This article describes the steps to configure the Sophos XG Firewall as an HTTP proxy server without changing the existing network. In this scenario the XG Firewall is not inline and actively filtering connections, instead it is running parallel to other network devices who will direct web traffic to it for filtering and scanning.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
Configure the XG Firewall in Gateway Mode according to the network diagram below.
Configure a static route on the Sophos Firewall, so that all Internet traffic from the LAN is routed through through the Sophos Firewall. If the proxy is in-line you do not have to complete this step.
To configure the static route, go to Routing > Static Routing and click Add in IPv4 Unicast Route.
Use the following parameters:
Create a LAN to Any Firewall Rule. Go to Firewall and click +Add Firewall Rule as shown below:
Check the following options:
Should you wish to use non-standard ports in web traffic you will have to add those ports under Web > Advanced > Allowed Destination Ports and also add those ports to the firewall rule provided above.
Set the browser's proxy to the Sophos Firewall's dummy WAN IP Address and the proxy port to 3128. For details on how to change proxy settings of your web browser, please refer to the documentation of your browser.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.