Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 3 subscribers
  • Views 11715 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos proxy internet access / firewall rules

Sally

Hello,

i have a question regarding Sophos proxy internet access / firewall rules,

I have on eth2 my VPN Router in a DMZ. The Router connects via OpenVPN Client to the Internet.

Eth2 DMZ Config

10.0.0.1 / 24

Default GW: 10.0.0.3 (OpenVPN Router)

Multipath Rule:

Internal Network – Any – Internet IPv4 – By Interface – DMZ VPN

When I access the Internet from my LAN Devices I can browse Internet over the OpenVPN Router in the DMZ, this works fine. But my questions are:

  1. In the Firewall Rule is the Standard Web Surfing Group with the Services:

http 80, https 443, http proxy 8080, http web cache 3128 included.  Under allowed services is also http, https and http proxy included.

Means this now, that when a LAN Client access a Website, the client directly accesses the website while in the allowed target services http, https, and http proxy 8080 are defined? Should it for security reasons not be that the client asks the Proxy, and the Proxy connects to the Website? 

  1. I saw under Network Protection – Advanced the possibility to activate an Generic Proxy, in which scenario would this be useful?

 

Thanks a lot!

Best Regards

Sally



This thread was automatically locked due to age.
  • 0 in reply to Sally

    Please refer to Configuring HTTP/S proxy access with AD SSO.  Although the article is aimed at Standard mode, 98% of it applies to Transparent mode, too.

    It sounds like you're on the right track.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi,

     

    thanks, for my home environment an Windows Server is a bit too much :) Is there a other home friendly solution possible?

     

    Regarding the Youtube Exception above, I added yet the following to the List, to get Youtube on Mobile App working:

     

    Skipping: Block by download size / Antivirus / Sandstorm / Do not display download/scan progress page

     

    www.youtube.com

    i.ytimg.com

    googlevideo.com

    r3---sn-cvh76nez.googlevideo.com

    android.clients.google.com

    ssl.google-analytics.com

    safebrowsing.googleapis.com

    spoc-pool-gtm.norton.com

    reports.crashlytics.com

    yt3.ggpht.com

    connectivitycheck.gstatic.com

     

    Best Regards

    Sally

Unfiltered HTML