WebFilter on VLAN Trunk
Posted 09 May 2011 - 02:32 AM
I have read on http://blog.barracud...rmware-release/ that the new 4.4 firmware can handle / filter WebTraffic on VLAN trunks.
I have upgraded our WebFilter 310 to the new firmware and created a new vlan on the switches and trunks the port to the gateway / firewall.
But i didnt work. i can ping intet host, connect to ftp etc... but webtraffic seems to be droped... (as in the past firmware). The firewall ist config. correctly, for testing purpose i have opened all ports.
what is wrong in our situation
our config is:
inet --> connected to --> webfilter --> connected to --> cisco asa --> connected to --> VLAN (company net - filtering is working) and VLAN 10 (pub net) on the same firewall port --> connected to switch where firewall port is trunking is allowed to vlan 1 and 10
Posted 13 July 2011 - 10:22 AM
Config is a VLAN trunk on a Cisco Catalyst 3750 through the web filter (transparent mode) then into a Cisco ASA 5520 (then on out to the Internet).
I'm going to bang at it some more and post if I have any success.
Also, it would be VERY helpful to be able to change the VLAN from the console.
Posted 06 September 2011 - 02:07 PM
I had the exact same issue when I first attempted to filter VLANs. Apparently, the web filter IP has to be in the default vlan (1?) and untagged.
Posted 19 September 2011 - 01:20 PM
A best practice often used with Explicit VLANs is to have the default vlan be untagged while all other vlans will have Explicit tagging. The Barracuda Webfilter is expecting this default VLAN to be untagged. In some environments however the default vlan will be tagged. The Webfilter accommodates for these networks with the configuration of the system vlan on the advanced/advanced ip configuration page. *Note* VLAN ID 1 cannot be used as the default vlan on the barracuda. The default VLAN is often the problem most customers run into when attempting the configure the Webfilter with VLANs.
What is your networks default VLAN?
Posted 06 December 2011 - 07:15 AM
Router <--> Cisco ASA <--> WebFilter <--> Switch <--> EndUsers
My Cisco ASA is configured with your port connected on the WebFilter like as trunk, and the switch port connected on the WebFilter like as trunk too. It's necessary configure some thing on the webfilter, to pass the vlans?
Not yet implemented this topology because the network is on production, but i need to use various vlans in my network.
Sorry my english.
Posted 06 December 2011 - 12:57 PM
VLAN 10 - the web filter is in this VLAN, default gateway is the FW
VLAN 20 - second vlan (you could have more, I think the Max is 50)
On the Adv IP page I have:
VLAN Interface = Bridge
Both VLANs defined with their VLAN ID
System VLAN is set to VLAN 10
VLAN 20 is defined asa virtual interface (VLAN 10 does not get a Virtual IP)
It took some trial and error to come up with a config that worked, the documentation wasn't helpful enough. I wasn't in production at the time.
If you lose contact with the device when setting the System VLAN, you can clear that setting via the Console. Make sure you have a backup config.
I recall something about when using the System VLAN, you can only manage the web filter from that VLAN, but that is not the case in my network.
Posted 30 August 2012 - 01:18 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users