We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Inline Pass-through With Pre-existing Proxy Deployment

  • Last updated on

Instead, Barracuda Networks recommends that you remove your pre-existing proxy server and deploy the Barracuda Web Security Gateway inline as described in Inline Pass-Through (Transparent) Mode Deployment.

The Barracuda Web Security Gateway can be placed on the client or the server side of the existing proxy server. If the existing proxy server is performing user authentication, then the Barracuda Web Security Gateway must be placed on the server side of the proxy. In this deployment, the Barracuda Web Security Gateway detects all network traffic. The proxy server connects directly to the Barracuda Web Security Gateway LAN port. This connection may require a crossover cable. No special port or IP address is required.

The Barracuda Web Security Gateway scans for all inbound and outbound HTTP traffic from the proxy server. All outbound traffic on other ports is scanned for normal spyware communication. However, since the proxy server will most likely hide user identity, the Barracuda Web Security Gateway cannot apply any user, group or IP based policies. Figure 1 below illustrates this deployment type.

Alternatively, the Barracuda Web Security Gateway can be placed inline on the client side of the existing proxy server. The LAN Switch can be connected to the LAN port of the Barracuda Web Security Gateway and the WAN port of the Barracuda Web Security Gateway can be connected to the Proxy Server. This will ensure that the Barracuda Web Security Gateway can identify users before the requests are proxied. In this configuration, you may have to ensure that the Barracuda Web Security Gateway passes client IP addresses through to the proxy server or that the proxy server can handle requests coming from the Barracuda Web Security Gateway’s IP address. However, this configuration may not work when the proxy server is performing strong user authentication.

The placement of your pre-existing proxy server and its functionality will have an impact on the Barracuda Web Security Gateway deployment. Some configurations may require technical assistance from Barracuda Networks Technical support. Please see Contacting Barracuda Networks Technical Support. To connect your Barracuda Web Security Gateway with this deployment mode, see Connecting Inline to your Network with a Pre-existing Proxy Server.

Figure 1: Inline Passthrough with Pre-existing Proxy Server Deployment.

front_connection2_BWSG.png

 

Last updated on