Jump to content


Photo

Barracuda Spyware Firewall 802.1Q VLAN Support?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Dan Wilson

Dan Wilson
  • Members
  • 0 posts

Posted 20 June 2005 - 04:03 PM

Was just reading in another thread that the Barracuda Spyware Firewall is a layer 2 device, i.e. doesn't proxy or route internally, but blocks packets by inspecting their contents on the fly.In one network implementation in which I was pondering a BSF installation, there may be a problem. This network uses VLANs internally, arranged in a port-assignment fashion by Ethernet switches. The internet router is connected to one of the switches via 100Mb Ethernet, and this link is a VLAN trunk (i.e. packets encapsulated with 802.1Q VLAN tagging), so that the router knows what VLAN each packet came from and can route/firewall accordingly.If a BSF was installed in this link, will the BSF be able to inspect packet contents and block accordingly since the Ethernet frames are 802.1Q encapsulated? What about reaching the Barracuda via it's own IP for management purposes? Since the switch will send any packets destined for the BSF within an 802.1Q VLAN frame, can the BSF be configured to recognize the 802.1Q VLAN encapsulation in order to talk to the rest of the network?

#2 Rahul Narsimhan

Rahul Narsimhan
  • Members
  • 25 posts

Posted 22 June 2005 - 05:57 PM

I had raised this question with the Barracuda Engineer last week and here is the response I got:=========Q - Are the Spyware appliances capable of scanning traffic with VLAN tags ?A - This shouldn't be a problem as long as we are deployed in a serial inline mode(of the switches uplink or a crossover wire), and the VLANs are between ports(clients) on a switch or multiple switches behind our box. In another word, as long as BYF sits by the perimeter, it can see the traffic.===========I do not think with the current release of firmware it can scan the traffic with the VLAN payload so care must be taken as to where the appliance is placed on the network. I am sure that the Barracuda engineering team will be monitoring this closely as this will be a much requested feature in the coming months. Hope this helps.Rahulhttp://www.securicore.ca

#3 Dan Wilson

Dan Wilson
  • Members
  • 0 posts

Posted 24 June 2005 - 01:29 PM

A - This shouldn't be a problem as long as we are deployed in a serial inline mode(of the switches uplink or a crossover wire), and the VLANs are between ports(clients) on a switch or multiple switches behind our box. In another word, as long as BYF sits by the perimeter, it can see the traffic.

In case anyone was confused, the translation of that answer is "No". :D It won't scan or be able to participate in a link that is 802.1Q encapsulated. This is unfortunate, it would really increase the flexibility of the product.Hopefully, this can be remedied with a change to the network driver implementation the unit uses, which shouldn't be too much of a problem.

#4 Von Housen

Von Housen
  • Members
  • 31 posts

Posted 28 July 2005 - 06:41 PM

I am currently running a 410 and my network uses vlans very heavildy, and it's working, it has caught things from the multiple vlans I have setup for diffrent departments, etc.