It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Client-side SSL inspection with the Barracuda WSA

  • Last updated on

Client-side SSL Inspection is supported by the Barracuda Web Security Gateway 410 and higher:

  • For the Macintosh, running Barracuda Web Security Gateway version 11.0 and higher and the Barracuda WSA for Mac version 2.0 and higher.
  • For Windows, running Barracuda Web Security Gateway version 12.0 and higher and the Barracuda WSA for Windows version 5.0 and higher.

Client-side SSL Inspection does not support Web Application Monitoring. If you are using that feature, then do not enable client-side SSL Inspection; rather, configure SSL Inspection on the Barracuda Web Security Gateway, and all web traffic from any Barracuda WSA installations will be SSL inspected.

Enabling client-side SSL Inspection on the client computer offloads resource-intensive processing from the Barracuda Web Security Gateway. This configuration is highly scalable in terms of number of users, consuming fewer resources on the Barracuda Web Security Gateway and improving system performance.

About using client-side SSL Inspection:

  • Client-side SSL Inspection with the Barracuda WSA works with the same features as the Barracuda Web Security Gateway except for Web Application Monitoring (see the BLOCK/ACCEPT > Web App Monitor page), which is not currently supported with this feature. 
  • Client-side SSL inspection requires setting Policy Lookup Mode to Yes on the Barracuda Web Security Gateway. Using client-side SSL Inspection offloads a certain amount of processing from the Barracuda Web Security Gateway. Note that, with Policy Lookup Mode set to Yes, the Barracuda Web Security Gateway does not process the web traffic from remote clients, but provides policy lookups that are applied by the Barracuda WSA. This configuration results in higher performance and more available resources on the Barracuda Web Security Gateway.

How to Configure Client-side SSL Inspection

For the Barracuda Web Security Gateway version 11.x:

  1. Go to the ADVANCED > SSL Inspection page. If you want to be able to specify Domains and Content Filter Categories to inspect, then set the SSL Inspection Method.
  2. Make sure to configure Domains or Content Filter Categories as desired. Click Help on the ADVANCED > SSL Inspection page for details.
  3. On the ADVANCED > Remote Filtering page, set Client SSL Inspection to Yes in the Client Configuration section.
  4. Install and enable the Barracuda WSA on remote client machines for which you want web traffic to be SSL inspected. If the Barracuda WSA is disabled, Client-side SSL Inspection is disabled automatically.

For the Barracuda Web Security Gateway version 12.x:

  1. Go to the ADVANCED > SSL Inspection page. 
  2. Make sure to configure SSL Inspection Options as desired. Click Help on the ADVANCED > SSL Inspection page for details.
  3. On the ADVANCED > Remote Filtering page, set Client SSL Inspection to Yes in the Client Configuration section.
  4. Install and enable the Barracuda WSA on remote client machines for which you want web traffic to be SSL inspected. If the Barracuda WSA is disabled, Client-side SSL Inspection is disabled automatically.

Logging

All events are logged on the Web Log, in all configuration modes, just as with SSL inspection performed on the Barracuda Web Security Gateway.