Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 1939 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Technical details why proxy superseeds firewall

scorpionking
Hi all!

Can anyone tell me the technical details, why the web proxy comes before firewall rules?
We currently have a problem with the proxy (standard mode) allowing connections to all of our secured networks (servers, customer systems) which means a huge security risk.
I know of the possibility to block these connections with blacklists but that would mean that we have to maintain a list of more than 500 networks and servers (each with DNS name, host name and IP address). That's not feasible.

Or ist there any other more reasonable solution?

Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    Not necessarily the whole picture:
    iptables-save | grep TPROXY



    Are cc/confd-client.plx and the command line more feasible/reasonable in your environment?
  • 0 in reply to teched_01
    Thanks Bob.

    Are cc/confd-client.plx and the command line more feasible/reasonable in your environment?

    Yes, but that would void support... [;)]

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0 in reply to teched_01
    Thanks Bob.

    Are cc/confd-client.plx and the command line more feasible/reasonable in your environment?

    Yes, but that would void support... [;)]

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
No Data
Cookie Information Banner