Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 805 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HowTo only allow proxied connections from lan to wan?

Alie2n

Hi,

I want to configure my policies in a way that only proxied connections are allowed from lan to wan. I don't want a transparent proxy.

I set up the proxy within my Sophos to accept connections on port 8080 from lan.

I set up a new policy group at the top with two rules:

  1. Allow traffic from lan to Sophos port 8080
  2. Reject all traffic from lan to wan

I setup a browser on my client to use the proxy on port 8080 on the Sophos.

I expected to be able to visit websites. I'm greeted with a webpage from the sophos proxy stating the the website cannot be reached.

If I add another policy allowin port 80 and 443 from lan to wan (as suggested by the docs) I can reach the websites without using a proxy. I did not find any documentation on how to achieve the wanted outcome.

Does anybody in the community have an idea what I did wrong?

Cheers,

Nicki



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Alie2n

    That is somehow not reasonable. XG simply do not care, if the connection is 443 or 8080, it will inspect both connection.

    Standard Proxy has many disadvantages compared to the DPI Engine. You cannot inspect TLS1.3, have to downgrade to TLS1.2, this opens a new security issue etc. 

    "Correctly configured devices". Therefore if i know the proxy, this lifts a device to a correctly configured device? This is security by obscurity and in fact bad practice. 

Children