Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 395 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Direct Proxy behind internet gateway did not work

Chi Hing Chi Hing

Dear All, 

               I recently deployed a Sophos XG with version 19, i want this Sophos to act as direct proxy and behind the internet gateway, below are the configuration i created, and i tested with proxy enable on one of the user computer with proxy setting  "192.168.81.242" port "8080",  i found the user can not access internet, and i deployed a test lab in my office with the same configuration, the direct poxy work well in my test lab whereas it didnt work in customer office, and i checked in log viewer in my test lab and customer one below, any help would be appreicated 

out interface Port B,  the src ip 192.168.81.242 - Dst IP 204.79.197.200 Dst 443 <-- this show the proxy directing traffic to internet,

but in customer one i see "In interface Port A the src ip 192.168.81.243 - Dist IP 192.168.81.242 Dst port 8080 <-- it doesnt directing the traffic to internet 

Port A: 192.168.81.242 (LAN) 

Port B: 192.168.81.150 (WAN) 

Port C: 172.16.16.16 (LAN) 

Firewall Rule: 

Rule name - Lan Proxy 

Source zones: LAN 

source networks and devices: Any

Destination zones: Any

Destination networks: Any 

Services: 8080, HTTP & HTTPS 

linked NAT with below 

NAT Rule: 

Orginal Source: Any

Original destination: Any

Orginial service: 8080, HTTP & HTTPS

Translated source (SNAT): MASQ 

Translation destination (DNAT): Original 

Translation service (PAT): Original 

Keith 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Chi Hing Chi Hing
    1. Port A and Port B are in the same network, that won‘t work. Routing is not going to happen. Where is your gateway/uplink?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to jprusch

    yes, Port A and B are in the same network, and behind the Sophos there is a internet firewall (checkpoint), and probably port B is the uplink, in this case if i assign port B with different subnet like 192.168.0.1, this subnet do not have gateway, can direct proxy still access to internet for user that has proxy enabled ?

  • 0 in reply to jprusch

    and i see that in port B (WAN) for web proxy check box is not available, this check box only available in LAN interface, if i assign the IP 192.168.81.242 to port B, user computer that with proxy enable point to this IP wont be working as direct proxy, any idea ?  

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?