Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 6671 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Proxy through different Gateway

jreverman
We have two WAN links. A bonded T1 (default Gateway) and a FIOS line.

Currently, as I understand it, web proxy traffic travels through the default gateway.

Is there a way to route proxy traffic through the FIOS line instead? We would like to keep our bonded T1 as the default gateway.

Policy routes for HTTP/S traffic seem to simply bypass the proxy rules and authentication and go straight out the FIOS interface.

Thanks!


This thread was automatically locked due to age.
  • 0
    Active Directory SSO mode. 

    Currently the Multipath rule for the Http Proxy is Internal Network -> Websurfing -> FIOS

    In fact, I don't think that that traffic selector is effective as I just explained.  I think you need the traffic selector I mentioned in the first sentence of Post #7.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Ok I understand what you are saying. So the traffic selector configured in Multipath trumps my DNAT configurations I have setup for my webserver IP addresses.

    If only mutipath rules weren't restricted to the Main Interface [:)]

    So I am guessing there is no solution for my dilemma?
  • 0
    The traffic selector with "DMZ (Network)" as the source works with your DNAT; it doesn't trump it.  The solution is, I think, to just use a traffic selector that only captures the Web Surfing requests issued by the Proxy, and that's done using the one in Post 7.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    First, I really appreciate your time. I feel I am close but the DMZ webserver still isnt working.

    my two Multipath rules are:

    1 DMZ [by Interface] DMZ (Network)Webserver  → Any → Any  →External Main (T1)

    and

     2 HTTP/S Proxy External Main (Address)(T1) →HTTP & HTTPS →Any  →FIOS External  (I believe this is the setup from Post #7)


    What am I missing?

    Thanks again.
  • 0
    1 DMZ [by Interface] DMZ (Network)Webserver → Any → Any →External Main (T1)

    and

    2 HTTP/S Proxy External Main (Address)(T1) →HTTP & HTTPS →Any →FIOS External

    Since your HTTP Proxy is running in a non-transparent mode (AD-SSO), you don't need the first rule.  All you need is a rule that handles the Proxy traffic without intercepting the traffic from the internet with your webserver.





    That should be all you need!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Just wanted to update and say your solution fixed the issue. Everything is working perfectly.

    Thank you for all your help!!
  • 0
    Thanks for the confirmation that the post was clear and correct!

    Cheers- Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA