generated hostname and create an explicit entry for it on your DNS server, or create a wildcard entry so that all lookups resolve to the same IP
address as the Barracuda SSL VPN.
As with the Path-Based Reverse Proxy, accessing links to a location that was not specified in the
configuration fails unless you configure the destination hostname as an allowed host (with the
Allowed Host
option).
Tunneled Proxy
A tunneled proxy uses the Barracuda SSL VPN Agent on the client to open up a SSL tunnel to the Barracuda SSL VPN. The clients browser
connects to a localhost address (e.g.,
. A direct connection to the resource located behind the SSL VPN is then
)
http://localhost:45678
established through the SSL tunnel. This type of Custom Web Forward does not modify the data stream, but will only work as long as all links stay
on the same destination host. If the destination site uses multiple domains, or sub-domains, a host file or a proxy auto-configuration file (PAC)
with routing information can tell the client which additional target sites have to be routed through the SSL tunnel. If needed, the PAC file is
downloaded to the remote system when the session is initiated.
The tunnel proxy the following basic configurations, based on your web resource:
None - (R
C
ecommended at first use) reates a simple SSL tunnel. The browser connects to a local address (e.g.,
http://127.0.0.1:
). The SSL VPN Agent forwards all traffic from the localhost address through the SSL tunnel, where the connection with the
45678
configured destination host is made. Use the None proxy type for simple, static websites, that are not virtually hosted and do not check
the headers for the hostname.
Host File Redirect - Adds temporary entries to the remote system’s host file to enable direct routing to
the destination site. Upon launch of a Web Forward of this type, the Barracuda SSL VPN automatically
uploads the additional configuration information to the remote system. Because of this, the user must
have write permissions to the system’s
file. This proxy type is typically used with Microsoft
hosts
Silverlight applications, because they do not operate in a reverse proxy environment. The Host File
Redirect proxy type only works with Windows applications and does not support single sign-on.
Proxy - For
complex environments, you can use the Proxy type to create a SSL Tunnel to a proxy server
located in the destination network. This proxy type injects a proxy auto configuration (PAC) file into the
browser with instructions about how to connect to different sites. These instructions redirect the target
web requests through the tunnel. Use the Proxy proxy type when:
Laptop users do not need to disable their proxy settings when they are outside their corporate network.
Internal applications are hosted across WAN links. For example, if your users are in Austria but the Citrix server is hosted in the
United States. You can use a PAC file to direct specific URLs to proxy servers that handles Citrix traffic exclusively. The rest of
the traffic goes through your default Internet proxy in Austria.
Replacement Proxy
A replacement proxy is generally used if all the other Custom Web Forward types cannot be used. This proxy type attempts to find all links in the
website code and replace them with links pointing back to the Barracuda SSL VPN.
The content of the web page is modified as it
You must create configure your DNS server to resolve all generated subdomains to the IP address of the Barracuda SSL VPN.
With Tunneled proxy, all the links must be relative on the host that you have defined. For example: /folder/file.html instead of http://serv
er/folder/file.html