Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

barracuda 'proxy' fail - reroute?

Posted on 2009-05-19
3
Medium Priority
?
749 Views
Last Modified: 2012-05-07
A barracuda web filter crashed over the weekend during it's automatic update and prevented access to the Internet for everyone.

For the users, I have a active directory group policy enabling proxy settings for it's address 'BARRACUDA' and port '3128' (user configuration > windows settings > internet explorer maintenance > connection > proxysettings) Simply reversing the policy was sufficient to allow access for users again.

To prevent such issues in the future:  What, if any, intermediate device can I point to that will allow browsers to bypass the barracuda filter if it goes down again?

Or, is their some setting on the barracuda device that will route traffic through regardless if it's hung up? (I ask this since I have no access to configure the device myself)
0
Comment
Question by:Marketing_Insists
  • 3
3 Comments
 
LVL 6

Accepted Solution

by:
KevinCovert earned 2000 total points
ID: 24456977
If your environment requires web filtering redundancy I would implement a second filter and set them up as active/active or active/passive.

My environment is a little simpler for web filtering as it it part of my firewall, and they are configured as active/passive which allows one of the devices to fail and no loss (maybe a ping packet) of connectivity to the hosts.

Also if you want to get more sophisticated with it you could NAT your barracuda device.

I am not great at this, but the following should work, please know that I recommend the active/passive solution.  The solution below is simply for budget restrained solution.

It would require a separate subnet/vlan but you could do it like this

LAN                            DMZ            
192.168.1.x               172.60.1.x

primary config

source                     translated source             dest                      translated dest

172.60.1.5              172.60.1.10                      192.168.1.0/24       orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.5



failed device config

source              translated source             dest                      translated dest

172.60.1.6       172.60.1.10                       192.168.1.0/24    orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.6

Hope that helps
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456979
with the config that I gave above your proxy server address you would configure for your hosts would be 172.60.1.10.

Also, if you do use the NAT route, be sure not to use the 172.60.1.10 address on an actual device.

Hope this helps.

KMC
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456998
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question