Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 494 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Categorization Database Access Problem

Lioness
Hi,

I need help for a particolar configuration about Web Security.

I have on Internal DMZ Pubblic IP addresses and on External DMZ Private IP addresses and the default gateway is a router on External DMZ. I configurated Web Security in Trasparent Mode, with Full Trasparent option enabled. In this configuration the ASG try to connect to categorization database with the own private IP address and the connection failed, so it's not able to categorize any web URL.

Can I change the IP address that the ASG use to connect to internet and force the ASG to use the Internal DMZ Pubblic IP?

Thanks for your answers,
Ste


This thread was automatically locked due to age.
Parents
  • 0
    Hmmm, well maybe a NAT rule would work...

    External DMZ (Address) -> HTTP -> Internet : SNAT from Internal DMZ (Address)


    Since you're running in "Full transparent" mode, I don't think that will capture the traffic going through the Proxy, but you might need to use host definitions with the IPs of "Internal/External DMZ (Address)" instead of the interface address objects themselves.

    I'll be interested to know what you wind up doing.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hmmm, well maybe a NAT rule would work...

    External DMZ (Address) -> HTTP -> Internet : SNAT from Internal DMZ (Address)


    Since you're running in "Full transparent" mode, I don't think that will capture the traffic going through the Proxy, but you might need to use host definitions with the IPs of "Internal/External DMZ (Address)" instead of the interface address objects themselves.

    I'll be interested to know what you wind up doing.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data