Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 11951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WS500 explicit to transparent

NikHall

Hi folks,

I am pondering going to transparent mode for my deployment despite the fact that explicit works so well.  The problem I have is guest internet use on site and an ever increasing population of iPhones/iPads/Android devices etc.  With the non PC devices its getting harder and harder to manager auto configuration of internet access.

We are only an SME and the router/firewall we have (draytek 2820) doesnt support forwarding port 80 traffic internally.

Does anyone have any thoughts on deployment; although I feel transparent is most appealing at the moment.

Plus some reccomendations on a suitable router/firewall for transparent mode would be brilliant.

Hope you can all offer some assitance.

Thanks,

 Nik

:24787


This thread was automatically locked due to age.
Parents
  • 0

    Hi Nik,

    It sounds like transparent would be a good bet if you want to make sure these devices are filtered.  Nowadays there aren't that many drawbacks to Transparent mode.  The main considerations are:

    - Individual user opt-out is harder to configure if you want to completely bypass the proxy.  This would need to be done on the router

    - Individual website opt-out is harder to configure if you want to completely bypass the proxy.  This would need to be done on the router

    - You can't use "Authenticate all requests" so some caching of Authentication is done.  This shouldn't be a concern unless you are using computers with multiple logged on users such as Citrix/Terminal servers

    - It may not be possible to configure load-balancing or failover unless you have a seperate load balancing solution (like wccp).

    I'm sure others will be able to help suggest which Routers' they use.  When choosing you might want to take the above into account .

    If your appliance has a bridge card you could also think about bridged mode.  This operates much the same as transparent but you wouldn't need to configure the Router.

    Thanks,

    Tom.

    :24805
Reply
  • 0

    Hi Nik,

    It sounds like transparent would be a good bet if you want to make sure these devices are filtered.  Nowadays there aren't that many drawbacks to Transparent mode.  The main considerations are:

    - Individual user opt-out is harder to configure if you want to completely bypass the proxy.  This would need to be done on the router

    - Individual website opt-out is harder to configure if you want to completely bypass the proxy.  This would need to be done on the router

    - You can't use "Authenticate all requests" so some caching of Authentication is done.  This shouldn't be a concern unless you are using computers with multiple logged on users such as Citrix/Terminal servers

    - It may not be possible to configure load-balancing or failover unless you have a seperate load balancing solution (like wccp).

    I'm sure others will be able to help suggest which Routers' they use.  When choosing you might want to take the above into account .

    If your appliance has a bridge card you could also think about bridged mode.  This operates much the same as transparent but you wouldn't need to configure the Router.

    Thanks,

    Tom.

    :24805
Children
No Data