It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Why Is My Barracuda Web Security Gateway Not Filtering Traffic Between My SonicPoint AP and My SonicWALL Firewall?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00007786

Scope: Barracuda Web Security Gateways and Web Security Service Connectors


If you are using a SonicPoint Access Point to send traffic your SonicWALL firewall on the way out of your network, and it is not being filtered by your inline Barracuda Web Security Gateway, the reason may be that your traffic is being encapsulated with the SNAP protocol and tunnelled through the WSG in a form that the WSG does not filter.

SonicPoints can be configured to send traffic via LLC/SNAP instead of TCP. In this form, the WSG sees only the layer 2 MAC address as the traffic passes out of the network. The WSG will see the layer 3 IP address on return traffic, but this is not enough with which to filter the traffic. The WSG must see the IP of the initial request to filter it.

It may be possible to disable this function using "no sonicpoint snap-header" on your SonicWALL firewall. For more information on disabling this protocol, and the impact on your network, please speak to your Dell SonicWALL technician.

For other questions regarding this issue as it relates to your Barracuda Web Security Gateway, please contact Barracuda Networks Technical Support.

Link to This Page: