Jump to content


On Premises Express Route on Barracuda CloudGen Firewall

  • Please log in to reply
2 replies to this topic

#1 Shantanu

  • Members
  • 2 posts

Posted 05 July 2018 - 11:27 PM


  I wanted to check if anybody here has hooked up their express route on barracuda f900 firewall. We will have a bgp running on our core switch and would like the barracuda to handle the S tags and C tags vlan. Any design ideas or anything would be helpful on this. Please let me know if you can help out. I can give more details.

#2 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts
  • LocationEMEA

Posted 09 July 2018 - 02:15 AM

Hi Shantanu,

the usual setup is with an on-prem box/cluster and a cloud box/cluster connected with a VPN tunnel with one transport going over expressroute and the other over Internet. Mind we do not support double vlan tagging though, so you'll have to strip one on the switch (your F900 should have enough ports available). Also, you'll have to maintain the UDRs in Azure if you want to follow this design.


Please check this solution brief for some more details:



and don't hesitate to contact our cloud team if you need assistance. 

#3 Shantanu

  • Members
  • 2 posts

Posted 09 July 2018 - 10:54 PM

Hi Bartek,

  Thank you for replying to this post. Can you elaborate more "we do not support double plan tagging, you'll have to strip on the switch". Here is the design we have currently with another router from another vendor. Our S tag vlan is 1, and we have two C tags as 2 and 3.

We would like to replace the router with barracuda handling QinQ. If you can give more explanation on this then that would be great. I will open a case with Barracuda on this as well if that is the correct way to go.



core switch (running BGP)   -------(trunk port vlan 2 and 3)----->router<----(vlan 1)---express route vender device. The router does QinQ to pass the S tag and C tags to azure.