All Barracuda Web Filters being used with a Barracuda Spam Firewall seeing failure of emails passing.
The web filter has a separate type of scanning for traffic than the Spam unit. While the Web filter can also block or allow ports and/or IPs/ranges, the web filter normally should not filter email directly. When filtering email it see a possible threat of a link and then fail the traffic, thus not passing important emails. The Spam unit should be capable of filtering per Spam definitions. The web filter can be set to exempt touching email traffic in any form. You could set an exemption on the IP block/exempt page under the Block/Accept tab.
1st example to not touch port traffic
Add an exemption to port 110 or 993 or 25 depending on what traffic is seen. Add a comment and save then. Ports can only be added individually, not in multiples.
Now let’s say you want to then exempt a Spam firewall unit.
Add the Spam units IP to the SOURCE field as traffic would be seen heading out of the Web filter. ie.. 192.168.45.3
Now add the SOURCE Subnetmask to cover only that device. ie… 255.255.255.255
Add a comment for Spam filter exempting. No port required
This exempts to log and filter the traffic passing outward.
Add a new rule exemption to exempt as the destination also.
Repeat process from step 2 above but insert information into the DESTINATION fields this time.
Add comment also.
This exempts the traffic also passing inward through the Web filter also to keep from any scanning of this traffic happening.
Test to see now working properly to pass email as expected.
Common mistakes are.
1. Adding an exemption in the Blocking fields rather than the exemptions fields.
2. Adding an IP but the mask covers a Class “C” range or vise-versa ie… 192.168.45.3 255.255.192.0 this becomes confusing now as it is an IP and a range
It should either be 192.168.0.0 255.255.192.0 to cover a range of networks, or 192.168.45.3 255.255.255.255 to cover only the .3 node on the network.
3. Another exemption somewhere is overlapping and incorrect also causing the expected node to seem failing at times. Verify all exemptions are correct.
The Web filter exemptions can be pretty granular. A source exemption will not log or filter outbound by IP/range or port or both IP/range and port.
Also it can exempt a node talking to another node by IP/range or port or both. And reverse rule added to exempt as destination traffic also.
Link To This Page: