Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 2395 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Parent proxy configuration doesn't work

l0rdraiden

Hello, I am following this guide

https://community.sophos.com/kb/en-us/123260

I configure the routing with the IP and port of the proxy

The LAN-LAN rule is not needed because both IP's are in the same network, and I already have a LAN-WAN rule

The proxy (transparent) only receives comunications from URL's contacted by sophos XG directly but from anything else in the network.

In the asset where I am testing web filtering I dont have it enable for sophos proxy

 

If I configure the proxy and port in my browser it just works, so for some reason Sophos XG v18 is not routing the traffic correctly. Any idea why?

As far as I understand I wouldn't need to create any firewall or NAT rule.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    you do not appear to be using a username and password for the parent proxy as indicated in the KBA?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I'm not using one in the proxy, in XG is not mandatory and if I configure the browser with the IP and port of the proxy it works (I see the traffic in the proxy) without using username and password.

    Anyway the KBA contradicts the interface, which says that you have to configure the proxy in the fw rule. I have tried enabling the proxy and the dpi proxy in the fw rule and it doesn't work either.

    If I don't put any proxy in the rule the browsing doesnt even work and I don't see any traffic in the "parent" proxy, when I use any of the 2 sophos proxies (DPI or OLD) it works because it is using sopshos proxy.

  • 0 in reply to l0rdraiden

    Hi,

    I am not sure what you mean with this

    "The proxy (transparent) only receives comunications from URL's contacted by sophos XG directly but from anything else in the network."

    I think you might have left something out?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I mean that I only see SophosXG traffic, but I don't see traffic from anything else in the network.

  • +1 in reply to l0rdraiden

    In order to work it requires a LAN LAN with masquerading NAT rule here is better explained than in the official KBA, in fact the KBA in wrong because it doesnt mention the use of masquerading in LAN LAN

    community.sophos.com/.../129542

     

    Anway I don't understand why it needs Masq in a LAN LAN rule or what it does exactly

  • 0 in reply to l0rdraiden

    Good catch. Did you submit an update for the original KBA?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to l0rdraiden

    BTW you have to select the proxy in the rule to make it work, this doesn't appear either in the KBA but Sophos Web ui gives you a hint as I posted in one of the pics above

Reply Children
No Data
Unfiltered HTML