I recently deployed a Sophos XG with version 19, i want this Sophos to act as direct proxy and behind the internet gateway, below are the interface i configured in
the FW, user computer are in subnet 192.168.111.0/24, user computer will be configure proxy 192.168.111.242 with port 8080, and in the LAN there is a linux hosted a
pac file with IP address is 172.16.16.17 for HTTP Proxy used on IOS devices, the IOS devices will be using HTTP proxy URL "">192.168.111.242/proxy.pac" and
after i created below DNAT, and tested with proxy enabled computer with accessing google site, however in log viewer i never see logs coming from the computer
that has proxy enabled, i only seeing the traffic logs from 172.16.16.17 from portA to port B to access external (see bottom screenshot highlighted in red), but its work
for 192.168.111.242 DNAT to 172.16.16.17 with HTTP (see bottom screenshot highlighted in blue), please help to check any configuration error in below ? any help
would be appreicated
Port A: 172.16.16.16 (LAN)
Port B: 192.168.111.242 (WAN)
static routes:
172.16.0.0 / 255.255.0.0 - interface B
192.168.0.0 / 255.255.0.0 - interface B
Firewall rules:
DNAT from port B to port A with port 8080
another DNAT to allow HTTP & HTTPS - since iphone need to redirect from linux that hosted the pac file 172.16.16.17 will be translated to "192.168.111.242/proxy.pac"
Firewall Rule
NAT rules
Log viewer:
please find below high level diagram, i was using a client computer 192.168.111.3 with proxy confgured in browser and try accessing to google but not accessable, and checked in log viewer, only see log from source 172.16.16.17 only, and to confirm 172.16.16.17 only acting the pac file for mobile user only, there is no other function running on it, just to confirm how the client computer can access internet via the proxy setting, is there any misconfiguration on the routing ? thanks a lots for your help on this
Quote