Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 5675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disabling Internet Options Proxy Server through interface additional addresses

jassfer

Hi,

Previous IT setup the sophos (SDG135) to use LAN Proxy server in there workstation/devices when connected.

He setup an interface additional address on Internal Network using 192.168.1.251.

Now all connected devices must put this IP in their Internet Option Proxy Server so they can connect to the internet. 

We want to know how to disable this so that they can connect directly to internet by just assigning them IP (No DHCP server, using static IP on all workstations).

We tried to disable/delete the additional address he created. using tracert, the 192.168.1.1 become unreachable. Maybe there some sort of cache I need to clear first.

DNS resolution is working properly. apps and browser can't connect to internet.

 

Thanks,



This thread was automatically locked due to age.
  • 0

    Simplest solution is to disable web filtering and add a firewall rule to allow "Web surfing".

    However, the best solution would be to adjust your webfiltering and have it ie. use transparent proxy; it will then intercept all traffic on the usual internet ports without clients having configure any proxy config while still benefiting from web filtering.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0

    What do you want to disable?  What is the problem people are having?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    In an Active Directory environment, the normal way to configure browser settings, including proxy settings, is to use Group Policy, specifically Group Policy Preferences.   

    There are two ways to configure standard proxy:

    • With an explicit proxy server address and port and an explicit list of exceptions
    • With a proxy script, where the browser is configured with a pointer to a website that downloads the script.   The script returns a result to either use a specific proxy server or go direct.  The script allows you to use regular expressions, which provides more flexible exception logic.  UTM can be the source of the proxy script, but it can also be deployed elsewhere.

    If the problem is that you need to configure an exception, this can be configured in the GPO and pushed out to your existing clients.

    If the problem is that you want to point to a different web address, this can also be implemented by modifying the Group Policy Object (GPO).

    For the long run, I think you will be happier with a proxy script, as it is easier to implement exceptions in the future.

     

    I strongly advise against operating with web filtering disabled.   It is one of the best defenses for your network -- I would be hard pressed to say whether spam filtering or web filtering is more important.   I also recommend running with both proxy modes enabled, because they partition the traffic and together they are able to protect all of the traffic.   I have posted quite a bit about my experience elsewhere in this forum.  There is a learning curve, but the learning is worth the effort.

Unfiltered HTML