Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 24 replies
  • Subscribers 44 subscribers
  • Views 36492 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use Transparent Proxy or Non-Transparent Proxy?

Dwayne Parker

What do you recommend?

Using Transparent or Non-Transparent Proxy mode?

 

Thanks in advance:

 

 

Dwayne Parker



This thread was automatically locked due to age.
Parents
  • 0

    manbearpig said:


    There is a difference between standard and transparent proxy in the "DNS handling" of the clients.Standard proxy = your client can only resolve the internet in the HTTP connect phase via proxy port. Transparent proxy = your client tries to resolve the target server via DNS port 53.


    Some of those Scenarios you describe can be solved also in transparent Proxy. There is a Flag called Pharming Protection to be found in Protect > Web > General Settings > Protection > Advanced Settings > Enable Pharming Protection.

    Big_Buck said:


    for example, From: LAN, 192.168.1.0/24, HTTP, HTTPS, FTP --- to --- WAN, ANY, HTTP, HTTPS, FTP --- port forward to --- 192.168.1.2.

    Where 192.168.1.2 is the arbitrary address of a WEB gateway.  And 192.168.1.0/24 being the internal network.  8 (eight) hours of Sophos professionnal service have proven unable to setup something as basic as that.  Easily done on $100 chinese firewalls.

    It could be possible in command line maybe ...



    Shouldn't this scenario be possible to solve with Policy Routing? The only limitation would be, that the Proxy-IP must be somewhere out of the 192.168.1.0/24 Range.



    Please send me Spam gueselkuebel@sg-utm.also-solutions.ch

  • 0 in reply to HuberChristian

    The use of "conditional" in your sentence is judicious. Policy routing should work.  But it does not. I was trying to figure this out for months.  With Sophos support senior engineers in Boston.  If you noticed I have written Senior EngineerS.  Meaning many.  They had contradictory opinion on this.  So we set up things only to destoy it and try something else the week after.  The only benefit here was to show me options I would have never otherwise tested.  But again, that's because this XG firewall is in infancy and is growing weird.  Why can't we simply do port forwarding on that "god dam" device like we can do on $100 "Home Office" Chinese router ??? PFSense ? and all other firewalls I can imagine of ? I have never tested a firewall that cannot do it easily before.

Reply
  • 0 in reply to HuberChristian

    The use of "conditional" in your sentence is judicious. Policy routing should work.  But it does not. I was trying to figure this out for months.  With Sophos support senior engineers in Boston.  If you noticed I have written Senior EngineerS.  Meaning many.  They had contradictory opinion on this.  So we set up things only to destoy it and try something else the week after.  The only benefit here was to show me options I would have never otherwise tested.  But again, that's because this XG firewall is in infancy and is growing weird.  Why can't we simply do port forwarding on that "god dam" device like we can do on $100 "Home Office" Chinese router ??? PFSense ? and all other firewalls I can imagine of ? I have never tested a firewall that cannot do it easily before.

Children
No Data
Unfiltered HTML