This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use Transparent Proxy or Non-Transparent Proxy?

Dwayne Parker over 7 years ago

What do you recommend?

Using Transparent or Non-Transparent Proxy mode?

Thanks in advance:

Dwayne Parker

This thread was automatically locked due to age.

Parents

0 Big_Buck over 7 years ago

Technically, it is easy on other firewalls. BUT. Transparent proxy on XG is impossible. It just cannot be done. I assume you can do it with Sophos WEB gateway and a firewall from another supplier. Or maybe from Sophos' own UTM. But do not waste 6 months trying to figure out on XG. It is not gonna work. Just cannot do a rule of the type :

From this Zone, this LAN, these Services --- to --- this Zone, this LAN/WAN, these Services --- port forward to --- this IP Address, these Services.

Port forward optional, depending on the WEB Gateway.

for example, From: LAN, 192.168.1.0/24, HTTP, HTTPS, FTP --- to --- WAN, ANY, HTTP, HTTPS, FTP --- port forward to --- 192.168.1.2.

Where 192.168.1.2 is the arbitrary address of a WEB gateway. And 192.168.1.0/24 being the internal network. 8 (eight) hours of Sophos professionnal service have proven unable to setup something as basic as that. Easily done on $100 chinese firewalls.

It could be possible in command line maybe ...
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 7 years ago in reply to Big_Buck

Transparent proxy outgoing is easy and I think the is what the original post was about?
Cancel
Vote Up 0 Vote Down

Cancel
0 kerobra_retired over 7 years ago in reply to rfcat_vk

I'm not quite sure if it is the same with XG, but on UTM the transparent mode only covers two ports (if activated), http and https.
Every connection to something like 8443, 8080 runs completely unproxied in transparent mode. Only in standard mode you can (and have to) define, which ports are protected.
Cancel
Vote Up 0 Vote Down

Cancel
0 Dwayne Parker over 7 years ago in reply to rfcat_vk

Yes, you're right, thats what I meant.

One more thing, how to configure XG to use only non-transparent mode? I can't find it anywhere in the handbook.

Is XG configured to use both as standart?

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 7 years ago in reply to kerobra_retired

Hi,

if you want the UTM to use more ports in transparent mode you add them the allowed ports.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 7 years ago in reply to kerobra_retired

Hi,

if you want the UTM to use more ports in transparent mode you add them the allowed ports.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 kerobra_retired over 7 years ago in reply to rfcat_vk

Take a look at the online help of the UTM. The services you define will only be covered in the standard mode.

In transparent mode it only intercepts port 80 connections and - if „Do not proxy HTTPS traffic in transparent mode“ is unchecked on the HTTPS tab - port 443 connections, too.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 7 years ago in reply to kerobra_retired

"Take a look at the online help of the UTM. The services you define will only be covered in the standard mode.

In transparent mode it only intercepts port 80 connections and - if „Do not proxy HTTPS traffic in transparent mode“ is unchecked on the HTTPS tab - port 443 connections, too."

You are correct.

Ian
Cancel
Vote Up 0 Vote Down

Cancel