Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STEPS TO MAKE XG PROXY IN TRANSPARENT MODE WHEN IT IS NOT THE GATEWAY

Hi all,

 

please assist as i need the steps to configure XG on transparent mode when it is not the gateway but connected to another firewall.

 

I tried following the steps in https://community.sophos.com/kb/en-us/125585 but it just ensured i created a firewall rule for port 3128 and i applied a deny all web policy to only allow traffic through the port 3128 on the XG, but no success yet. Please kindly advice.

 



This thread was automatically locked due to age.
Parents
  • If you are using port 3128 you are doing a Direct/standard/explicit proxy. The clients must be configured (which can be done automatically) to use the proxy.

    If you are using port 80/443 you are using transparent mode. Your overall network structure must be set up so that 80/443 traffic. Normally this is done by having all traffic flow transparently through the XG. The XG does not need to be at the edge, it just needs to be somewhere in the traffic flow between the client and the internet.

    You may also be able to configure your routers to send 80/443 traffic through the XG transparently while other traffic flows though another device. See Cisco WCCP for example.

Reply
  • If you are using port 3128 you are doing a Direct/standard/explicit proxy. The clients must be configured (which can be done automatically) to use the proxy.

    If you are using port 80/443 you are using transparent mode. Your overall network structure must be set up so that 80/443 traffic. Normally this is done by having all traffic flow transparently through the XG. The XG does not need to be at the edge, it just needs to be somewhere in the traffic flow between the client and the internet.

    You may also be able to configure your routers to send 80/443 traffic through the XG transparently while other traffic flows though another device. See Cisco WCCP for example.

Children
No Data