This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.1 Disables port 80 use for HTTP Proxy

FYI...

You won't be able to use port 80 for the HTTP proxy if you had previously. I was using this as an alternative to having a dedicated web server distribute our WPAD file since we use DNS for WPAD on our static IP devices. I was caught off guard since this was possible on v8 until 9.1 so I figured I'd post it in case anyone else was unaware.

Bryan

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

Bryan, you're right, the DNAT could be done without the additional address. The reason it makes a difference is because of what I call Rule #2:
In general, a packet arriving at an interface is handled only by one of the following, in order:
DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.

That is, the DNAT changes the port before the proxy gets a look at the packet.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

Bryan, you're right, the DNAT could be done without the additional address. The reason it makes a difference is because of what I call Rule #2:
In general, a packet arriving at an interface is handled only by one of the following, in order:
DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.

That is, the DNAT changes the port before the proxy gets a look at the packet.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data