Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 24 replies
  • Subscribers 44 subscribers
  • Views 36483 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use Transparent Proxy or Non-Transparent Proxy?

Dwayne Parker

What do you recommend?

Using Transparent or Non-Transparent Proxy mode?

 

Thanks in advance:

 

 

Dwayne Parker



This thread was automatically locked due to age.
Parents
  • 0

    Technically, it is easy on other firewalls. BUT.  Transparent proxy on XG is impossible.  It just cannot be done.   I assume you can do it with Sophos WEB gateway and a firewall from another supplier.  Or maybe from Sophos' own UTM.  But do not waste 6 months trying to figure out on XG.  It is not gonna work.  Just cannot do a rule of the type :

    From this Zone, this LAN, these Services --- to --- this Zone, this LAN/WAN, these Services --- port forward to --- this IP Address, these Services.

    Port forward optional, depending on the WEB Gateway. 

    for example, From: LAN, 192.168.1.0/24, HTTP, HTTPS, FTP --- to --- WAN, ANY, HTTP, HTTPS, FTP --- port forward to --- 192.168.1.2.

    Where 192.168.1.2 is the arbitrary address of a WEB gateway.  And 192.168.1.0/24 being the internal network.  8 (eight) hours of Sophos professionnal service have proven unable to setup something as basic as that.  Easily done on $100 chinese firewalls.

    It could be possible in command line maybe ...

  • 0 in reply to Big_Buck

    Transparent proxy outgoing is easy and I think the is what the original post was about?

     

    XG115W - v20.0.3 MR-3 - Home

    XGS118 waiting for licence to arrive - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I'm not quite sure if it is the same with XG, but on UTM the transparent mode only covers two ports (if activated), http and https.
    Every connection to something like 8443, 8080 runs completely unproxied in transparent mode. Only in standard mode you can (and have to) define, which ports are protected.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • 0 in reply to rfcat_vk

    Yes, you're right, thats what I meant.

     

    One more thing, how to configure XG to use only non-transparent mode? I can't find it anywhere in the handbook.

    Is XG configured to use both as standart?

     

    Regards

    _______________________________________________

    Sophos XG User

  • 0 in reply to kerobra_retired

    Hi,

    if you want the UTM to use more ports in transparent mode you add them the allowed ports.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XGS118 waiting for licence to arrive - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
  • 0 in reply to rfcat_vk

    Take a look at the online help of the UTM. The services you define will only be covered in the standard mode.

    In transparent mode it only intercepts port 80 connections and - if „Do not proxy HTTPS traffic in transparent mode“ is unchecked on the HTTPS tab -  port 443 connections, too.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • 0 in reply to kerobra_retired

    "Take a look at the online help of the UTM. The services you define will only be covered in the standard mode.

    In transparent mode it only intercepts port 80 connections and - if „Do not proxy HTTPS traffic in transparent mode“ is unchecked on the HTTPS tab -  port 443 connections, too."

    You are correct.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XGS118 waiting for licence to arrive - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML