If you are using a SonicPoint Access Point to send traffic your SonicWALL firewall on the way out of your network, and it is not being filtered by your inline Barracuda Web Security Gateway, the reason may be that your traffic is being encapsulated with the SNAP protocol and tunnelled through the WSG in a form that the WSG does not filter.
SonicPoints can be configured to send traffic via LLC/SNAP instead of TCP. In this form, the WSG sees only the layer 2 MAC address as the traffic passes out of the network. The WSG will see the layer 3 IP address on return traffic, but this is not enough with which to filter the traffic. The WSG must see the IP of the initial request to filter it.
It may be possible to disable this function using "no sonicpoint snap-header" on your SonicWALL firewall. For more information on disabling this protocol, and the impact on your network, please speak to your Dell SonicWALL technician.
For other questions regarding this issue as it relates to your Barracuda Web Security Gateway, please contact Barracuda Networks Technical Support.