SSL Inspection is a resource intensive feature which is supported by the Barracuda Web Filter as follows:
By enabling the Barracuda Web Filter to decrypt, inspect and re-encrypt web traffic at the URL level, administrators have fine grained control over the use of web-based applications. What this means is that administrators can choose to block certain portions of web based applications such as Facebook Chat and Facebook Sharing, while enabling the rest of Facebook. Since Facebook, Google and other search engines and many web-based applications run over HTTPS, SSL Inspection is required for this level of monitoring and blocking. With this control the administrator can define what they deem permissible on their network without having to block all of Facebook, Twitter, Google Apps and other popular web-based applications.
With SSL Inspection, the content of a URL over HTTPS can be scanned. This allows the Barracuda Web Filter to apply policies and detect malware and viruses at the URL level.
The Barracuda Web Filter acts as a secure intermediary between user HTTPS web requests and the destination web server (i.e. Facebook.com, YouTube.com, yourdomain.com, etc.). HTTPS content in user web requests is decrypted and scanned by the Barracuda Web Filter, which then detects malware and enforces web policies configured on the BLOCK/ACCEPT pages. After processing, this HTTPS traffic will be re-encrypted on the fly by the Barracuda Web Filter and routed to the destination web server as shown in Figure 1.
Figure 1: SSL Inspection
To use this feature, the administrator installs a root certificate in client browsers from the Barracuda Web Filter. The Barracuda Web Filter can then intercept and inspect the HTTPS connections by presenting the client a CA derived from this root CA. If you have a high availability deployment, you must install the same root certificate on each Barracuda Web Filter.
Social media sites like Facebook and YouTube are now typically accessed over HTTPS, the encryption protocol used to protect online banking sessions and user logins for services of all kinds on the web.
For configuration steps, see How to Configure SSL Inspection.