Standard Proxy -> Transp. Proxy

Hallo zusammen,

ich habe eine Frage, zu welcher ich bisher nirgendwo wirklich was zu gefunden habe...

Läuft der Standard Proxy (Port 8080) völlig unabhängig vom transparenten Proxy?

Sprich wenn meine Clients keinen Standard Proxy mehr über 8080 konfiguriert haben (der transp. Proxy fängt also HTTP/HTTPS ab), kann ich dann den 8080 Port ohne Probleme auf etwas anderes ändern (komplett deaktivieren wird ja leider nicht gehen)?
Hat es eine Auswirkung auf den transp. Proxy wenn ich die Allowed Target Services alles entferne?




Vielen Dank im Voraus!

Parents
  • Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    The settings don't affect the Transparent Proxy.  Note that if a client DOES select to use a Proxy server, the Transparent Proxy will respond as if it were in Standard Mode.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Proxy Port changed -> still working with Transp. Thumbsup
    Proxy Target Services removed -> no surfing with transp. Proxy possible Thinking

  • The "Proxy Target Services" are for Transparent mode too.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Dirk, I'm fairly certain that the 'Allowed Target Services' only apply if the request arrives at the UTM on the designated 'Web Filtering port' and that would not occur in Transparent mode.  In Transparent, the IP associated with the request is not the IP of the UTM, but the public IP of the FQDN in the URL.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Dirk, I'm fairly certain that the 'Allowed Target Services' only apply if the request arrives at the UTM on the designated 'Web Filtering port' and that would not occur in Transparent mode.  In Transparent, the IP associated with the request is not the IP of the UTM, but the public IP of the FQDN in the URL.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    'Allowed Target Services' ...for standard-mode only...

    Possible, but wherefrom the transparent proxy should know which ports to capture ...
    There are different https ports 443,8443,11443,... I added this to the list some time ago... and it seemed to work.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hallo Dirk,

    I just did an experiment to confirm what I've read.  A Web Filtering Profile in Transparent mode will act like one in Standard mode if the browser explicitly sends traffic to the Proxy.  If you do the following and see anything, you have configured your browser to explicitly use the web proxy:

         grep '11443\:' /var/log/http.log

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA