We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

Email traffic concerns when using the Spam Firewall and a Web Filter together.

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00006928  


All Barracuda Web Filters being used with a Barracuda Spam Firewall seeing failure of emails passing.



The web filter has a separate type of scanning for traffic than the Spam unit. While the Web filter can also block or allow ports and/or IPs/ranges, the web filter normally should not filter email directly. When filtering email it see a possible threat of a link and then fail the traffic, thus not passing important emails. The Spam unit should be capable of filtering per Spam definitions. The web filter can be set to exempt touching email traffic in any form. You could set an exemption on the IP block/exempt page under the Block/Accept tab.

1st example to not touch port traffic                                                                                                                                     

Add an exemption to port 110 or 993 or 25 depending on what traffic is seen. Add a comment and save then. Ports can only be added individually, not in multiples.


Now let’s say you want to then exempt a Spam firewall unit.


Add the Spam units IP to the SOURCE  field as traffic would be seen heading out of the Web filter. ie..

Now add the SOURCE Subnetmask to cover only that device. ie…

Add a comment for Spam filter exempting. No port required

This exempts to log and filter the traffic passing outward.


Add a new rule exemption to exempt as the destination also.

Repeat process from step 2 above but insert information into the DESTINATION fields this time.

Add comment also.

This exempts the traffic also passing inward through the Web filter also to keep from any scanning of this traffic happening.


Test to see now working properly to pass email as expected.


Common mistakes are.

1.       Adding an exemption in the Blocking fields rather than the exemptions fields.

2.       Adding an IP but the mask covers a Class “C” range or vise-versa ie… this becomes confusing now as it is an IP and a range

It should either be to cover a range of networks, or to cover only the .3 node on the network.

3.       Another exemption somewhere is overlapping and incorrect also causing the expected node to seem failing at times. Verify all exemptions are correct.


Additional notes:

The Web filter exemptions can be pretty granular. A source exemption will not log or filter outbound by IP/range or port or both IP/range and port.

Also it can exempt a node talking to another node by IP/range or port or both. And reverse rule added to exempt as destination traffic also.

Link To This Page: