This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG - UTM Passthrough Equivilient

Hi Guys,

Is there the equivilent of the "passthrough" certificate that you can set in the UTM web filtering rules in XG? I can't find it anywhere... :(

Kind regards

Shaun

This thread was automatically locked due to age.

0 Michael Dunn over 7 years ago

Go to Certificates / Certificates and upload your purchased certificate there.

Go to Administration / Admin Settings and make sure that your FQDN is set (and covered by your certificate) and Apply.

Go to Administration / Admin Settings and under "Port Settings for Admin Console" select the certificate that you uploaded and Apply.

Make sure your hostname is DNS resolvable.

New for 17.1:

Go to the "Console" (this is not SSH) and type

set proxy_url_use_hostname on

It should now use the hostname (not IP) for redirection (in the types of things that UTM uses passthrough) and it should use that certificate.

Note that in 17.2 we will be improving on the "proxy_url_use_hostname" and bringing it into the UI.
Cancel
Vote Up 0 Vote Down

Cancel
0 Michael Dunn over 7 years ago in reply to Michael Dunn

Please see here for more detailed instructions.

https://community.sophos.com/kb/en-us/132058
Cancel
Vote Up 0 Vote Down

Cancel
0 Shaun Raven over 7 years ago in reply to Michael Dunn

Thanks Michael,

I understand that this replaces internal links in the XG with names rather than IP. I'm more interested in the "passthrough" aspect. As far as I understand it, in UTM when a file is sent to sandstorm it uses an address (213.144.15.19) that usually resolves to passthrough.fw-notify.net, which causes a certificate warning. In UTM you can set a certificate which points that IP, thereby eliminating the certificate warning if required.

Does the method you're suggesting cover this scenario in XG?

Kind regards

Shaun
Cancel
Vote Up 0 Vote Down

Cancel