Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 809 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HowTo only allow proxied connections from lan to wan?

Alie2n

Hi,

I want to configure my policies in a way that only proxied connections are allowed from lan to wan. I don't want a transparent proxy.

I set up the proxy within my Sophos to accept connections on port 8080 from lan.

I set up a new policy group at the top with two rules:

  1. Allow traffic from lan to Sophos port 8080
  2. Reject all traffic from lan to wan

I setup a browser on my client to use the proxy on port 8080 on the Sophos.

I expected to be able to visit websites. I'm greeted with a webpage from the sophos proxy stating the the website cannot be reached.

If I add another policy allowin port 80 and 443 from lan to wan (as suggested by the docs) I can reach the websites without using a proxy. I did not find any documentation on how to achieve the wanted outcome.

Does anybody in the community have an idea what I did wrong?

Cheers,

Nicki



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Alie2n

    You can handle Decryption on a profile level in DPI as well without the separation.

    Currently i do not see any use case of using a Standard proxy mode only. 

    It is currently not possible in XG to build such a deployment and i do not get any use case scenario, why somebody would do this. 

    The transparent mode (standard + transparent) in DPI is the better approach with more advantages compared to a standard proxy mode only. 

Children