Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 7059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter Source IP

NTWPatron
Hi all,

Does anyone know if its possible to have different source IP's for web filtering based on origin IP/Network. I thought that it may be possible by having different SNAT rules but it looks like when web filtering is enabled it doesn't honour the settings in the SNAT. Turning off the Web Filter makes it all work perfectly.

The reason I am after this is we would like to filter all web traffic but send certain network traffic out on different IP's which will mean it is routed differently further down the line.

Thanks in advance.


This thread was automatically locked due to age.
  • 0
    You can't use SNAT, but you can use Uplink Balancing.  Instead of adding the IP as an Additional Address on the existing interface, create a new interface with it and put a switch between your external interfaces and your ISP's modem.  Add Multipath rules and you're cookin' with gas!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    As of 03 June 2017, this is now possible! See How to change the outgoing interface for Web Filtering.

    Rather than use the suggested method of enabling this capability, do the following as root:

    cc set http enable_out_interface 1

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sorry to dig up an old thread, but stumbled upon this and wondering if there is a similar command to change the interface for the SMTP proxy as well? Currently I use a SNAT rule, just curious if the same functionality is built in for the other proxies?

  • 0 in reply to Aaron Becker

    No there isn't, Aaron.  What are you wanting to accomplish?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML