This solution applies to all Barracuda Web Filters deployed inline.
By default, the Barracuda Web Filter will transparently scan all web traffic and scan all traffic for malware. In some instances, it is beneficial to exempt specific traffic from filtering completely. Using the options under Block/Accept->IP Block/Exempt, you can configure certain IP addresses and ports to transmit through the Barracuda Web Filter without any filtering.
An example of when to use the IP Exempt feature is when the Barracuda Web Filter is interfering with local traffic. Under the IP and Port Exemptions section, create an exemption for your local traffic by entering the local internal subnet and netmask as both source and destination.
Exempt all internal traffic for the 192.168.0.0/16 network to itself.
- Enter 192.168.0.0 / 255.255.0.0 as Source IP range and Netmask range.
- Next, enter 192.168.0.0 / 255.255.0.0 as Destination IP range and Netmask range.
- Click Add.
This entry will exempt any traffic between internal LAN clients, while filtering all web traffic. Leave the Dest. Port field blank unless it is a specific port you would like to exempt. This solution is particularly useful when the Barracuda Web Filter is processing a lot of trusted internal traffic. Because less traffic is scanned, fewer system resources are used.
You can create exemptions and blocks for both single IP addresses and entire subnets. In the case of individual IP addresses, you will need to use a full /32 subnet mask (255.255.255.255). For entire subnets you would use the required appropriate CIDR netmask (ie.. class C /24 would be 255.255.255.0 for all 255 IPs to exempt).
Some domains do not accept, or are unable to process, transparently proxied requests. This can be due to security reasons, such as HTTP-to-HTTPS redirection, or many other issues as described in RFC 3143. To resolve these issues, you can exempt the destination IP from being proxied all-together. On the IP Block/Exempt page, create two entries under IP and Port Exemptions. The first entry will have the remote domain?s IP address as the Destination IP address and Netmask. The second entry will have the remote domain?s IP address as the Source IP Address and Netmask, which is required to exempt all return traffic from that domain.
Exempt all traffic for the domain example.com
- Enter 184.108.40.206 / 255.255.255.255 as the Destination IP and Netmask.
- Keep the Source IP and Netmask blank and click Add.
- Then enter 220.127.116.11 / 255.255.255.255 as the Source IP and Netmask.
- Keep the Destination IP and Netmask blank and click Add.
This address will exempt all traffic to example.com. This solution is also useful for exempting internal servers that must be accessible from the internet at all times and must never be filtered, such as web, VoIP, and SMTP servers.
Link to this page: