Also allow the HTTPS protocol through your packet filter. We use a "Permitted-Services" service group, which is used in the rule shown below:
Source: Any Service: Permitted-Services Action: Allow (Green Arrow) Destination: Any
The HTTPS protocol, along with all other protocols that we allow, is then included in the Permitted-Services service group. This approach dramatically reduces the number of packet filter rules required.
Well this will allow HTTPS. But it won't go through the proxy. This only allows HTTPS via the packet-filter engine.
In transparent mode, you can see the redirect rule for port tcp/80 to tcp/8080 in the NAT-Table. You can't redirect https because of the nature of the protocoll. Redirect would alter the packet, and https is there to prevent altering/manipulation and reading.
[ QUOTE ] Well this will allow HTTPS. But it won't go through the proxy. This only allows HTTPS via the packet-filter engine.
[/ QUOTE ]Granted. However, it provides a functional setup where both HTTP and HTTPS work properly as far as the PC end users are concerned. As long as regular HTTP traffic gets cached by the squid proxy, significant bandwidth savings on the WAN link are still being achieved. The fact that HTTPS traffic can't and won't be cached is not really important, performance wise. HTTPS traffic represent a very small percentage of overall web traffic in most office networks.
I am trying to allow this for Windows OneCare and MediaCenter Guide updates.
I acutally just rebuilt the firewall so I will give this a try. I will only allow HTTPS from two different IP's so I do not think there is much of a security risk there. Just need these two things to work. Everything else on the FW is petrfect....
I tried the above suggestions but still no luck. I know this is just stupid that I can't figure this out. I am coming from IPCop and it never had this problem. THings just worked....
So - my OneCare and My MCPC guide will not download. It is really frustrating! Everything else works just fine and I really want to run Astaro - but I have to make it work.
I appreciate the help - what else can I try? I am about my wits end!
I tried the above suggestions but still no luck. I know this is just stupid that I can't figure this out. I am coming from IPCop and it never had this problem. THings just worked....
So - my OneCare and My MCPC guide will not download. It is really frustrating! Everything else works just fine and I really want to run Astaro - but I have to make it work.
I appreciate the help - what else can I try? I am about my wits end!
