This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use another firewall for Web Filter


We have an SG210 running 9.711-5.

We have been acquired by another company and are beginning to migrate roles from the UTM to their own firewalls.

We have connected the new firewall to an interface on the UTM and created a Gateway Route to that interface, so that we can route data to HQs subnets.  This works fine for all of our requirements thus far.

However, we now want to send our web browsing traffic via their firewalls, so it is intercepted by their web filter.  We use Web Filtering on the UTM in Standard Mode, AD Groups, HTTPS Decrypt and Scan.  We have a Group Policy that sets the Proxy Server to the UTM via Reg Key.  The UTM intercepts the traffic on port 8080.

I have tried a couple of things to try and route web traffic to the new firewall:

> Change the proxy server address in the local machine proxy settings to that of the new interface
> Change the gateway on a local machine to the new interface
> Created an interface route with a local machine as the Source Network, Any Protocol, Any Destination Network, Target Interface as the new firewall.

None of these methods work, I'm not sure what to try next!  Any suggestions appreciated.

Should I be able to see traffic flow in any of the available logs for these scenarios, as I can't see it in the FW live log.

Many thanks

This thread was automatically locked due to age.
  • I'm not sure I "see" your topology, but my first thought was to disable Web Filtering in the UTM and create a policy route for the Web ports to send that traffic to their proxy.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA