Hi,
I've noticed a strange thing today. First our setup:
ASG 7.405 with lots of VLANs and transparent HTTP proxy.
In our place we have many different companies accessing internet behind our ASG. I've configured every company on different LANs using VLANS.
Now i've discovered that every company that uses our http-proxy can access any of the other VLANs printers (webinterface) on the different VLANS, even though i've setup rules like this:
LAN2 > service: any > LAN1- drop/reject
Example:
LAN1: 192.168.2.x
LAN2: 192.168.10.x
LAN1 printer: 192.168.2.114
Users on LAN2: can browse to http://192.168.2.*** and access the webinterface of the printer. This shouldn't be working since i have PF-rules denying access. Somehow the proxy seem to override these rules
But, if i remove the company's LAN from the proxy, and add HTTP as a packetfilter rule, then they can't access our printers webinterface.
So, what's the deal here? Why is the proxy overriding these rules making it insecure?
Any ideas?
Thank you
This thread was automatically locked due to age.
