Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 2362 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy Routes and Web Proxy

Nico Klinger

Hello folks,

I need some help figuring something out. Is it correct that the web-proxy only uses multipath routes and not policy routes?

We have multiple WAN interfaces and all our clients use the web-proxy of our UTM firewall. In order to use some external web services, our requests need to be send from a specific WAN interface. I added policy routes to route the traffic but it the web-proxy is not using this route. If I use multipath routing instead, it works.

Is that behavior correct? The only thing I could find is rule 2.1 from the Rulz  Rulz

Kind regards,

Nico



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, Please refer the following useful KBAs:
    > Sophos UTM: Uplink Balancing and Multipath rules.
    > Multipath Rules.
    Change the outgoing interface for web filtering.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hello ,

    thank you for your answer. Unfortunately your first two answers don't answer my question because it's just information about multipath routes. The only reference regarding proxies is a note which states that connections by source are not possible with proxies except for web-proxies. But my question is, if the web-proxy routes traffic by policy routes or only by multipath routes.

    The third link was actually helpful because I didn't know that the option for optional outgoing interface had to be enabled first. However it is not possible to define web-filter profiles based on destination. This however is necessary for our configuration. In general we want to divide the traffic among all WAN interfaces. Only for specific services where the request has to come from a certain ip address should be routed separately.

    It might be possible to divide our 1000+ users into groups based on these services but that wouldn't change the fact, that the majority of the traffic that they generate should not be bound to a wan interface. It would also be possible to configure proxy exceptions on all hosts for all users, so the traffic would not use the proxy and it would be possible to route the traffic with policy routes.

    However my problem is not that I have to create multipath routes for certain destinations which are accessed by the clients via the web proxy. My problem is that I couldn't find a KBA where routing for the web-proxy is defined. Without that I'm not sure if we have an underlying configuration problem with our UTM firewall.

    Kind regards,

    Nico

Reply
  • 0 in reply to Vivek Jagad

    Hello ,

    thank you for your answer. Unfortunately your first two answers don't answer my question because it's just information about multipath routes. The only reference regarding proxies is a note which states that connections by source are not possible with proxies except for web-proxies. But my question is, if the web-proxy routes traffic by policy routes or only by multipath routes.

    The third link was actually helpful because I didn't know that the option for optional outgoing interface had to be enabled first. However it is not possible to define web-filter profiles based on destination. This however is necessary for our configuration. In general we want to divide the traffic among all WAN interfaces. Only for specific services where the request has to come from a certain ip address should be routed separately.

    It might be possible to divide our 1000+ users into groups based on these services but that wouldn't change the fact, that the majority of the traffic that they generate should not be bound to a wan interface. It would also be possible to configure proxy exceptions on all hosts for all users, so the traffic would not use the proxy and it would be possible to route the traffic with policy routes.

    However my problem is not that I have to create multipath routes for certain destinations which are accessed by the clients via the web proxy. My problem is that I couldn't find a KBA where routing for the web-proxy is defined. Without that I'm not sure if we have an underlying configuration problem with our UTM firewall.

    Kind regards,

    Nico

Children
Unfiltered HTML