Please Read Before Updating
Before installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versions more recent than the one currently running on your system. Important: A configuration backup made in version 4.4 and lower cannot be restored to version 4.5 and higher.
Do not manually reboot your system at any time during an upgrade, unless otherwise instructed by Barracuda Networks Technical Support. The update process typically takes only a few minutes after the update is applied. If the process takes longer, please contact Technical Support for further assistance.
Upgrading to Version 6.x and 7.x
- After upgrading to version 6.0, reverting back to the previous firmware version or to the factory installed version is not possible.
- Note that the BASIC > WebLog and BASIC > Application Log pages get cleared on updating from 6.0.0 to 6.0.1, but the log data is still intact and will still appear in reports.
- WARNING: If you are currently using port 8080 as a proxy port for your client connections, note that this port is no longer available to use for proxy connections with version 7.0 and higher. Please alter the port to 3128 on your clients by modifying your GPO or PAC file.
Upgrading to Version 8.0
After upgrading to version 8.0, you'll notice that some Hourly/Daily reports on the BASIC > Status (dashboard) page will initially show No Data Available until the first web request is made after the upgrade. All of the data required to run reports still exists on the Barracuda Web Filter and new data will begin to appear on the default dashboard as the Barracuda Web Filter begins to process traffic after the upgrade.Firmware Version 8.1.0
What's New in Version 8.1.0
- Enable Port Auth Exemption - Allows exemption of traffic proxied to port 8080 from NTLM and Kerberos authentication. If you have a combination of a terminal server environment using either NTLM or Kerberos authentication and Windows desktop units using LDAP, for example, this feature enables a hybrid of authentication mechanisms. Windows desktop users can then authenticate via your LDAP server while terminal users can authenticate via NTLM or Kerberos in a forward proxy configuration. Make sure that LDAP and/or unauthenticated user traffic runs over port 8080.
Fixed in Version 8.1.0
- Data correctly displays in chronological order for the Web Requests Log report type in HTML, PDF, Text, or CSV formats. [BNYF-8973]
- When clustering two or more Barracuda Web Filter Vx virtual machines, making a change in the configuration of one now propagates correctly to the other. [BNYF-8895]
- When the time zone is set within 30 minutes of GMT, performance statistics and charts on the BASIC > Status page render correctly. [BNYF-8869]
- Creating exceptions based on Safe Search does not result in an error message. [BNYF-8831]
- Provisioning the Barracuda Safe Browser on a device with the Barracuda Web Filter is successful when bookmarks configured on the ADVANCED > Remote filtering page contain special characters. [BNYF-8834]
- Scheduled reports with a large time frame complete correctly. [BNYF-8777]
- Editing the Custom Keyword Categories on the BLOCK/ACCEPT > Web App Monitor page saves modifications as expected. [BNYF-8694]
- With the Captive Portal feature enabled, when an Allow exception is created for a set of users, those users now receive the Captive Portal agreement page as expected when they try to visit the allowed sites. [BNYF-8662]
- Authenticated policy rules are no longer applied to Unauthenticated Captive Portal users. [BNYF-8483]
- On the ADVANCED > Backup page, the Cloud option is available for Scheduled Backups. [BNYF-8591]
- When multiple Barracuda Web Filters are connected to Barracuda Appliance Control, reports generated from the Group Node view include data from all connected Barracuda Web Filters. [BNYF-8578]
Version 8.1.0.002
- Enhancement: New Performance Summary report with graphs of throughput, system load, TCP connections and Active Users. This report is a tool for quickly assessing whether your Barracuda Web Filter is performing at sustainable levels for your organization's current needs. Overall system performance is represented by a horizontal bar that indicates where your system is with respect to maximum thresholds. Recommended, average and peak values are provided. Use this report to help gauge whether your organization has outgrown your Barracuda Web Filter and you should consider upgrading to another model.
- Fix: Port 3130 is reserved ONLY for HTTPS traffic through the Barracuda Web Filter when the SSL Inspection feature is enabled. [BNYF-9082]
- Fix: When re-ordering policy exceptions on the BLOCK/ACCEPT > Exception page, exceptions with text patterns that include meta-characters now remain unaffected if they change order. [BNYF-9187]
- Fix: LDAP users are now able to log in using LDAP Proxy Authentication regardless of whether the Bind DN contains a backslash '\' . [BNYF-9165]
- Fix: SSLv3 has been disabled in the Web interface to mitigate CVE-2014-3566 (SSL POODLE). [BNYF-9226]
- Fix: When a user is removed from an LDAP group in AD, periodic automatic synchronization of group information with the Barracuda Web Filter works as expected. [BNYF-8532]
- Fix: Exceptions for LDAP groups continue to be applied as expected after making changes to the exception when Aggregate All Active Directory Domains is also set to Yes on the USERS/GROUPS > Authentication page. [BNYF-9150]
Firmware Version 8.0
What's New in Version 8.0
- Authentication
- Proxy Authentication - The Proxy Authentication feature has been expanded to allow selection of LDAP groups for proxy authentication. Previously, only local users were supported. In version 8.0, administrators can apply LDAP authentication to remote/mobile users who are in the LDAP server, but are browsing outside of the network. This means that the Barracuda Web Filter can be configured such that there are no unauthenticated users. See the USER/GROUPS > Configuration page and How to Configure Proxy Authentication for Chromebooks and Other Remote Users for more information.
- Wireless Access Point (WAP) Support - The WAP integration feature enables end users to surf as authenticated users via the Barracuda Web Filter after authenticating against their WAP. This means that the user only needs to enter their credentials once as opposed to entering their credentials once for the WAP and then a second time to authenticate against the Barracuda Web Filter. Each WAP can be configured to send its syslogs to the Barracuda Web Filter on the network, which can then parse the logs for username and IP address of each authenticated user. This enables reporting on user browsing activity, bandwidth use, and more. See the USER/GROUPS > Configuration page and Wireless Access Point Integration for more information.
- User Interface
- Data Pattern Categorization - As data leaves the corporate network through a variety of web based applications, the network administrator can monitor data patterns for sensitive information to ensure compliance with corporate policies. This entails the monitoring and alerting of flagged specific data elements such as credit card numbers, social security numbers, privacy terms, and HIPAA compliance terms. See the BLOCK/ACCEPT > Web App Monitor page to configure and Data Pattern Categorization and the Barracuda Web Filter for more information.
- Customizable Dashboards - In addition to the wealth of information available on the default dashboard (BASIC > Status page), the administrator can now also create multiple dashboards with summaries of just the information about web traffic and user activity that is of top priority. Choose from various reports showing specific user browsing, bandwidth and malware statistics in drag and drop layouts.
- Virtualization
- Support for Microsoft Hyper-V - See Hypervisor Compatibility and Deployment - VHD Package.
Fixed in Version 8.0
- YouTube Safety Mode operates per Google's new implementation of Safety Mode as of March 2014. [BNYF-8537]
- Log reports now show data in ascending order by date. [BNYF-8530]
- Reports can now be generated that include users found in nested organizational units (OU's) in the Active Directory structure. [BNYF-8379]
- Application Exceptions can now be set for specific IP groups. For example, FTP traffic can now be blocked based on the IP group of a particular user or set of users. [BNYF-8519]
- Temporary Access administrators can now log in to bypass block pages using their LDAP credentials even if the LDAP group they belong to is named with upper case letters. Previously, LDAP group names had to be in lower case. [BNYF-8504]
- Reports based on All Logged Users in the Limit Report field now return data. [BNYF-8458]
- Port 22 is no longer open for SSH access on the Barracuda Web Filter. [BNYF-8175]
Version 8.0.0.004
- Limit Report To option for an Active Directory group limits based on Common Name (CN) as expected, instead of on sAMAccountName. [BNYF-8512]
- Overall improved reporting performance with larger data sets. [BNYF-8777]
- Web Log web interface improvements to display complete Category and Detail column information. [BNYF-8791]
- On the BASIC > Status page, in the Hourly Web Filter Statistics section, the Top Blocked Requests graph no longer shows a No Data Available message if there are no blocked requests in the last hour. [BNYF-8811]
- On the BASIC > Reports page, the Exclude Days of Week option works as expected when multiple days are excluded. [BNYF-8828]
- Internal websites with short URLs resolve correctly by hostname and FQDNs are no longer needed. [BNYF-8832]
- The
Users By Requests report returns data for users with application logs, as expected. [BNYF-8862] - On the BASIC > Status page, dashboard data renders as expected when the customer's timezone is GMT :30 offset. [BNYF-8869]
- The BLOCK/ACCEPT > Exceptions page now lists users whose primary Group ID is not 513. [BNYF-8870]
- The reports Number of Sessions by Time of Day and Number of Sessions by Hour display as expected. [BNYF-8882]
- On the BASIC > Status page, the Top Users report runs and displays as expected for large numbers of users. [BNYF-8886]
- In the Barracuda Web Filter Vx, synchronizing the configuration over a cluster of systems works as expected. [BNYF-8895]
Firmware Version 7.1.0
What's New in Version 7.1.0
- SSL Inspection
- The Barracuda Web Filter 610 and 810 now support inline SSL Inspection. In previous releases, SSL Inspection was supported only in forward proxy deployments. Moreover, applications selected on the BLOCK/ACCEPT > Web App Control and Web App Monitor pages are now subject to SSL Inspection when the feature is enabled.
- The Barracuda Web Filter 910, 1010, and 1011 now SSL inspects applications selected on the BLOCK/ACCEPT > Web App Control and Web App Monitor pages. Previously, only domains and categories (in forward proxy) were subject to SSL Inspection.
- The Barracuda Web Filter 410 now supports SSL Inspection with inline or forward proxy deployments for Safe Browsing and YouTube for Schools.
- The Barracuda Web Security Agent (WSA) supports SSL Inspection in non-Policy Lookup Mode which inspects the traffic proxied by the agent.
Fixed in Version 7.1.0
- RAID status tools provide correct and consistent RAID status on the BASIC > Status page. [BNYF-8186]
- When a delegated admin is limited to a group, and that admin runs a report, the filter for Limit Access To (defined on the ADVANCED > Delegated Admin page) is correctly applied. [BNYF-7335]
- Exporting to a CSV file from the BASIC > Web Log page download process does not time out if the export takes more than 5 minutes. [BNYF-8178]
- The Manage and Monitor roles as defined on the ADVANCED > Delegated Admin page can create scheduled reports. [BNYF-8288]
- Backups created on older firmware will not work on the 7.1.0 release. The retrieval and backup works as expected as long as the backup files have been created with 7.1.0 release. [BNYF-8127]
Version 7.1.0.003
- Synchronized help page in web interface for ADVANCED > Temporary Access page. [BNYF-8425]
- Logging into the web interface with admin credentials, or getting redirected to a block page in a maximized IE8 browser does not cause the browser to crash. [BNYF-7982]
- The Warn block page triggered by a MIME type includes a Proceed button as expected. [BNYF-8450]
- The Windows Safari browser gets filtered as expected by the Barracuda WSA with the default option 'Filter Specified Applications And Allow All Others' configured on the ADVANCED > Remote Filtering page. [BNYF-8221]
- When a website is blocked for the reason of spyware, all buttons and the option to run the Barracuda Malware Removal Tool are present. [BNYF-8361]
Firmware Version 7.0.1
What's New in Version 7.0.1
- Captive Portal
See the BLOCK/ACCEPT > Configuration page for settings.- Option to apply Captive Portal to one or more IP Subnet/Groups (as defined on the USERS/GROUPS > IP Subnets/Groups page) as well as to unauthenticated users.
- Captive Portal access to the network can allow users to browse:
- Using their existing LDAP credentials to log in and be subject to Authenticated policies, OR
- Only as a Guest, OR
- Based on their choice, selecting either Guest or as Authenticated when presented with the Captive Portal splash/login page.
- Option to present a Logout button for the user on a block page that displays when a policy prevents the user from accessing a requested website or application. This allows for changing users/logins.
- Ability to exclude IP group(s) from Captive Portal.
- Temporary Access for Teachers, Students
- Admin has option to allow teachers to bypass block pages with login credentials instead of, or in addition to, using tokens to provide student access to requested websites. Teacher still has option to hand out tokens to students.
- Admin can designate entire LDAP groups as Temporary Access administrators. For example, the admin might create a group for the Science Dept. and assign all teachers in that group Temporary Access administrator rights.
- SSL inspection
Configure on ADVANCED > SSL Inspection page.- Ability to limit SSL Inspection of web traffic to specific users/groups. This new option provides 2 benefits:
- Enables the admin to better manage this resource-intensive feature.
- Prevents unauthenticated or guest users from getting certificate warnings when browsing over HTTPS because they do not have the root certificate installed in their browser. - Option to allow end users to download a root SSL certificate from their browsers. May also require authentication for certificate download. This option is useful if you choose to create a self-signed certificate on the Barracuda Web Filter which needs to be pushed out to client browsers, instead of uploading a trusted certificate you buy from a certificate authority. Rather than pushing the self-signed certificate to browsers, you can enable users to download it.
- Ability to limit SSL Inspection of web traffic to specific users/groups. This new option provides 2 benefits:
- Reporting - Two new summary reports, aggregating existing reports for meaningful snapshots of network activity and Internet activity for the specified time frame.
Fixed in Version 7.0.1
- Significant performance improvement in rendering reports and statistics
- Faster reporting interface
- Faster rendering of statistics on the BASIC > Status page
- Faster log in to the web interface
- Status page
- Performance Statistics display and align properly. [BNYF-7742, BNYF-7750]
- Delay in page loading at Admin login fixed. [BNYF-7994]
- When Daily is selected in the Hourly Web Filter Statistics section of the page, the list data is updated and displays the Top 10 records. [BNYF-7837, BNYF-7928]
- Reporting
- Network Activity Summary ad hoc report in PDF format loads and displays correctly. [BNYF-8004]
- Top Users by Requests to Spyware Sites ad hoc HTML report (Users by Spyware Requests report in version 6.0.1) shows accurate data when drilling down by Hour or Domains [BNYF-7771]
- Sessions by Users report is present. [BNYF-7747]
- Barracuda Cloud Control
When managing the Barracuda Web Filter from Barracuda Appliance Control (BAC):- The Web Application Control page now displays blocked applications for both single and group view. [BNYF-7988]
- The BASIC > Status page correctly displays statistics. [BNYF-6233, BNYF-7295, BNYF-7413, BNYF-7412, BNYF-7750, BNYF-7795, BNYF-7837, BNYF-7876, BNYF-7874]
- The BASIC > Reports page aligns with the Barracuda Appliance Control display. [BNYF-7355, BNYF-7349, BNYF-7893]
- Ad hoc reports in HTML format display records correctly. [BNYF-7348]
- The User/Group Lookup button works properly on the BLOCK/ACCEPT > Exceptions page. [BNYF-6974]
- Policy remains as selected (either Unauthenticated or Authenticated) on BLOCK/ACCEPT > Web App Control page. [BNYF-7988]
- Miscellaneous
- Block page now renders with correct background color when user visits blocked websites. [BNYF-7993]
- Block page and log in process work properly with the IE8 browser. [BNYF-7982]
Firmware Version 7.0
What's New in Version 7.0
- User Interface
- New look and feel - The new Barracuda Web Filter web interface is cleaner with a new color scheme, but is functionally the same with no changes to navigation.
- Enhanced Dashboard - View live feed of current TCP connections and graphs of blocked requests, user browse times and bandwidth usage for a quick picture of web traffic on your network.
- New controls for viewing logs and switching graph content type on-screen.
- Recent Flagged Terms - (Available on 610 and higher) This new section displays a list of the most used suspicious keyword terms in social media and search engine activities per settings on the BLOCK/ACCEPT > Web Application Monitor page. These terms are categorized in a suspicious keywords lexicon provided by Barracuda Networks and can be added to by creating a custom list on the BLOCK/ACCEPT > Web Application Monitor page.
- Improved reporting presentation tools as described below.
- Limited support for Barracuda Appliance Control (BAC). The new web interface includes several key enhancements, especially around the dashboard (BASIC > Status page). Future versions of the Barracuda Web Filter firmware will fully support the new web interface. You can still join your Barracuda Web Filter running version 7.0 to Barracuda Appliance Control, with limited feature support.
- Temporary Access for Teachers, Students - This feature replaces the Temporary Whitelist role. For research projects and other classroom needs, the Temporary Access Portal enables teachers to obtain student access, for a specified time period, to websites that are typically regulated by administrators. Administrators either create credentials for teachers, or teachers simply log into the portal via LDAP. From the portal teachers can request domains and/or categories of domains for temporary student access. The Temporary Access Portal issues a token for each request that the teacher can then give to students for bypassing block pages. See Temporary Access for Education in the Barracuda TechLibrary for details and workflow. To configure, see ADVANCED > Temporary Access. The BASIC > Temporary Access Requests log tracks activity by teachers who have been given credentials to request temporary access for their students. The log displays the status of tokens teachers create by username and date, including expiration date and time of tokens.
- Web Application Monitoring (Available on 610 and higher)
- Suspicious Keyword Alerts - Applies to terms categorized as related to cyberbullying, profanity, adult or terrorism in social media interactions. Barracuda Networks provides a lexicon of keywords you want the Barracuda Web Filter to flag for generating email alerts when they appear in user social media interactions or search engine activities. You can add your own categories and lists of keywords as well. See the BLOCK/ACCEPT > Web App Monitor page for details and to configure. The BASIC > Status page includes a listing of the Recent Flagged Terms (Suspicious Keywords) identified in filtered traffic.
- New Web App Monitor Log page - This new page on the BASIC tab displays a log of all archived chat, email, user registrations and social media interaction traffic processed by the Barracuda Web Filter. Configure which kinds of activities you want to capture on the BLOCK/ACCEPT > Web App Monitor page. Use the BASIC > Web App Monitor Log page to view these captured application interactions by date, source IP address, username and associated details.
- Enhanced HTTPS Filtering
- SSL Inspection - In addition to Forward Proxy deployments with the Barracuda Web Filter 610 or higher, now also available for inline deployments on certain models. See Using SSL Inspection With the Barracuda Web Filter or the ADVANCED > SSL Inspection page. Provides for granular control of web 2.0 applications over HTTPS as described above within Facebook, Google Apps, YouTube and more.
- HTTPS Block Page - A block page is presented when users attempt to visit a website over HTTPS that either poses a security risk, violates policy, or that falls under the Warn policy action. Using the HTTP block page template on the BLOCK/ACCEPT > Block Messages page, you can customize the text on the web page displayed by the Barracuda Web Filter.
- Reporting
- New reporting engine with enhanced performance for fast response times.
- Enhanced PDF and HTML presentation with informative header, footer and easy-to-read layout.
- New report set - Organized for Productivity, Safety & Liability, Web Activity, Infection Activity and Administrative (Temporary Access Requests), including:
- Top Facebook Users by Browse Time
- Top Users by Bandwidth on Streaming Media Sites
- Top Gaming Domains by Requests
- Top Users by Requests to Spyware Sites
- Top Facebook Users by Browse Time
- Top Social Networking Domains by Requests
- Top Streaming Media Domains by Requests
- Top Streaming Media Domains by Bandwidth
- Top Users by Bandwidth on Gaming Sites
- Top Users by Blocked Requests
- Top Users by Browse Time on Gaming Sites
- Top Users by Browse Time on Streaming Media Sites
- Top Users by Browse Time on Social Networking Sites
- Top Users by Requests to Adult/Pornography/Nudity Sites
- Top Users by Requests to Anonymizer Sites
- Top Users by Requests to File Sharing/P2P Sites
- Top Users by Requests to Intolerance and Hate Sites
- Top Users by Requests to Weapons/Violence and Terrorism Sites
- Top Suspicious Keywords
- Suspicious Keywords by Users
- Top YouTube Users by Bandwidth
- Top YouTube Users by Browse Time
- Audit Log
- Temporary Access Request Log
- Categories By Temporary Access Requests
- Domains By Temporary Access Requests
- Users By Temporary Access Requests
- New Audit Log - The Barracuda Web Filter maintains a log of events including logins/logouts and changes to configuration settings in conjunction with role-based administration. The new BASIC > Audit Log page lists these events including date, source IP address, username, role and associated details.
- Policy Rule Checking - From the ADVANCED > Troubleshooting page you can test policy rules applied to traffic on specified servers. You can verify access restrictions and exceptions that you define in the pages on the BLOCK/ACCEPT tab. The Policy Rule Check returns a list of all of the rules that would apply to traffic and actions (Monitor, Warn, or Deny) that would be taken based on the rule.
- Support for External ICAP servers - Ability to redirect traffic from the Barracuda Web Filter to a 3rd party server. Select DLP, Antivirus, or other dedicated ICAP server on the ADVANCED > External Servers page. The Barracuda Web Filter will first apply all configured policies to inbound or outbound traffic, and then forward the traffic to the specified ICAP server for DLP scanning, antivirus scanning or other processing.
Fixed in Version 7.0.0
Version 7.0.0.022
- Reordering of exceptions in the List of Exceptions table on the BLOCK/ACCEPT > Exceptions page works and displays properly. [BNYF-7940]
Version 7.0.0.021
- Improved performance by resolving issues with increased CPU usage. [BNYF-7678]
- Resolved issue with increased memory usage when running reports. [BNYF-7807]
Firmware Version 6.0.1
What's New in Version 6.0.1
- Safe Browsing and Remote User Access
- Barracuda Safe Browser Support - The Barracuda Safe Browser is a full-featured web browser, currently available for the iOS platform that is integrated with the Barracuda Web Filter (as well as Barracuda Web Security Flex). Great for students and BYOD work environments, web requests made through the browser on a mobile device will automatically be filtered to block access to malicious web sites and to enforce compliance policies that you configure in the BLOCK/ACCEPT pages, just as you configure policies for any other traffic source.
- Web Security Agent - Version 4.2.3 of the Barracuda Web Security Agent supports Windows 8.
- Remote Devices - The Barracuda Web Filter maintains a log of remote user and mobile device locations via the Barracuda Web Security Agent (WSA) and the Barracuda Safe Browser. Logged data includes the Username, Domain, Device Name, Device Type, IP Address, Location (link to Google Maps), and Last Seen date and time. This data is logged each time a remote user logs into the Barracuda WSA or the Barracuda Safe Browser, and when the mobile device synchronizes with Barracuda Web Filter settings. See the ADVANCED > Remote Devices page to view.
- LDAP Authentication - New DC Agent
- DC Agent - The new DC Agent 6.0 provides the same integration as before of your domain controller with the Barracuda Web Filter to enable use of single sign-on for your users. Except for remote installations (see below), the DC Agent requires Microsoft Windows Server 2003 with Service Pack 2 (SP2) or higher. See the USERS/GROUPS > Authentication page to configure.
- Windows Server 2012 support.
- New easy-to-use graphical interface.
- Improved stability and performance.
- Requires Microsoft .Net Framework 4.0 Client Profile.
- Remote installation requires Microsoft Windows 7 or higher. Also note that, for the remote installation of DC Agent, you MUST be a domain member to query the server.
- DC Agent - The new DC Agent 6.0 provides the same integration as before of your domain controller with the Barracuda Web Filter to enable use of single sign-on for your users. Except for remote installations (see below), the DC Agent requires Microsoft Windows Server 2003 with Service Pack 2 (SP2) or higher. See the USERS/GROUPS > Authentication page to configure.
- Status page enhancement - The new Link Status section provides icons for LAN, WAN and AUX port connections where applicable. Hover the mouse over one of the port icons for a tool tip showing: eth1/eth2, IP Address, MAC Address, throughput, link Speed, duplex. Note that, for the Barracuda Web Filter FX, only the LAN connection will be present.
- Creating Exceptions to Policy
From the BLOCK/ACCEPT > Exceptions page:
- HTTPS-based Policy - You can now create policy exceptions specific to HTTP traffic, HTTPS, or another legitimate URI scheme (e.g. SMB:\\) using the Protocol field. Note that Enable HTTPS Filtering must be enabled on the BLOCK/ACCEPT > Configuration page if HTTPS is selected.
- List of Exceptions table - New multiple-select capability allows for selecting and moving multiple items at one time to change order of precedence of exceptions.
- YouTube for Schools bypass - You can create an exception for a specific set of users to bypass the YouTube for Schools feature if it is enabled. This feature enables creation of a school account for access to YouTube EDU content as well as a customizable playlist of videos that will be viewable only within your own school network. You can learn more about what YouTube for Schools offers by visiting the YouTube for Schools website. For information about configuring this feature, see the Barracuda TechLibrary article How to Set Up YouTube for Schools.
Fixed in Version 6.0.1
Version 6.0.1.007:
- Enhancement: DC Agent version 6.0.0.32 now installs, if necessary, Microsoft .Net Framework 4.0 Client Profile.
- Enhancement: Download links for Web Security Agent are upgraded for better usability on the ADVANCED > Remote Filtering page.
- Fix: Barracuda Cloud Control no longer displays links from within the Barracuda Web Filter view to download the Barracuda Web Security Agent or the Barracuda DC Agent. These agents must be downloaded via the local web interface of each Barracuda Web Filter. [BNYF-6272]
- Fix: Improved policy engine stability. [BNYF-6257]
- Fix: The Barracuda Web Filter properly re-categorizes domains when many custom categories are present, resulting in proper policy enforcement. [BNYF-6239]
- Fix: Web Log updates and filters as expected. [BNYF-6244], [BNYF-6282], [BNYF-6256]
- Fix: Web Application Monitor notifications are sent out as expected. [BNYF-6294]
- Fix: HTTPS access to the web interface (ADVANCED > Secure Administration page) works as expected. [BNYF-6233]
Version 6.0.1.001:
- Fix: Source IP blocking in Inline Mode works as expected. [BNYF-5802]
- Fix: Source IP exemptions in Forward Proxy Mode work as expected. [BNYF-5368]
- Fix: Login override through spyportal block page now works as expected with valid credentials. [BNYF-5582]
Firmware Version 6.0
What's New in Version 6.0
- User Interface
- Improved applications filtering interface. The BLOCK/ACCEPT > Applications page now provides block and allow actions for specific application traffic that is not browser-based. For example: Skype, Pandora, Adobe Acrobat, FTP. You can select from a pre-defined list of non-HTTP Web applications as well as submit a suggestion of an application that the Barracuda Web Filter should block.
- Revised layout for ADVANCED > Remote Filtering page Barracuda Web Security Agent settings. Includes new support for Mac OS-X with the Barracuda Web Security Agent.
- Web Application Control
- Provides block and allow actions for web-based applications such as Facebook, MySpace, Twitter and others. You can, for example, allow users in the organization to log into Facebook to view and make status updates and use chat, while blocking games, shares and other Facebook apps to protect your network from viruses and malware. Couple this functionality with the powerful Web Application Monitor feature, which allows you to capture these social media interactions for archiving. Configure from the new BLOCK/ACCEPT > Web App. Control page.
- Web Application Monitoring
- Enables the capture of chat, email, user registrations and social media interactions on social media portals for the purpose of archiving and searching by source or content. The archiving repository can be your Barracuda Message Archiver, your Microsoft Exchange Server journaling tool or, for example, a system administrator email address. Configure from the BLOCK/ACCEPT > Web App. Monitor page.
Specify a Notification Email Address for archiving selected actions and associated content. The Barracuda Web Filter will package each interaction as an SMTP message and email it to this address, which can then be marked for archiving. Use the Barracuda Message Archiver or other archiving solution to index messages for searching by source or content. Alerts can then be generated per policy you set in your archiving solution. Available on the Barracuda Web Filter 610 and higher.
- Enables the capture of chat, email, user registrations and social media interactions on social media portals for the purpose of archiving and searching by source or content. The archiving repository can be your Barracuda Message Archiver, your Microsoft Exchange Server journaling tool or, for example, a system administrator email address. Configure from the BLOCK/ACCEPT > Web App. Monitor page.
- Enhanced HTTPS Filtering
- Support for HTTPS with WCCP deployment. HTTPS traffic will be filtered in WCCP deployment mode if Enable HTTPS Filtering is enabled from the BLOCK/ACCEPT > Configuration page.
- SSL Inspection. The Barracuda Web Filter can decrypt HTTPS traffic at the URL level and apply policy accordingly. For Forward Proxy deployments only, this feature is configurable from the BLOCK/ACCEPT > Configuration page. To use SSL Inspection, you must also either upload a trusted or create a self-signed root certificate to install on all client browsers and other Barracuda Web Filters (when using linked management). Configure SSL Inspection certs from the ADVANCED > SSL Inspection page. Available on the Barracuda Web Filter 610 and higher.
Firmware Version 5.0
What's New in Version 5.0
- New role-based administration, configurable from the ADVANCED > Delegated Admin page
- Safe Browsing YouTube for Schools support. Create a YouTube for Schools account, then enable on the BLOCK/ACCEPT > Content Filter page.
- Ability to grant specific LDAP users access to the Barracuda Web Filter Web interface
- LDAP OU (organizational unit) based policy and reporting
- Reporting enhancements
- Temporary whitelisting feature enabling an authorized user to temporarily allow content blocked by policy
- New email alerts summarizing policy violations
- Pre-population of Applications to Filter on the ADVANCED > Remote Filtering page
- Support for scheduling reports in non-English languages
- Improved DNS resolution
- Support for the IE9 browser for Web interface log pages
- Feature: Ability to configure Open Directory specifically
- Block page now supports more than 10 Existing Authentication Services
- Improved alignment for text based reports
- Added Web Security Agent (WSA) features:
- Support for Policy Lookup Only Mode
- Ability to synchronize configuration via a non-default HTTPS port
- Support for NTLM Authentication with Windows 2008 R2 Server
- Ability to use a non-standard SMB port for External Servers
- Backward Compatibility Support for OSX 10.5
- Use of the HH:MM:SS time format for logs exported to CSV file
- Support of PDF report format for the IE7 browser
- Support for export of filtered Web Logs to CSV format for IE8 and Firefox browsers
- The Calendar picker on BASIC > Reports page is compatible with Chrome browsers
- The Safe Mode setting has been removed as it is now handled automatically
- Some reports renamed for consistency and readability.
Fixed in Version 5.0.0
Version 5.0.0.016:
- Enhancement: Improved reporting performance.
- Fix: Improved web interface performance at high system loads.
Version 5.0.0.014:
- Enhancement: Support for YouTube for Schools tool (sign up at www.youtube.com/schools) as part of the Safe Browsing category. To use this feature, you must update your Category Definition version to 2.0.136 or newer on the ADVANCED > Energize Update page in the web interface AFTER you apply this firmware version.
Version 5.0.0.012:
- Fix: Application rule for day-based exceptions works as expected.
- Fix: When the timezone is set to be Eastern Time, traffic graphs are in sync instead of showing Pacific Time.
- Fix: 'WARN' traffic is logged correctly and the WARN activity report shows correct data.