We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

How do I transparently proxy traffic to my Barracuda Web Security Gateway from my Barracuda NG F-Series Firewall?

  • Type: Knowledgebase
  • Date changed: 2 years ago
Solution #00007808

Scope: Web Security Gateway

Answer:

If you want to transparently send users to your Web Security Gateway without having them configure a forward proxy on their browser (or use the Web Security Agent), then you can use the HTTP proxy service on the NG firewall as well as an app-redirect rule to accomplish this. Please follow these steps:

  • Go to the "Server Properties" for the HTTP proxy. Make sure the service is listening on IP 127.0.0.9
  • Configure the HTTP proxy service on the NG Firewall to use 'Transparent Proxy' mode on the "Basic" page of the configuration.
  • Navigate to the "IP Configuration" section of the HTTP Proxy. You will see a section called "Neighbor Settings". Click the 'LOCK' button on the top right of the NG Firewall and then click the green '+' to add a neighbor. You will need to configure the following settings for the neighbor:

-Connection Type: Explicit
-IP/Hostname: IP address of your Barracuda Web Security Gateway
-Neighbor Type: Parent
-Exclusive Parent: No
-Proxy Port: default is 3128, change this if you are using a different proxy port on the Web Security Gateway
-ICP Port: 0 (not used)
-Cache Priority: 1 (can be adjusted if you have multiple Web Security Gateways)
-Authentication: None

  • After adding the neighbor settings, make sure you send changes and activate
  • Go to the Forwarding Rules page on the NGFW service. From here, you will create an app-redirect rule to direct traffic to your proxy service. Make sure you 'LOCK' the page and then click the green '+' button to add a new rule. Please configure the following settings:

-Name: <whatever name you prefer>
-Action: App-Redirect
-Source: Your client network (ex: 10.10.0.0/24)
-Service: HTTP+S
-Destination: Any (or 'Internet')
-Redirection: HTTP proxy IP and listening port (ex: 127.0.0.9:3128 by default)

  • When done, click 'ok' and then make sure you send changes and activate. Also, make sure you position the rule in the correct spot on the list so that your traffic hits this rule.

Any traffic that hits this app-redirect rule will be sent to the HTTP proxy service, and the neighbor settings configured previously will forward that traffic to the Web Security Gateway as proxy traffic.




Link to This Page: