Forum Discussion

Gortguy_105156's avatar
Gortguy_105156
Icon for Nimbostratus rankNimbostratus
Mar 23, 2011

Deployment with Barracuda web filter

I am considering adding a Barracuda Web Filtering appliance to my existing environment. The device can be configured either in-line or as a forwarding proxy. I'd like to run it in-line as some functionality is lost when running in proxy mode, plus I'd rather not have to push a new browser config to all my users.

 

 

Logical deployment would be:

 

(2) ISP's==>BigIP 1600 LTM/Link Controller==>Filtering appliance==>Network. The filtering appliance would be connected to the internal interface of the BigIP, physically separating the BigIP and LAN.

 

 

I'm curious as to whether or not anyone has experience with this type of deployment (irrespective of the type/manufacturer of the content filter) and what, if any, obstacles you encountered.

 

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Yeah. Inlining is generally bad... Now instead of downtime is ONE device fails, you have downtime if one of two devices fails... Or if one of them needs maintenance etc...

     

     

    If you still want to run the traffic 'inline', then I'd policy route the web traffic via the filter (And use a VS on the F5 if it's inbound - Your diagram shows arrows from ISP -> F5 -> Barracuda, but you're mentioning user browsers, so I'm assuming this is really an outbound requirement?)

     

     

    Unless the Baracuda has an optical bypass of course...

     

     

    H