Access internet from behind two xg125 firewalls through web proxy.

I am tagging in here because I am curious on the outcome of this, but I am also wondering.

Do you have LAN to WAN Any set on both XG's? 

Which XG is the Garteway for the computer you are using? 

Or can you provide more details on the setup?

Well, fw1 that is connected to the pc is the gateway. PC's browser is configured to use fw1:3128 as the proxy server.

As I mentioned in the first post, everything is fine when I make fw1 as the PC's gateway. FW is configured to access internet throw fw2.

I have not gone through the logs yet.

I see, so basically you have-

As I see it, the computer itself is protected, however you would be allowing all traffic to go from fw2 to fw1 since the proxy does not take place until fw1.  Which may use unnecessary resources. I feel as though you should have the proxy at FW2 to prevent any traffic that may not want from getting through the first perimeter firewall.  I know you could do this in a variety of ways but I am not sure what would be the best case scenario.  

Thank you badrobot

The diagram you have illustrated is very well my setup. Though I have many other devices connected to various zones and networks.

So, you suggest to use the proxy on fw2 that is directly connected to internet?

Here in my setup, I am trying to use the fw1 (The one connected to my computer) as proxy

Let me just go through the logs once I go back to the setup

Thank you badrobot

The diagram you have illustrated is very well my setup. Though I have many other devices connected to various zones and networks.

So, you suggest to use the proxy on fw2 that is directly connected to internet?

Here in my setup, I am trying to use the fw1 (The one connected to my computer) as proxy

Let me just go through the logs once I go back to the setup

Well you really can use either, there more than likely pros an cons to each, for example, maybe you want to lighten the load on the cpu/ram of fw2 by having the IPS/Web Proxy/Other Security separated between the two.  

Really if you are not dnat'ing or port forward traffic through firewall 2 to firewall 1 then it is just web traffic destined for that device, however all denied traffic by firewall 1 will still pass through firewall 2 before it is denied or accepted by firewall 1.  

There are a few others in here who's knowledge far exceeds mine on this, personally I think it might come down to preference but I would wait, they usually chime in within a day or so.

I am not quite clear about the Setup because in the diagram is the Client missing.

Basically on XG, there is something called Parent Proxy.

https://community.sophos.com/kb/en-us/123260

XG can forward all Web Request to another Proxy, which also proceed the Traffic.

Another Setup would be: 

https://community.sophos.com/kb/en-us/123522

Client access the Internet via "Direct/Standard" Proxy and XG is forwarding the Traffic to the Internet. 

My bad on the computer in the diagram, I used the server icon, then just put the web browser and port aspect below it.

Hi

I just configured the boxes and browser so that the browser uses the proxy on fw2 and everything is fine now.

Thank you all