Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 363 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External proxy for my guest user, redirecting internet acces in other interface

Philippe_

Hello,
I hope you can help me because I am stuck on a problem related to a dedicated proxy that is not hosted by Sophos XG.
We must publish a public wifi network through RED whose captive portal is hosted by a UCOPIA proxy server with its own internet connection.

This UCOPIA server is connected to Sophos XG via a local network interface.

Concretely, the DHCP operation and DNS hosted by the UCOPIA server works on the client workstations but not the Internet access.
I created a NAT rule in order to reroute HTTP and HTTPS flows to the UCOPIA server, this NAT rule is linked to the firewall rule but it does not seem to work. In the logs, internet requests are routed to the WAN XG output and not via the UCOPIA proxy.

Where i'm wrong ??



This thread was automatically locked due to age.
  • 0

    Why should the traffic be routed to the proxy, if you are using a explicit proxy as the firewall? The firewall will take those requests and will do it own stuff with it. 

    You could potentially use a Parent Proxy, but this is a one man option, means the parent proxy will be activated for all users. 

    So you should change the branche office to use explicitly the proxy on the other route and not the firewall as a proxy. This will likely not work. 

    You could try to create a sd-wan rule to force the firewall to use the other interface: community.sophos.com/.../routing-in-xgv18-with-sd-wan-pbr

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Toni,

    Thanks for your reply.

    The explicit proxy is only used by enterprise users on a specific vlan behind the RED.

    Guest access is managed via a captive portal powered by the dedicated server (UCOPIA), the use of an explicit proxy is not possible on this network (dedicated guest VLAN on the RED).

    Regarding SD-WAN, the problem when creating a rule is that it only offers us a WAN routing gateway. Moreover, if I am not mistaken the documentation indicates certain operating limitations

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?