All Barracuda Firewalls, all firmware versions
If you are having trouble accessing an internal device by domain name, but it works using the internal IP address, you might be experiencing a local loop. This happens when you have a firewall rule set to redirect traffic from the outside in to that internal server. This is common when, for example, you have an internal web server that has internet traffic redirected to it when people from outside the network try to access the server based on the domain name. Traffic coming from inside the network gets stuck in a loop when going out and coming back in because of an interface mismatch in regards to the origin of the traffic. This causes the firewall to block the traffic to keep it from looping.
If this happens, there are a few things you can do on your firewall to fix the issue:
Option 1: You can configure a separate DNS record on your internal DNS server to allow internal users to resolve the domain name from inside the network.
Option 2: Configure your firewall to act as an authoritative DNS and configure it to use 'split DNS' to allow both internal and external users to resolve the same hostname.
Option 3: If you have a firewall rule in place to redirect internet traffic to your internal server, you can modify it to include local traffic as well. For example, consider the following scenario for an internal web server:
Destination: External IP address of firewall
Redirect to: Internal IP address of web server
In this scenario, you could just add the Trusted LAN network object (or manually enter internal subnet) to the source of the firewall rule. This is known as hair-pinning. This will properly redirect internal traffic back to the web server.
You can learn more about configuring your firewall as an authoritative DNS by viewing our public tech library article found here: https://techlib.barracuda.com/BFW/ConfigAuthDNS
Link To This Page: