At the moment it's only for transparent mode because this feature is just an iptables rule which prevents the listed IPs from beeing redirected. The difference between standard mode and transparent mode is just that one redirect in iptables. In standard/user mode you do not have such a redirect, so you also can not bypass the redirect. So this feature works only for transparent mode.
Would be a nice feature to have on standard and user modes as well. I'm sure it will come up in future sales situations. Most of the other major vendors have this.
?? I don't understand, I standard mode or autch mode, you do not need this feature, because, the user is able to switch the proxy off on his system. So why he should use the proxy, an you, put him through? Would be the same, when using no proxy and a default route.
Astaro user since 2001 - Astaro/Sophos Partner since 2008
The reason for the request is on several thousand computers you don't want to go through and put an IP in the bypass proxy list on the local machine. it becomes a huge pain if you're not running an active directory domain.
and sadly turning off all proxy usage on the computer is a no go due to regulations in school networks.
1. All users have to use the proxy
2. some internet sites should not be proxied / viruschecked etc.
solution: whitelist these sites
The option in transparent mode means: you need not to configure each client for proxy usage, every client will use it automatically. But there might be some clients you want to disable from proxy usage, so you put these IP's in the list.
I think you want to filter Destinations and no source.
Astaro user since 2001 - Astaro/Sophos Partner since 2008
at times just adding it to the whitelist won't do it. we've got places that want to add an entire class C to an exclusion list, plus the added niceness of when we add in Defs for a server to allow traffic out to a non standard port on it we can just select that new deff & hit add :-)
it'd also make it nice to exclude things on our hosting server. for example right now to bypass the proxy for every site we host I'd have to put in about 100 sites per firewall where as with the exclusion list we just need to move 1 deff over to the active list.
The verbage says source/destination in the firewall.
but yes there are setups we'd need for source bypass as well. lol working with Schools/libraries/sheriff departments/medical centers make interesting setups and feature requests.
