This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent-Proxy

Hi,
I have a question about the astaro transparent proxy. In my configuration I have an internal network and a dmz network. On both the HTTP Proxy is active and works fine. From the Internal I can reach an other network over a VPN-Tunnel.
On the Packet-Filter I have some rules, which block all services from the dmz to the internal and VPN Network.
If one of my pc from the dmz-network surf an ip address on the Internal or VPN Network over port 80, I can establish a connection to the web serverr on these sites.
On Transparent Skip list, there is no object configured.
My Astaro run 8.001
Is that normal?

This thread was automatically locked due to age.

0 BAlfson over 15 years ago
On the Packet-Filter I have some rules, which block all services from the dmz to the internal and VPN Network.

Firewalls block all traffic by default, so you should not need a block rule unless you have an allow rule.

It's difficult to lock down the DMZ if you allow it to use the proxy. The best you can do is create a Proxy Profile for the DMZ and open up just the sites needed by the devices in the DMZ.

If that's not possible, then the easiest thing to do is not allow the DMZ devices to use the Astaro DNS and (assuming the internal LAN is 192.168.1.x) add the following to the always block section in URL Filtering:
http://192.168.1

This will block access only for the DMZ as the accesses inside the LAN won't pass via the Proxy.

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Maverick487 over 15 years ago

Thanks for your replay, so i try to block the internal sites in the profile-properties because in the DMZ there are our internet-terminals
Cancel
Vote Up 0 Vote Down

Cancel