Jump to content


Photo

Filtering Remote Devices by Proxy - Issue Inline

chromebook proxy inline

This topic has been archived. This means that you cannot reply to this topic.
2 replies to this topic

#1 Chris Wagner

Chris Wagner
  • Members
  • 6 posts

Posted 27 April 2015 - 11:50 AM

Our Web Filter 410 is inline on our local area network.  A wireless client basically connects to wifi > switch > web filter > link balancer/router > internet.

 

I'm working to filter Chromebooks which don't have the luxury of the WSA (web security agent).  They are filtered inline when on location... it's off location I'm trying to accomplish.  I have configured the proxy for remote clients as illustrated here:  https://techlib.barr...tingsChromebook  Great!  This works for remote clients.  (required a simple port forwarding added to router, but simple stuff)

 

The issue I'm having is when a proxied device comes back to our local area network when the proxy setting is added.  This device will not resolve.  I suspect because it's going wifi > switch > web filter > router > internet > back to web filter via proxy > internet.  Something's getting jacked here.

 

Is anyone using Chromebooks and successfully filtered them both on and off site?  Any tips?  I can remove the proxy setting and things work again on site.  However, if I enable the ability to change the proxy setting, it can and will be defeated at home.  And, who wants to change this every day?

 

Barracuda Link Balancer 330 is handling the port forwarding

Barracuda Web Filter 410 is our web filter

 

I'm using the default port 3128 and our static/public IP.  I can see traffic from a home machine going through the web filter as the IP from the ISP shows in the web filter's web log.  So, this is configured according to documentation and functions perfect for remote machines... just not when a device with this configuration comes back on our network.

 

 



#2 John Irwin

John Irwin
  • Barracuda Team Members
  • 55 posts

Posted 28 April 2015 - 10:37 AM

Chris, 

as best to always consult tech support directly.

 

From what it sounds like is that you could possibly, not be resolving your settings properly to the filter internally and outside.

Meaning that, when outside, it can see the path and resolve to connect, when returning internally, it looks for that same information to resolve and fails finding where to resolve, so it will not work until disabled.

Check DNS also to be sure it can resolve.

If this didn't help please contact support.



#3 Ben Bartle

Ben Bartle
  • Moderators
  • 136 posts

Posted 05 May 2015 - 10:51 AM

Google supports SSL inspection for Chromebooks only via proxy connection. 

You can either use pac files for the proxy resolution in different networks, or you can have a DNS name for the proxy that resolves to different IP address internally and externally. 


Ben Bartle

Product Manager - Web Security Gateway

Technical Marketing Engineer 

Content and Network Security @ Barracuda Networks