in Silent Mode.

WD

Not available on version 5.x and above

1 – Enables the watchdog feature, preventing the removal of Barracuda WSA through tampering with registry settings or network settings.

0 – (Default) Disables the watchdog feature.

Warning: Test this setting before deploying into your environment, as locking down network settings and the registry can produce unwanted side effects in your system.

WFPTo choose WFP drivers instead of LSP, set the WFP flag to 1. This option only applies for Windows 7. For all other Windows versions, this flag is ignored. See Troubleshooting Third Party Compatibility Issues With LSP for details about this option.


Last updated on