Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 2204 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access internet from behind two xg125 firewalls through web proxy.

Iticcpalakkad

Hi all

I am planning to connect my PC to a LAN which is behind an XG125 (fw1). fw1 is connected to an xg125 (fw) which is connected to internet. Help me configure the firewalls so that the PC can access internet through fw1-web proxy.

Note: PC is able to access internet in direct mode. ie if I use rule LAN to WAn any any

Regards

Koshy



This thread was automatically locked due to age.
Parents
  • 0

    I am tagging in here because I am curious on the outcome of this, but I am also wondering.

     

    Do you have LAN to WAN Any set on both XG's? 

     

    Which XG is the Garteway for the computer you are using? 

     

    Or can you provide more details on the setup?

  • 0 in reply to Badrobot

    Well, fw1 that is connected to the pc is the gateway. PC's browser is configured to use fw1:3128 as the proxy server.

    As I mentioned in the first post, everything is fine when I make fw1 as the PC's gateway. FW is configured to access internet throw fw2.

    I have not gone through the logs yet.

  • 0 in reply to Iticcpalakkad

    I see, so basically you have-

     

     

    As I see it, the computer itself is protected, however you would be allowing all traffic to go from fw2 to fw1 since the proxy does not take place until fw1.  Which may use unnecessary resources. I feel as though you should have the proxy at FW2 to prevent any traffic that may not want from getting through the first perimeter firewall.  I know you could do this in a variety of ways but I am not sure what would be the best case scenario.  

     

  • 0 in reply to Badrobot

    Thank you badrobot

    The diagram you have illustrated is very well my setup. Though I have many other devices connected to various zones and networks.

     

    So, you suggest to use the proxy on fw2 that is directly connected to internet?

    Here in my setup, I am trying to use the fw1 (The one connected to my computer) as proxy

    Let me just go through the logs once I go back to the setup

  • +1 in reply to Iticcpalakkad

    Well you really can use either, there more than likely pros an cons to each, for example, maybe you want to lighten the load on the cpu/ram of fw2 by having the IPS/Web Proxy/Other Security separated between the two.  

    Really if you are not dnat'ing or port forward traffic through firewall 2 to firewall 1 then it is just web traffic destined for that device, however all denied traffic by firewall 1 will still pass through firewall 2 before it is denied or accepted by firewall 1.  

     

    There are a few others in here who's knowledge far exceeds mine on this, personally I think it might come down to preference but I would wait, they usually chime in within a day or so.

  • 0 in reply to Badrobot

    I am not quite clear about the Setup because in the diagram is the Client missing.

     

    Basically on XG, there is something called Parent Proxy.

    https://community.sophos.com/kb/en-us/123260

    XG can forward all Web Request to another Proxy, which also proceed the Traffic.

     

    Another Setup would be: 

    https://community.sophos.com/kb/en-us/123522

    Client access the Internet via "Direct/Standard" Proxy and XG is forwarding the Traffic to the Internet. 

     

  • 0 in reply to LuCar Toni

    My bad on the computer in the diagram, I used the server icon, then just put the web browser and port aspect below it.

  • 0 in reply to Badrobot

    Hi

    I just configured the boxes and browser so that the browser uses the proxy on fw2 and everything is fine now.

    Thank you all

Reply Children
No Data