SSL Inspection is supported by the Barracuda Web Security Gateway version 7.0 as follows:
- Barracuda Web Security Gateway 610 and 810 in Forward Proxy mode.
- Barracuda Web Security Gateway 910 and 1010 in Forward Proxy or Inline deployments.
The Barracuda Web Security Gateway 410 and above are supported in either inline or forward proxy mode running version 7.1.0 and above. See How to Configure SSL Inspection Version 7.1 if you are running this version. For version 8.x and above, see How to Configure SSL Inspection Version 8.1 to 9.1.
For background information about this feature, see Using SSL Inspection With the Barracuda Web Security Gateway. If you are using Google Chrome browser, after reading this article, see How to Configure SSL Inspection for Google Chrome Browser to prevent certificate errors users might encounter.
Work Flow to Enable and Configure SSL Inspection
- On the ADVANCED > SSL Inspection page, set SSL Inspection Method to one of the following:
Transparent – Available on the Barracuda Web Security Gateway 910 and 1010 as noted above. This inspection method is more resource intensive than the Proxy inspection method. This method works with inline deployments.
Proxy – Available for the Barracuda Web Security Gateway 610 and above. This method works with Forward Proxy deployments only and is less resource intensive than the Transparent inspection method. Configure all client web browsers with the IP address of the Barracuda Web Security Gateway as their forward proxy server. If you are using the Chrome browser, also see How to Configure SSL Inspection for Google Chrome Browser.
Off – Disable SSL Inspection of HTTPS traffic. This means that the Barracuda Web Security Gateway will not decrypt HTTPS traffic at the URL level. You will be able to block/allow HTTPS domains, but you will not be able to archive actions users take on social media sites such as Facebook chat content, logins on Twitter or Yahoo!, etc. as defined on the BLOCK/ACCEPT > Web App Monitor page.
Specify domains and content filter categories where you want to apply SSL inspection. Because enabling SSL Inspection increases the load on system resources, you should only specify the domains and/or content filter categories to inspect that meet the needs of your organization.
Configure one or both of the following settings for applying SSL Inspection:
Domains to Be Inspected – Enter up to 5 domain names that you want to be inspected and filtered at the URL level.
Content Filter Categories – Using the Add and Remove buttons, from the Categories List, you can add or remove content filter categories to/from the list of categories that you want to be inspected. You must use the Proxy inspection method if you want to inspect categories.
Any domains or URL categories that are not specified on the page will not be subject to SSL Inspection.
- Select and install an SSL certificate to use with client browsers. Barracuda recommends using the How to Use the Barracuda Default Certificate for SSL Inspection.
that you can download from the Barracuda Web Security Gateway and install on client browsers. See You can alternatively create and download your own self-signed certificate from the Barracuda Web Security Gateway and install it in client browsers. This method is simple and you can do everything from the ADVANCED > SSL Inspection page, except for installing the certificate in client browsers. See How to Create and Install a Self-Signed Certificate for SSL Inspection.