Solved

barracuda 'proxy' fail - reroute?

Posted on 2009-05-19
3
741 Views
Last Modified: 2012-05-07
A barracuda web filter crashed over the weekend during it's automatic update and prevented access to the Internet for everyone.

For the users, I have a active directory group policy enabling proxy settings for it's address 'BARRACUDA' and port '3128' (user configuration > windows settings > internet explorer maintenance > connection > proxysettings) Simply reversing the policy was sufficient to allow access for users again.

To prevent such issues in the future:  What, if any, intermediate device can I point to that will allow browsers to bypass the barracuda filter if it goes down again?

Or, is their some setting on the barracuda device that will route traffic through regardless if it's hung up? (I ask this since I have no access to configure the device myself)
0
Comment
Question by:Marketing_Insists
  • 3
3 Comments
 
LVL 6

Accepted Solution

by:
KevinCovert earned 500 total points
ID: 24456977
If your environment requires web filtering redundancy I would implement a second filter and set them up as active/active or active/passive.

My environment is a little simpler for web filtering as it it part of my firewall, and they are configured as active/passive which allows one of the devices to fail and no loss (maybe a ping packet) of connectivity to the hosts.

Also if you want to get more sophisticated with it you could NAT your barracuda device.

I am not great at this, but the following should work, please know that I recommend the active/passive solution.  The solution below is simply for budget restrained solution.

It would require a separate subnet/vlan but you could do it like this

LAN                            DMZ            
192.168.1.x               172.60.1.x

primary config

source                     translated source             dest                      translated dest

172.60.1.5              172.60.1.10                      192.168.1.0/24       orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.5



failed device config

source              translated source             dest                      translated dest

172.60.1.6       172.60.1.10                       192.168.1.0/24    orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.6

Hope that helps
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456979
with the config that I gave above your proxy server address you would configure for your hosts would be 172.60.1.10.

Also, if you do use the NAT route, be sure not to use the 172.60.1.10 address on an actual device.

Hope this helps.

KMC
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456998
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question