Solved

barracuda 'proxy' fail - reroute?

Posted on 2009-05-19
3
744 Views
Last Modified: 2012-05-07
A barracuda web filter crashed over the weekend during it's automatic update and prevented access to the Internet for everyone.

For the users, I have a active directory group policy enabling proxy settings for it's address 'BARRACUDA' and port '3128' (user configuration > windows settings > internet explorer maintenance > connection > proxysettings) Simply reversing the policy was sufficient to allow access for users again.

To prevent such issues in the future:  What, if any, intermediate device can I point to that will allow browsers to bypass the barracuda filter if it goes down again?

Or, is their some setting on the barracuda device that will route traffic through regardless if it's hung up? (I ask this since I have no access to configure the device myself)
0
Comment
Question by:Marketing_Insists
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 
LVL 6

Accepted Solution

by:
KevinCovert earned 500 total points
ID: 24456977
If your environment requires web filtering redundancy I would implement a second filter and set them up as active/active or active/passive.

My environment is a little simpler for web filtering as it it part of my firewall, and they are configured as active/passive which allows one of the devices to fail and no loss (maybe a ping packet) of connectivity to the hosts.

Also if you want to get more sophisticated with it you could NAT your barracuda device.

I am not great at this, but the following should work, please know that I recommend the active/passive solution.  The solution below is simply for budget restrained solution.

It would require a separate subnet/vlan but you could do it like this

LAN                            DMZ            
192.168.1.x               172.60.1.x

primary config

source                     translated source             dest                      translated dest

172.60.1.5              172.60.1.10                      192.168.1.0/24       orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.5



failed device config

source              translated source             dest                      translated dest

172.60.1.6       172.60.1.10                       192.168.1.0/24    orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.6

Hope that helps
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456979
with the config that I gave above your proxy server address you would configure for your hosts would be 172.60.1.10.

Also, if you do use the NAT route, be sure not to use the 172.60.1.10 address on an actual device.

Hope this helps.

KMC
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456998
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question