Applies to all Barracuda Web Filters that are inline and need to filter VPN traffic, all firmware versions.
- If you have a firewall/VPN tunnel device when the Barracuda Web Filter is inline behind the firewall, the VPN traffic will not be filtered unless you perform the steps below.
- Create a rule in your firewall blocking all port 80 traffic outbound.
*Proxy traffic to the Barracuda using one of the following methods: GPO, Proxy PAC, or WPAD. The following link is an example of Proxy Pac. https://techlib.barracuda.com/BWF/ProxyWithPacFile
- Then create a rule allowing all port 80 and port 443 traffic coming from the Barracuda Web Filter specifically to be allowed.
- Turn off the Pass Client IP addresses through WAN port option on the Advanced > Expert page, effectively enabling the Barracuda as the source IP for all outbound packets.
- Lastly, on Basic > IP Configuration set Enable proxy on WAN to Yes if routing through WAN iface of the BYF.
- In the case of a VPN concentrator, you should probably use the IP of the core switch as the default gateway for all the networks aggregated by that VPN concentrator
- Alternatively you may need to use the IP of the concentrator (or firewall) as the default gateway for all the networks aggregated by that VPN concentrator.
There is an option to authenticate remote/mobile users against their LDAP authentication service, or local user accounts so you don’t have unauthenticated traffic on the network.
Go to Users/Groups -> Configuration page and under Enable Basic Authentication option for the drop down menu select local users or LDAP Alias that you have configured and you want your users to be authenticated against.
You need to set browser to push traffic from your mobile users to the ip address of the web filter on port 3128, make sure that you have that port set up on the Advanced -> Proxy page under Proxy port option.
Users should be prompted to enter they credential every time they open the browser.
If you are using Chromebooks outside the network you will use Proxy settings in Google Apps and push the traffic to the web filter.
Link to This Page: