Web Security Gateway

Web Security Gateway

Making Web Browsing Safe

Barracuda's Web Security Gateway lets your organization benefit from online applications and tools without being exposed to web-borne malware and viruses, lost user productivity, and misused bandwidth.
Deployment options: Appliance, Virtual.

Web Security Gateway

Try It Free!

  • Risk-Free Evaluation
  • 30 Days to Try It Out
Get Evaluation Now
Request a Quote

How Are You Monitoring the Web Surfing Habits of Your Staff?

Increasingly, it is becoming more important for organizations to have the ability to filter web content so that they can respect their employee's personal interests while decreasing the following risks to their organization:

  • Legal Liabilities - how will you know if an employee engages in an illegal or inappropriate activity? How are you monitoring which websites your employees visit?
  • Bandwidth Consumption - how often has your network connection come to a grinding halt because the person in the office next to yours is downloading music or listening to streaming audio such as an Internet radio station? How are you able to define which websites your employees can or cannot visit?
  • Productivity - do you find that your employees are often distracted by being able to surf the Internet and if so how is your organization able to establish and enforce your Internet usage policy?

Powerful, Enterprise-Class, Web Content Filter Solution

  • Blocks access to websites based on domain, URL pattern, or content filter category
  • Blocks downloads based on file types
  • Blocks application access to the Internet, including IM, music services, software update utilities, etc.
  • Integrates with "Safe Search" filters built into popular image search engines
  • Provides an integrated gateway and desktop spyware protection

Web Security Gateway Information

  • Key Features

    Designed for the enterprise, the Barracuda Web Security Gateway enables organizations to set up custom policies for particular users and groups across customizable time ranges. The Barracuda Web Security Gateway integrates with popular LDAP directory servers, such as Microsoft Active Directory, for both authentication and group membership information on which to apply custom policies.

    "Soft" Blocking

    With "soft" blocking capabilities, administrators have the power to monitor and warn users who are not complying with their organization's Internet usage policies. In addition, Barracuda Web Security Gateway version 3.1 includes more comprehensive reporting functions.

    WCCP

    Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. It has built-in load balancing, scaling, fault tolerance, and service-assurance (failsafe) mechanisms.

    No Software and No Modifications Required

    With no software to install and no modifications required to your network, the Barracuda Web Security Gateway is easy to install. It has an intuitive user interface for maintenance and monitoring, making it a virtually maintenance-free solution. Even system updates are made automatically by Barracuda Central, an advanced technology center where engineers work continuously to provide the most effective methods to combat the ever changing spyware variants.

    Updates are performed hourly so that your Web Filter can block the ever changing virus and spyware variants.

    Barracuda Web Security Gateway Architecture

    3 Modes of Deployment

    1. Inline - Simple and complete - transparent proxy - no config required on the client. Can block Malware protocols.
    2. Forward Proxy - HTTP filtering only - but out of the Data Path. Need to tell the clients to use the Barracuda as proxy.
    3. NEW! WCCP - Requires a Router or Switch that supports WCCP but can proxy to multiple BWF. Load balancing and failover and scalability. Similar to Forward Proxy but the config is on the Swich and not the client.

    CIPA Compliance

    The Barracuda Web Security Gateway, previously known as the Barracuda Spyware Firewall, has been deployed by many schools and libraries as part of their overall policies to comply with CIPA, the Children's Internet Protection Act.

    CIPA Requirements

    1. Schools and libraries subject to CIPA may not receive the discounts offered by the E-Rate program unless they certify that they have an Internet safety policy and technology protection measures in place. An Internet safety policy must include technology protection measures to block or filter Internet access to pictures that:
      • (a) are obscene
      • (b) are child pornography, or
      • (c) are harmful to minors, for computers that are accessed by minors.
    2. Schools subject to CIPA are required to adopt and enforce a policy to monitor online activities of minors; and
    3. Schools and libraries subject to CIPA are required to adopt and implement a policy addressing:
      • (a) access by minors to inappropriate matter on the Internet
      • (b) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications
      • (c) unauthorized access, including so-called “hacking,” and other unlawful activities by minors online
      • (d) unauthorized disclosure, use, and dissemination of personal information regarding minors
      • (e) restricting minors’ access to materials harmful to them.

    Schools and libraries are required to certify that they have their safety policies and technology in place before receiving E-rate funding.

    Source: FCC - "Children’s Internet Protection Act" - http://www.fcc.gov/cgb/consumerfacts/cipa.html

    Barracuda Enables CIPA Compliance

    The Barracuda Web Security Gateway is ideally suited to help public schools and libraries enforce CIPA policies in an easy and cost effective manner. Used in combination with the Barracuda Email Security Gateway, to manage email use, and the Barracuda IM Firewall, for managing instant messaging traffic, the Barracuda Family of products can enable CIPA compliance for nearly all facets of a network.

    CIPA Requirement* Barracuda Networks Technology
    1(a)(b)(c), 3(a)(c)(e) Content filtering database of millions of URLs broken into 58 categories for targeted content filter policies.
    1(a)(b)(c), 3(a)(e) Safe Search features to block the media caches of popular search engines
    2 Identification of where threats are coming from, both externally and internally
    1(a)(b)(c), 3(a)(c)(e) URL block and allow lists
    1(c), 2, 3(a)(c)(e) File type blocking
    3(c)(d) Prevention of keystroke logging and personal information theft
    1(a)(b)(c), 3(a)(d)(e) Monitoring of Web traffic for virus and spyware downloads
    1(a)(b)(c), 3(a)(d)(e) Inspection of network traffic for spyware infection activity
    3(b) Instant Message blocking
    3(c)(e) Client Lockdown features to prevent system hacking and hijacking
    3(c)(e) Examination of inbound and outbound spyware and Web surfing activity
    3(c)(e) Prevention of new spyware infections
    3(c)(e) Clean up of detected infections from Windows desktop computers through the Barracuda Spyware Removal Tool
    1(a)(b)(c), 3(a)(e) Application Blocking when they may be dangerous to minors
    3(c)(e) Blocking hacked, hijacked, or otherwise compromised systems
    *corresponds to the numbers/sections in the “What CIPA Requires” section of this document
  • Web Security Gateway Model Specifications

    There are 6 models of the Barracuda Web Security Gateway currently available. The entry level model handles 5 Mb/sec of throughput. The largest model to date handles over 200 Mb/sec throughput with 200 GB of Web Caching.

    Barracuda Web Security Gateway Datasheet

    If you would like to speak to someone about which model is right for your organization, please do not hesitate to contact us.

    Specification Model
    210
    Model
    310
    Model
    410
    Model
    610
    Model
    810
    Model
    910
    Throughput (Mb/Sec) 5 10 20 50 200 300
    Web Cache - 10GB 50GB 100GB 200GB 300GB
    Concurrent Users 25-100 50-200 150-500 450-1500 1,000-3,000 2,500-4,500
    Active TCP Connections 50-400 400-800 800-
    2,000
    2,000-
    6,000
    6,000-
    10,000
    10,000-
    15,000
    Hardware 210 310 410 610 810 910
    Rackmount Chassis 1U Mini 1U Mini 1U Mini 1U Fullsize 2U Fullsize 2U Fullsize
    Dimensions (inches) 16.7
    x 1.7
    x 14
    16.7
    x 1.7
    x 14
    16.7
    x 1.7
    x 14
    16.8
    x 1.7
    x 22.5
    16.8
    x 3.5
    x 25.5
    16.8
    x 3.5
    x 25.5
    Dimensions (cm) 42.4
    x 4.3
    x 35.6
    42.4
    x 4.3
    x 35.6
    42.4
    x 4.3
    x 35.6
    42.7
    x 4.3
    x 57.4
    44.2
    x 8.9
    x 64.8
    44.2
    x 8.9
    x 64.8
    Weight (lbs) 12 12 12 26 46 52
    Weight (kg) 5.4 5.4 5.4 11.8 20.9 23.6
    Ethernet 1x 10/100 1x 10/100 1x 10/100 2x Gigabit 2x Gigabit 2x Gigabit
    Ethernet Passthrough** 1x 10/100 1x 10/100 1x 10/100 1x Gigabit 1x Gigabit 1x Gigabit
    AC Input Current (A) 1.0 1.2 1.4 1.8 4.1 5.4
    Redundant Disk Array (RAID)       Hot Swap Hot Swap Hot Swap
    Redundant Power Supply         Hot Swap Hot Swap
    ECC Memory       yes yes yes
    Features 210 310 410 610 810 910
    Hardened and Secure OS yes yes yes yes yes yes
    Content Filter yes yes yes yes yes yes
    Application Control yes yes yes yes yes yes
    Advanced Policy Creation yes yes yes yes yes yes
    Network Threat Protection yes yes yes yes yes yes
    Spyware Removal yes yes yes yes yes yes
    Additional Summary Reports yes yes yes yes yes yes
    Syslog   yes yes yes yes yes
    Ethernet Bypass Hardware   yes yes yes yes yes
    SNMP / API     yes yes yes yes
    Linked Management     yes yes yes yes
    WCCP     yes yes yes yes
    Note: The capacity depends on environment and selected options.
    **Each ethernet passthrough has two ethernet jacks.
  • Virtual Appliances

      310 Vx 410 Vx 610 Vx
    Estimated Concurrent Users 100-400 300-800 m3.xlarge
    CPU Cores Allowed 2 4 6
    Throughput 10-50 Mbps 30-80 Mbps 70-150 Mbpz
    Features      
    Hardened and Secure OS yes yes yes
    Content Filtering yes yes yes
    Advanced Policy Creation yes yes yes
    Network Threat Protection yes yes yes
    Reports yes yes yes
    Syslog Support yes yes yes
    Remote Filtering Agent yes yes yes
    SNMP/API yes yes yes
    Linked Management yes yes yes
    Advanced Threat Detection optional optinal optional
  • Web Security Gateway Documentation

    DataSheets

    Guides

    White Papers

  • Will the Barracuda Web Security Gateway support users who are not on the network?

    Yes. The Barracuda Web Security Agent is downloadable client software for off-network Mac and Windows computers, and it comes with the Barracuda Web Security Gateway 410 and higher models.

    This agent provides the same policy enforcement (and malware protection) as is configured on your organization's Barracuda Web Security Gateway appliance.

    Your administrators can have the agent either route traffic through a central Barracuda Web Security Gateway or route traffic through a local gateway in order to lookup policies, and to enforce rules locally.

    Can the Barracuda Web Security Gateway block different sites for different users?

    Yes. The Barracuda Web Security Gateway lets your organization's administrators customize policies for specific IP address ranges, groups and users in your organization. They can establish time ranges for those policies.

    Custom policy examples:

    • In order to stop your users from job-hunting while at work, you create a policy that gives only the human resources group access to job-board sites.
    • You can define separate access policies for students and teachers
    • You can grant unrestricted web access to compliance officers for their investigations.
    • The Barracuda Web Security Gateway integrates with LDAP directory servers for group membership and user information, and also integrates with Windows domain controllers for easy user authentication.

    What kinds of directory servers are supported?

    Barracuda Web Security Gateways support Active Directory, Domino Directory, eDirectory and Open LDAP, as well as any LDAP compatible directory server

    How are our users authenticated?

    The Barracuda Web Security Gateway supports three types of authentication:

    • For Windows domains, you have Barracuda DC Agent software to install on Windows Domain Controllers. It's software that monitors Windows login events and maps Windows user names and IP addresses to the Barracuda Web Security Gateway to transparently apply your user policies.
    • If a user tries to access a blocked resource, the Barracuda Web Security Gateway displays a page that requests a username and password. Using that method doesn't require the Barracuda DC Agent or configuring users' browsers.
    • If you've configured it in forward proxy mode, then the Barracuda Web Security Gateway can use standard proxy authentication, where browsers send the authentication credentials in the HTTP headers. That type of authentication can require a one-time configuration of users' web browsers. Proxy authentication isn't compatible with the Barracuda Web Security Gateway when it's running in transparent mode.

    How should we deploy the Barracuda Web Security Gateway if we have a proxy server in our network?

    The Barracuda Web Security Gateway is able to work with your proxy server. It works as a cascading proxy server, or can work in transparent mode. Typically we recommend replacing a proxy server with the Barracuda Web Security Gateway.

    Does the Barracuda Web Security Gateway operate in VLAN environments?

    Yes. The Barracuda Web Security Gateway is completely compatible with VLAN environments.

Choosing Your Web Security Gateway is Easy

Our team of technical sales professionals are able to help you source the right Web Security Gateway for your organization, whether it's physical, virtual or in the cloud. The basic process is:

01

Select the unit that suits your organization's needs.

02

Pre-sales training & advice from our experts.

03

Physical units are delivered as soon as possible.

04

Installation advice & post-install training available.

Web Security Gateway

Web Security Gateway Evaluation

Request a no-risk, free evaluation

 

Unsure of which solution is right for your organization? Pehaps you don't have a dedicated IT staff? Our technical sales specialists are very experienced at helping professionals of all experience levels get the solution they need.

Get Help Now