Proxying HTTP and HTTPS Traffic
If you are running version 16.0 or higher of the Barracuda Web Security Gateway, you can enable sending both outbound HTTP and HTTPS traffic to a peer proxy either inside the network or in the cloud. If you are running an earlier version, you can only proxy HTTP traffic, not HTTPS. Configure on the ADVANCED > Proxy page in the Barracuda Web Security Gateway web interface.
In this deployment, the Barracuda Web Security Gateway is deployed inline or as a proxy and is configured to forward all port 80 (and, with version 16.0 and higher, HTTPS (443)) traffic to a pre-existing proxy server. The proxy server can be anywhere on or off the network, and it sends filtered traffic from the Barracuda Web Security Gateway to the Internet. The Barracuda Web Security Gateway just needs to be configured with the IP address and port of the proxy server as described below. Note that with versions 15.x and lower, HTTPS(443) traffic will go straight out to the Internet after being filtered, even with SSL Inspection configured.
For this deployment, configure the following on the ADVANCED > Proxy page of the Barracuda Web Security Gateway web interface:
- Peer Proxy IP: Enter the IP address of a pre-existing proxy server which will forward traffic from the Barracuda Web Security Gateway to the Internet.
- Peer Proxy Port: If you have a pre-existing proxy server, enter the port number used for HTTP requests.
Using SSL Inspection
If you have this feature enabled on the Barracuda Web Security Gateway, to protect sensitive data, it is recommended to only use SSL Inspection if the peer proxy server is deployed inside the firewall. To use SSL Inspection, see How to Configure SSL Inspection.
Authentication is supported with a peer proxy if the Barracuda Web Security Gateway is deployed in a proxy configuration. See Forward Proxy Deployment of the Barracuda Web Security Gateway.