diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go
index 9d35053181..0bbd78fd7f 100644
--- a/internal/gatewayapi/securitypolicy.go
+++ b/internal/gatewayapi/securitypolicy.go
@@ -1152,6 +1152,7 @@ func (t *Translator) buildExtAuth(
 	switch {
 	case http != nil:
 		protocol = ir.HTTP
+		backendSettings = http.BackendSettings
 		switch {
 		case len(http.BackendRefs) > 0:
 			backendRefs = http.BackendCluster.BackendRefs
@@ -1167,6 +1168,7 @@ func (t *Translator) buildExtAuth(
 		}
 	case grpc != nil:
 		protocol = ir.GRPC
+		backendSettings = grpc.BackendSettings
 		switch {
 		case len(grpc.BackendCluster.BackendRefs) > 0:
 			backendRefs = grpc.BackendRefs
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-dns-lookup-family.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-dns-lookup-family.out.yaml
index 7e067b8ea1..7951e9ce25 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-dns-lookup-family.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-dns-lookup-family.out.yaml
@@ -439,6 +439,10 @@ xdsIR:
                   weight: 1
               path: ""
             name: securitypolicy/envoy-gateway/policy-for-gateway-1
+            traffic:
+              dns:
+                dnsRefreshRate: 30s
+                lookupFamily: IPv4Preferred
         traffic:
           dns:
             dnsRefreshRate: 5s
@@ -480,6 +484,10 @@ xdsIR:
                   weight: 1
               path: ""
             name: securitypolicy/envoy-gateway/policy-for-gateway-1
+            traffic:
+              dns:
+                dnsRefreshRate: 30s
+                lookupFamily: IPv4Preferred
         traffic:
           dns:
             dnsRefreshRate: 5s
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml
index 1c24de65ef..93a6223fa7 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml
@@ -169,3 +169,9 @@ securityPolicies:
           headersToBackend:
             - header1
             - header2
+          backendSettings:
+            circuitBreaker:
+              maxConnections: 30001
+              maxParallelRequests: 1022
+              maxParallelRetries: 1023
+              maxPendingRequests: 1024
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml
index 1b74752bdd..5dd39981f6 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml
@@ -188,6 +188,12 @@ securityPolicies:
         - name: http-backend
           namespace: envoy-gateway
           port: 80
+        backendSettings:
+          circuitBreaker:
+            maxConnections: 30001
+            maxParallelRequests: 1022
+            maxParallelRetries: 1023
+            maxPendingRequests: 1024
         headersToBackend:
         - header1
         - header2
@@ -358,6 +364,12 @@ xdsIR:
               - header2
               path: /auth
             name: securitypolicy/default/policy-for-gateway-1
+            traffic:
+              circuitBreaker:
+                maxConnections: 30001
+                maxParallelRequests: 1022
+                maxParallelRetries: 1023
+                maxPendingRequests: 1024
     readyListener:
       address: 0.0.0.0
       ipFamily: IPv4
diff --git a/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml
index d532bfd8d4..dfda65a471 100644
--- a/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml
@@ -111,6 +111,12 @@ http:
           extAuth:
             name: securitypolicy/default/policy-for-gateway-1
             failOpen: true
+            traffic:
+              circuitBreaker:
+                maxConnections: 30001
+                maxParallelRequests: 1022
+                maxParallelRetries: 1023
+                maxPendingRequests: 1024
             http:
               authority: primary.foo.com
               destination:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml
index 3ff821f5ef..8c4d92eeaa 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml
@@ -84,7 +84,10 @@
           initialStreamWindowSize: 65536
 - circuitBreakers:
     thresholds:
-    - maxRetries: 1024
+    - maxConnections: 30001
+      maxPendingRequests: 1024
+      maxRequests: 1022
+      maxRetries: 1023
   commonLbConfig:
     localityWeightedLbConfig: {}
   connectTimeout: 10s
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
index 155da15090..913c715c04 100644
--- a/release-notes/current.yaml
+++ b/release-notes/current.yaml
@@ -18,10 +18,10 @@ new features: |
   Added support for HorizontalPodAutoscaler to helm chart
 
 bug fixes: |
-
   Fix traffic splitting when filters are attached to the backendRef.
   Added support for Secret and ConfigMap parsing in Standalone mode.
   Bypass overload manager for stats and ready listeners
+  Fix translating backendSettings for extAuth
 
 # Enhancements that improve performance.
 performance improvements: |