Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions Use Transparent Proxy or Non-Transparent Proxy?

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 24 replies
Subscribers 44 subscribers
Views 36477 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use Transparent Proxy or Non-Transparent Proxy?

Dwayne Parker over 6 years ago

What do you recommend?

Using Transparent or Non-Transparent Proxy mode?

Thanks in advance:

Dwayne Parker

This thread was automatically locked due to age.

Parents

0 Dwayne Parker over 6 years ago

Somewhere I read that through transparent Proxy it is possible that not all Content is scanned, and the LAN is better isolated from WAN when using non-transparent, is that correct?

Regards

_______________________________________________

Sophos XG User
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 6 years ago in reply to Dwayne Parker

There is a difference between standard and transparent proxy in the "DNS handling" of the clients.Standard proxy = your client can only resolve the internet in the HTTP connect phase via proxy port. Transparent proxy = your client tries to resolve the target server via DNS port 53.

Some of the attacks are DNS based. If you are blocking DNS port 53 from the clients and only use 3128 for proxy, the client (hacker/software) is not able to do a lookup on DNS base. Most of the software nowadays is trying to resolve there C&C server via DNS port 53. If this is blocked, they give up.

I know, quite insecure comment, but can give you a small "advantage" against the bot software.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 6 years ago in reply to Dwayne Parker

There is a difference between standard and transparent proxy in the "DNS handling" of the clients.Standard proxy = your client can only resolve the internet in the HTTP connect phase via proxy port. Transparent proxy = your client tries to resolve the target server via DNS port 53.

Some of the attacks are DNS based. If you are blocking DNS port 53 from the clients and only use 3128 for proxy, the client (hacker/software) is not able to do a lookup on DNS base. Most of the software nowadays is trying to resolve there C&C server via DNS port 53. If this is blocked, they give up.

I know, quite insecure comment, but can give you a small "advantage" against the bot software.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data