Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer equipmentSSL VPN
71727374757677787980
77
Technical Overview
The Barracuda SSL VPN provides four ways in which a Web forward can be created, and these are as
follows:
Tunneled: Suitable for static intranets, requires launch of the Barracuda SSL VPN Agent.
Replacement Proxy: Suitable for Web applications which use absolute URLs with minimal
JavaScript.
Host Based Reverse Proxy: Suitable for Web applications which use relative URLs and tend
to be more complex than those for replacement proxy.
Path Based Reverse Proxy: Suitable for Web applications that do not exist at the root path
of a Web server.
Each one is briefly described below.
Tunnelled Web Forwards
A tunneled Web forward uses the Barracuda SSL VPN Agent. If not already installed the Agent is
downloaded to the client machine. The Agent acts as an Agent for the client browser handling all
necessary transaction to provide a secure connection to the target resource. The communication link
between browser and Agent is the only line that is not encrypted.
Unlike reverse and replacement Web forwards the content of the HTTP traffic are not altered at all. No
content is changed from the moment it leaves the client to the response that is received, the Barracuda
SSL VPN acts a dumb proxy providing no functionality. This Web forward performs the same
functionality as a standard SSL tunnel.
The unique feature is that no content is processed. However if the target site has links to other sites and
are selected then those pages will step out of the secure SSL tunnel boundary and will not be securely
accessed.
Replacement Proxy Web Forwards
A replacement Web forward, unlike the tunneled forward, does not rely on the Barracuda SSL VPN
Agent. Despite this the communication link both to and from the intranet resource remain encrypted
due to the browser and the appliance.
The Barracuda SSL VPN retrieves the Web page on behalf of the connecting client. Information
received by the appliance is processed by the replacement engine which is in stark contrast to the
tunneled Web forward. The data is stripped of certain information and new information is added to the
transmission, all links within the page are replaced to point back to the appliance. The transmission is
then encrypted or left unencrypted depending on the target server HTTP/ HTTPS.
The responses are again preprocessed by the replacement engine before being securely sent back to the
client.
This processing means that any additional links attached to the Web resource are handled by the Web
forward. As long as the Web forward remains open all pages are processed and remain secure. So for
example a Web application that opens up various pages or goes off to various other sites will continue
to be processed by the forward.