Guest User!

You are not Sophos Staff.

Web protection - enforce proxy standard mode

Hej,

is it possible to reduce firewall rule or web protection profiles to proxy standard mode and deactivate transparent mode for this rule?

Parents Reply
  • You may already have discovered this, but it is actually not possible to allow access via direct proxy without also allowing access transparently, unless knows something that I've missed.

    If you create a firewall rule that only allows the configured proxy port as a destination service, the client devices are able to connect to the proxy, but the proxy is blocked from creating the outbound connections on behalf of the client device.

    In order to allow the proxy to make the upstream connections, there must also be firewall rules allowing the original client devices to connect directly to the web ports on the WAN.

    Obviously, this means that any application on the client device that doesn't respect direct proxy settings will still be able to connect, and will still have its traffic inspected by the proxy. What's the use case for wanting to force only direct proxy access?

Children