It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Using Static Routes

  • Last updated on

For an inline deployment, static routes are necessary to enable the Barracuda Web Security Gateway to protect any client machines that are at IP addresses outside of the native subnet of the Barracuda Web Security Gateway.

In a forward proxy deployment, static routes are not needed and not used, because traffic is routed directly to the proxy.

For example, suppose your Barracuda Web Security Gateway is assigned the IP address 172.20.0.6 and a subnet mask of 255.255.255.0

  • If you needed to create a static route to reach client machines in the 192.168.2.x range, the Netmask value would need to be 255.255.255.0 .
  • If you needed to create a static route to reach client machines in the 192.x.x.x range, the Netmask value would need to be 255.0.0.0 .

In both cases, the IP/Network Address would need to be outside the 172.20.0.x network of the Barracuda Web Security Gateway, and the Gateway Address would need to be inside 172.20.0.x.

To use static routing, from the BASIC > IP Configuration page, you would set up the following:

  • IP/Network Address - IP address of a host or network located outside of the native subnet of the Barracuda Web Security Gateway.
  • Netmask - Subnet mask for the destination host or network.
  • Gateway Address - IP address of the next hop that can be used to reach the destination host or network. When the Barracuda Web Security Gateway receives ingress web traffic for client machines in the specified IP range, it forwards the packets to the router at the IP address you specify in this field. Therefore, this IP address must be on the same subnet as the Barracuda Web Security Gateway. If another IP address is used outside the range of the Barracuda Web Security Gateway, there could be latency issues because the Barracuda Web Security Gateway is a layer 2 device and does not route traffic.

Note: The core switch or router typically contains routing statements for the entire network.