Hi all,
Having trouble getting this to log dropped traffic.
This is only a testing environment, for me to play around in. I've installed XG 17.0.1 on a VMware.
I'm trying to get similar functionality as UTM 9 but not having much luck.
Currently, the firewall is set to only allow outgoing web traffic if it is sent through the proxy server on port 3128.
User authentication is done via NTLM to be totally transparent to the end user.
For simplicity reasons, I do not want this to be a transparent proxy.
However, some applications ignore the proxy and attempt to go directly through the firewall.
The firewall blocks this traffic (as expected) because it doesn't match any firewall rule, but it does not log this!
This makes it impossible to build a proxy exception list if I can't see what is trying to go through directly and getting dropped.
Is there any way of making this log dropped or blocked web requests if the didn't go through the web proxy?
In UTM 9, this would be easy, as the user would show as authenticated if the traffic was sent via the proxy, whereas no username would be present if the traffic was sent direct.
Until I can figure out how to set up XG for the same functionality, I can't migrate from UTM 9.
If anyone knows how to emulate this behavior in XG, please let me know.
Thanks
This thread was automatically locked due to age.