Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2001 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration from Standard to Transparent Proxy

IngoPohlschneider
Hello
we want to migrate from standard to transparent proxy.

The standard proxy is set via Group-policies, PAC or manually, so we need a transfer strategy, since it is impossible to ensure that all client try to access the web w/o a proxy set.

So at best I'd like to keep the current config and add a transparent mode for clients where the proxy-config is already removed. This way I could do a soft migration

Is this possible? How?


This thread was automatically locked due to age.
  • 0
    Hi ,


    When transparent proxy is set it will catch all http traffic ( http only ).
    If you want to scan https also , then you will need to deploy the UTM certificate in all stations.
    If you deploy the proxy config with AD then you can remove with AD.

    All my best .
    Gilipeled

    Gil Peled.

    CEO- Expert2IT LTD.

    SOPHOS Platinum Partner.

    Gil@expert2it.co.Il.

  • 0
    Hello
    I'd like to catch everyhing that is currently catched (if possible) (8080, http, https, webadmin, ...basically everything that is http/s)
    If HTTPS-Cert is not installed I would have to install a firewall-rule to allow it right?

    I know that I could remove via GPO, but not all clients are set via GPO (I assume) and I need to make sure all clients can continue to work without problems.

    Best regards
  • 0
    If your clients don't trust the certificate of UTM than you will get a certificate warning on HTTPS pages. So you need to have your clients trust the UTM certificate for signing webpages.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    It's not possible to do what you've described.  What problem are you having that made you want to try this solution?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Please correct me if I am wrong but isn't the proxy catching port 8080 even if it is set to transparent mode? So if you now have clients that use the proxy on 8080 with https scanning enabled you could simply change the mode to transparent with https scanning and change the clients step by step. 
    If you are now on standard mode without https scanning you have either change to transparent without https and create a fw rule for https or deploy the cert and use transparent with https scanning.

    But all under the premise that the proxy in transparent mode catches also trafic on 8080.

    Regards
    Manfred
  • 0
    Hi ,

    As far as I know transparent proxy caches only port 80.
    So it won't work what you suggest .

    All my best.
    Gilipeled

    Gil Peled.

    CEO- Expert2IT LTD.

    SOPHOS Platinum Partner.

    Gil@expert2it.co.Il.

Cookie Information Banner