The title says it all. Transparent proxy means all local devices, desktops namely, have no Proxy settings in "Internet Options". Only a gateway (i.e. firewall most of the time) setup in the network adapter under IPv4.
1) Sophos SWA requires that http and https traffic filtered shall enter from desktops (explicit mode) on port 8080 (a classic). HTTP & HTTPS ports (80 & 443) are used to access SWA console. So, in transparent mode, XG firewall receiving traffic from desktops, to forward traffic to the SWA appliance, will have to translate ports 443 and 80 to 8080.
2) XG firewalls CANNOT receive HTTP & HTTPS traffic from local subnets, translate to 8080, and route it to SWA. It just cannot do that very basic task.
3) XG "Policy Routing" cannot translate ports.
4) Business Rule are meant from WAN to LAN. Not from LAN to LAN.
5) "Upstream Proxy" will blindly carry all traffic.
Why do transparent mode exist on SWA if its not possible ? Do Sophos use it internally ?
This thread was automatically locked due to age.