Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 2951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.1 Disables port 80 use for HTTP Proxy

bryans2k
FYI...

You won't be able to use port 80 for the HTTP proxy if you had previously. I was using this as an alternative to having a dedicated web server distribute our WPAD file since we use DNS for WPAD on our static IP devices. I was caught off guard since this was possible on v8 until 9.1 so I figured I'd post it in case anyone else was unaware.

Bryan


This thread was automatically locked due to age.
Parents
  • 0
    OK - I see now - I read right past the DNS part of the question.

    An idea for a work-around: put an additional IP named "WPAD" on the Internal interface and have that be the address for WPAD in DNS.  Make a NAT rule:

    DNAT : Any -> HTTP -> Internal [WPAD] (Address) : Internal (Address) HTTP Proxy : Auto firewall rules


    Any luck with that?

    Cheers - Bob
    PS I'd be interested to know if this works if the destination is not changed.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Actually you can skip the additional IP and do it for the internal interface but I'm still curious why they restrict port 80 since I don't know of anything else that uses it.

    Bryan
  • 0 in reply to bryans2k
    You can use the UTM itself to distribute PAC/WPAD configurations, if that helps you any.  I am also not aware of any bug related to using WPAD and other proxy ports.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to bryans2k
    You can use the UTM itself to distribute PAC/WPAD configurations, if that helps you any.  I am also not aware of any bug related to using WPAD and other proxy ports.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent
    Yes, you just can't use port 80 which means the DNS method of WPAD distribution can't be used. So you either have to create your own web server or try the dnat rule or manually configure it.

    If you can create a dnat rule for port 80 then why not just allow the use of port 80 as well?

    The logic confuses me...
Cookie Information Banner