Solved

barracuda 'proxy' fail - reroute?

Posted on 2009-05-19
3
737 Views
Last Modified: 2012-05-07
A barracuda web filter crashed over the weekend during it's automatic update and prevented access to the Internet for everyone.

For the users, I have a active directory group policy enabling proxy settings for it's address 'BARRACUDA' and port '3128' (user configuration > windows settings > internet explorer maintenance > connection > proxysettings) Simply reversing the policy was sufficient to allow access for users again.

To prevent such issues in the future:  What, if any, intermediate device can I point to that will allow browsers to bypass the barracuda filter if it goes down again?

Or, is their some setting on the barracuda device that will route traffic through regardless if it's hung up? (I ask this since I have no access to configure the device myself)
0
Comment
Question by:Marketing_Insists
  • 3
3 Comments
 
LVL 6

Accepted Solution

by:
KevinCovert earned 500 total points
ID: 24456977
If your environment requires web filtering redundancy I would implement a second filter and set them up as active/active or active/passive.

My environment is a little simpler for web filtering as it it part of my firewall, and they are configured as active/passive which allows one of the devices to fail and no loss (maybe a ping packet) of connectivity to the hosts.

Also if you want to get more sophisticated with it you could NAT your barracuda device.

I am not great at this, but the following should work, please know that I recommend the active/passive solution.  The solution below is simply for budget restrained solution.

It would require a separate subnet/vlan but you could do it like this

LAN                            DMZ            
192.168.1.x               172.60.1.x

primary config

source                     translated source             dest                      translated dest

172.60.1.5              172.60.1.10                      192.168.1.0/24       orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.5



failed device config

source              translated source             dest                      translated dest

172.60.1.6       172.60.1.10                       192.168.1.0/24    orig
192.168.1.0/24       orig                                   172.60.1.10             172.60.1.6

Hope that helps
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456979
with the config that I gave above your proxy server address you would configure for your hosts would be 172.60.1.10.

Also, if you do use the NAT route, be sure not to use the 172.60.1.10 address on an actual device.

Hope this helps.

KMC
0
 
LVL 6

Expert Comment

by:KevinCovert
ID: 24456998
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now