I have been testing the HTTP Proxy filtering in transparent mode (http only/no https yet) in our corporate office for a while now and am ready to move this out to our remote sites.
At each our remote sites, I have an ASG with 4 internal VLAN's defined. These ASG's have an IPSEC tunnel established between the Central office and themselves but without any current real usage over the tunnel yet. I wish to force only one of the four VLAN's at the remote office to get to the internet through the IPSEC tunnel as opposed to exiting to the internet via the local public internet interface at the location. I wish for ALL internet bound traffic on this VLAN to come through the IPSEC tunnel.
My questions are:
- How do I set the VLAN I wish to redirect through the tunnel up at the remote location? It is best to setup a static route or a policy route?
- Once I have all traffic on this VLAN setup to redirect through the central VLAN, is there any special setup consideration I need to be aware of on the http proxy setup other then allowing the network segment to use the http proxy?
- When I get to the point where I will need to deploy a proxy PAC file, how will I direct the remote Astaro to tell web browser clients on the remote network to use the PAC file hosted on the Central office Astaro?
Is this setup on a HOWTO doc in the Knowledge base?
This thread was automatically locked due to age.
