Thursday, 20 August 2009

Barracuda Web Filter... deployment!

My team are out doing things today, so I've been left to hold the fort!
Strangely in a matter of minutes I had two very similar questions, from two different resellers working with different end users.

They looked at the Barracuda Web Filter as it was a very cost effective URL filtering solution. The issue was that did not want to deploy it as an in-line/transparent deployment due to a couple of reasons.

First off, what is an in-line/transparent deployment? This is where the solution will sit between the firewall and main switch, and transparently monitor the traffic, and intercept the internet traffic as necessary.

The other deployment is to use the solution as a forward proxy, where all the internal traffic is routed to the proxy server, and as the name suggests, will go out to the internet on behalf of the computer making the internet request.

The transparent deployment has a number of advantages, such as supporting application blocking, automatic pass-through if there is a system failure (on the 310 or above), the client browsers will not need to be modified and the client's IP address will be passed to the firewall. The downside is that during the initial setup there will be an interuption to the network traffic and some static routes may need to be configured.

With the forward proxy deployment there will be no need to interupt the network traffic, and static routes will not need to be configured. The flip side, is that as the Web Filter will only be able to scan the outbound HTTP traffic, it will not be able to block by applications listed, IP addresses specified or by specified ports. It will not be able to sacan non-HTTP traffic for viruses or spyware, and the cleint browser must be populated with the proxy server IP address.

The first customer I spoke to today had a highly distributed network, with a large number of subnets and VLANs, where as the second customer had complicated double layer router set up, with crossed and looped patching, so unable to find a single cable to intercept.

The two customers had a common comment, which was the Barracuda website did not highlight it was possible to use the Barracuda Web Filter as a forward proxy. As ever, I would recommend the services of a good distributor, before saying no!!!

No comments:

Post a comment