Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 4463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to have a transparent HTTP/S proxy to ports other than 80 and 443 ?

RomanoBanchieri

Hello,

I'm new with Sophos XG and I'm trying to configure a transparent proxy for HTTP/S services on port 8200.

I have done the firewall rule, and it work's.

Now I would intercept the trafic with the proxy, I have activate the Scan HTTP and Decrypt & Scan, choose a Web Policy HTTPS, but the traffic was never intercepted by the proxy.

I have done the same for port 80 and 443, and it works fine.

What I miss ?

Thank you

Rob



This thread was automatically locked due to age.
Parents
  • 0

    HI,

    You need to change the web proxy settings on the XG in WEB->  General Settings -> Web proxy configuration.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    Thank you for your answer.

    My settings are this:

    What can I configure more ?

    For information, I have installed version 17.5.0 GA. This can be a problem with this version ?

    RoB

  • 0 in reply to RomanoBanchieri

    Hi,

    wrong answer. I will experiment some more.

    Perhaps you need to explain the logic behind your request?

    More thoughts on the subject, you would loose the ability to scan for bad sites, blocked URLs and your reports would have unresolved catergory sites.

    You would need to use the web proxy in non-transparent mode. The more I think about the more issues you are going to create for yourself, eg secure updates to the XG, mail scanning

    Maybe someone with cli experience can provide some pointers?

    Ian

  • 0 in reply to rfcat_vk

    As far as i know, this is not possible. 

     can maybe correct me, if i am wrong, but the proxy gets the requests from 80 or 443 and gets redirected to him. 

    Keep in Mind, XG is always a "Direct and Transparent" Proxy at the same time. So if you have some "special" websites, simply configure via PAC / WPAD to talk to the standard Port(3128 / 8080). XG will try to scan this high port like configured by Ian. 

Reply
  • 0 in reply to rfcat_vk

    As far as i know, this is not possible. 

     can maybe correct me, if i am wrong, but the proxy gets the requests from 80 or 443 and gets redirected to him. 

    Keep in Mind, XG is always a "Direct and Transparent" Proxy at the same time. So if you have some "special" websites, simply configure via PAC / WPAD to talk to the standard Port(3128 / 8080). XG will try to scan this high port like configured by Ian. 

Children
  • 0 in reply to LuCar Toni

    Correct.

    In "Transparent mode" (where the client application/OS does not know it is connecting to a proxy) the XG will watch for HTTP/HTTPS traffic on port 80 and 443 and send it through the web proxy.  It is not possible to specify other ports to be sent through the web proxy, however you can create other "services" that include those port, use them in a firewall rule, and allow them to go through unscanned.

    In "Direct mode" (also called standard or explicit) the client knows it is connecting to a proxy and by default configured for port 3128.  In direct mode you can also support specific ports that are allowed as destinations (eg http://customsite:8000/).  These are configured on the screen shot above.