It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

How should support troubleshoot instances where a Barracuda Web Filter blocking legitimate web traffic in "Active" mode?

  • Type: Knowledgebase
  • Date changed: 2 years ago
Solution #00000652

When the Barracuda Web Filter is set into "Active" mode, it fails to pass most all web traffic.

When setting up a Barracuda Web filter as an "inline transparent" configuration, here are the important network configuration pointers:

1.  Always have the Barracuda's Default Gateway point to the Firewall (WAN port side of filter). The Barracuda should not point back to any internal LAN switch or router, as LAN is not a way to the internet when inline.

2.   If the customer has multiple subnets or (untagged - non 802.1Q traffic) VLANs that are on a different subnet than the Barracuda you will need to setup Static Routes for each of those subnets. See Solution 6041.  The Gateways for those subnets will usually be the internal LAN switch or router. The Static Routes will help the Barracuda send client traffic back to the network device(s) that knows how to route back to clients.

3.  For additional information about special considerations when configuring the web filter to support filtering (tagged - 802.1Q traffic) from VLANs, use the Advanced tab> Advanced networking page and help , please see Solution # 00002514. Support will need a network diagram, the device connected inline, and able to use active mode for testing, This may block some or most traffic while in active mode.

BYF (IP -, Subnet Mask -
L3 Switch (IP -
Client subnets 10.1.2.x, 10.1.3.x, 10.1.100.x

Inline Pass-through setup: 
PIX > BYF > L3 Switch

BYF should be configured: 
Default Gateway -

Static Routes:
IP - Netmask - Gateway -
IP - Netmask - Gateway -
IP - Netmask - Gateway -

Link to this Page: