• Home
• Barracuda Security Products
• Contact
• Support

Barracuda Web Application Firewall Deployment

Standard Deployment Configuration

The Barracuda Web Application Firewall is designed to easily fit into any existing data center environment and to rapidly secure and accelerate new and existing Web applications. Barracuda Networks offers the most flexible array of Barracuda Web Application Firewall deployment options, including both Bridge-path and Route-path.

Bridge-path

Bridge-path, the recommended mode of implementation for most customers with existing Web application traffic, enables simple and fast deployment without requiring any IP address changes on either the front- or back-end Web servers or network devices. The bridge is transparent, so no user traffic is disrupted.

Route-path

Route-path provides the highest degree of protection for a Web application infrastructure by acting as a full reverse proxy for all Web application traffic. As a reverse proxy, Route-path allows only predefined traffic that adheres to security policies. Additionally, the reverse proxy controls the only route to the back-end network, so traffic cannot flow to any server unless specifically forwarded by the proxy. This is the most flexible deployment mode because it facilitates the content-based traffic management functions of the Barracuda Web Application Firewall.

One-Armed Proxy Deployment

Deploying the Barracuda Web Application Firewall in the One-Armed Proxy configuration requires the unit to be set up off a switch only from the WAN port. This configuration creates an additional route for traffic to reach the servers without disturbing the natural flow through the network. Only the traffic that needs to be monitored or secured is routed via the Barracuda Web Application Firewall. One-Armed Proxy as a deployment option is utilized during the initial phases when the administrators want to validate the solution without having to change network settings. Another scenario to use the One-Armed Proxy deployment is to utilize the load balancing feature of the appliance for HTTP/HTTPS traffic, while letting SMTP and other traffic go directly to the server.

Fault Tolerant Barracuda Web Application Firewall Environment

Some organizations may need only a single Barracuda Web Application Firewall. When inline in Bridge-path mode, the Barracuda Web Application Firewall’s Ethernet Hard Bypass ensures reliable application delivery. For Web applications with stringent security requirements, the Barracuda Web Application Firewall may be installed in a redundant pair configuration, providing real-time application state replication so that security and user sessions will not be compromised during a failover event.