Solved

barracuda 'proxy' fail - reroute?

Posted on 2009-05-19
3
738 Views
Last Modified: 2012-05-07
A barracuda web filter crashed over the weekend during it's automatic update and prevented access to the Internet for everyone.

For the users, I have a active directory group policy enabling proxy settings for it's address 'BARRACUDA' and port '3128' (user configuration > windows settings > internet explorer maintenance > connection > proxysettings) Simply reversing the policy was sufficient to allow access for users again.

To prevent such issues in the future:  What, if any, intermediate device can I point to that will allow browsers to bypass the barracuda filter if it goes down again?

Or, is their some setting on the barracuda device that will route traffic through regardless if it's hung up? (I ask this since I have no access to configure the device myself)
0
Comment
Question by:Marketing_Insists
  • 3
3 Comments
 
LVL 6

Accepted Solution

by:
KevinCovert earned 500 total points
ID: 24456977
If your environment requires web filtering redundancy I would implement a second filter and set them up as active/active or active/passive.

My environment is a little simpler for web filtering as it it part of my firewall, and they are configured as active/passive which allows one of the devices to fail and no loss (maybe a ping packet) of connectivity to the hosts.

Also if you want to get more sophisticated with it you could NAT your barracuda device.

I am not great at this, but the following should work, please know that I recommend the active/passive solution.  The solution below is simply for budget restrained solution.

It would require a separate subnet/vlan but you could do it like this

LAN                            DMZ            
192.168.1.x               172.60.1.x

primary config

source                     translated source             dest                      translated dest

172.60.1.5              172.60.1.10                      192.168.1.0/24       orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.5



failed device config

source              translated source             dest                      translated dest

172.60.1.6       172.60.1.10                       192.168.1.0/24    orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.6

Hope that helps
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456979
with the config that I gave above your proxy server address you would configure for your hosts would be 172.60.1.10.

Also, if you do use the NAT route, be sure not to use the 172.60.1.10 address on an actual device.

Hope this helps.

KMC
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456998
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now