All Barracuda Web Filters deployed inline behind a switch, all firmware versions.
To ensure client IP transparency works, please verify the following:
- The Barracuda Web Filter is configured to point directly to the perimeter firewall as its gateway.
- Static routes exist for any additional subnets that are not on the same subnet as the Barracuda Web Filter. The default gateway for each subnet will usually be the LAN switch or router that serves that subnet. This will ensure all the network traffic gets routed back to clients correctly. For more information about configuring static routes with the Barracuda Web Filter, see Solution #00001449.
- The Pass Client IP addresses through WAN port option on the Advanced > Expert Configuration page is set to Yes (to reach this page, navigate to the Advanced page, append &expert=1 to the end of your browser's address bar, and press the enter key; you will the Expert Variables tab appear).
- The firewall acting as the Barracuda Web Filter's gateway is not configured to block spoofed IPs. When the Pass Client IP addresses through WAN port option is enabled, the client IPs will all appear to come from the same MAC address (that of the Barracuda Web Filter). Some firewalls may react to this, since it looks similar to an IP spoof attack.
Link to This Page: