This article describes the steps to configure the Sophos XG Firewall as an HTTP proxy server without changing the existing network. In this scenario the XG Firewall is not inline and actively filtering connections, instead it is running parallel to other network devices who will direct web traffic to it for filtering and scanning.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
Configure the XG Firewall in Gateway Mode according to the network diagram below.
Configure a static route on the Sophos XG Firewall, so that all Internet traffic from the LAN is routed through the primary firewall. If the proxy is in-line you do not have to complete this step.
To configure the static route, go to Routing > Static routing and click Add in IPv4 unicast route.
Use the following parameters:
Create a LAN to Any firewall rule. Go to Rules and policies and click Add firewall rule > New firewall rule as shown below:
Should you wish to use non-standard ports in web traffic you will have to add those ports under Web > General settings > Allowed Destination Ports and also add those ports to the firewall rule provided above.
Set the browser's proxy to the Sophos Firewall's dummy WAN IP Address and the proxy port to 3128. For details on how to change proxy settings of your web browser, please refer to the documentation of your browser.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.