We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Service

What are the various deployment options for Barracuda Web Security Flex?

  • Type: Knowledgebase
  • Date changed: 5 years ago

Solution #00005502



This solution applies to Barracuda Web Security Flex, version 3.1 and later.


Barracuda Web Security Flex is aimed at providing maximum coverage across users and locations with the deployment flexibility to select the right option for each network.

The three deployment options available as part of Barracuda Web Security Flex are:

1. Software-as-a-Service (SaaS) for cloud filtering: 
Barracuda Web Security Flex includes a complete cloud based Web security service providing Malware scanning, content filtering and application control. Web traffic from client computers can be directly routed through the cloud service either through proxy settings or firewall rules. This is the simplest deployment option and provides an quick way to provide cloud based Web security without deploying any additional hardware or software. Administrators can specify global policies through the Web Security Flex Manager.

2. SaaS with Gateway appliances
The Web Security Flex framework supports the (optional) use of on-premise gateway appliances (hardware or virtual) wherever required. Gateway appliances, called Barracuda Web Security Gateways, provide integration with on-network authentication services (LDAP/AD, NTLM, Kerberos, eDirectory) and local caching for bandwidth optimization. Additionally, they can be configured to enforce security and Web usage policies locally (Local Enforcement Mode) or proxy traffic through to the cloud filtering proxy after authentication for Malware scanning, content filtering and application control (Service Enforcement Mode). In either case, gateway configuration, policy management and reporting is done through the cloud based Web Security Flex Manager interface. This means that administrators can apply a centrally manage policies and generate reports for users filtered through gateway appliances or directly through the cloud filtering service. Since they provide transparent user authentication, Gateways enable user or group specific browsing policies using credentials configured in the corporate directory servers.

3. Barracuda Web Security Agent: 
The Barracuda Web Security Agent (WSA) is a lightweight, tamper-proof client that can be installed on remote off-network computers. Once configured, the WSA transparently redirects Web traffic from the remote machine to the Web Security Flex cloud filtering service. The WSA also enables user specific browsing policies by securely transmitting local login credentials to the service. The WSA is a easy and reliable way to provide the same level of Web security to off-network users as provided to on-network users. It is available for both Mac and Windows environments.

Barracuda Web Security Flex provides a unified framework as part of which you can combine multiple deployment methods. Whichever combination of options you choose, management and reporting is completely centralized across all users and locations through the central management interface. This makes it really simple to customize the solution to fit into your exact requirements while providing the freedom to adapt and scale as your needs change.

Additional Notes:
Support for SaaS Cloud Filtering from the firewall may vary by firewall vendor, and support for this feature is subject to change. Please contact your firewall vendor for more information regarding transparent web proxy redirection, as well as assistance configuring SaaS Cloud Filtering redirection to the Barracuda Web Security Flex Service.