We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Why is my firewall reporting a "Block Local Loop" on the Recent Connections page of my Barracuda Firewall?

  • Type: Knowledgebase
  • Date changed: 8 months ago
Solution #00007114 

Scope:

All Barracuda Firewalls, all firmware versions

Answer:

If you are having trouble accessing an internal device by domain name, but it works using the internal IP address, you might be experiencing a local loop. This happens when you have a firewall rule set to redirect traffic from the outside in to that internal server. This is common when, for example, you have an internal web server that has internet traffic redirected to it when people from outside the network try to access the server based on the domain name. Traffic coming from inside the network gets stuck in a loop when going out and coming back in because of an interface mismatch in regards to the origin of the traffic. This causes the firewall to block the traffic to keep it from looping.
If this happens, there are a few things you can do on your firewall to fix the issue:
Option 1: You can configure a separate DNS record on your internal DNS server to allow internal users to resolve the domain name from inside the network.
Option 2: Configure your firewall to act as an authoritative DNS and configure it to use 'split DNS' to allow both internal and external users to resolve the same hostname.
Option 3: If you have a firewall rule in place to redirect internet traffic to your internal server, you can modify it to include local traffic as well. For example, consider the following scenario for an internal web server:
Action: DNAT
Source: Internet
Service: HTTP+S
Destination: External IP address of firewall
Redirect to: Internal IP address of web server
In this scenario, you could just add the Trusted LAN network object (or manually enter internal subnet) to the source of the firewall rule. This is known as hair-pinning. This will properly redirect internal traffic back to the web server.

Additional Info:

You can learn more about configuring your firewall as an authoritative DNS by viewing our public tech library article found here: https://techlib.barracuda.com/BFW/ConfigAuthDNS

Link To This Page:
https://campus.barracuda.com/solution/50160000000uHjVAAU