This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Standard & Transparent proxy for fixed pc's and laptops

Like most organisations, we have fixed pc's and laptops. I'm wondering how best to set these up with the UTM web proxy?

Fixed pc's are no issue and we could use standard mode for that (via a GPO etc) but what about the laptops? I wouldn't want browsers with fixed proxy settings  in there as users often take these home and work from home using their ADSL etc.

We do have Sophos endpoint on these laptops so do have control over what they can browse etc but I'm wondering what the best way is to setup the proxy for when they are in the network?



This thread was automatically locked due to age.
Parents
  • Use Proxy Auto Configuration instead of a GPO.  Here's a basic exmple:

    function FindProxyForURL(url, host)
    {
       //The following URLs will not be proxied
           if (shExpMatch(url,"passthrough.fw-notify.net*/*"))
             {return "DIRECT";}
       //Don't Proxy local domains
       if (dnsDomainIs(host, ".ourdomain.local"))
             {return "DIRECT";}
       //Don't proxy hosts on LAN(s)
           if (isPlainHostName(host) ||
               isInNet(dnsResolve(host), "172.17.1.0", "255.255.255.0"))
             {return "DIRECT";}

       // Set the proxy server(s) for LAN(s)
       if (isInNet(myIpAddress(), "172.17.1.0", "255.255.255.0"))
             {return "PROXY 172.17.1.1:8080" ; DIRECT"; }
     
       // For all other networks, do not proxy
       return "DIRECT" ;
    }

    I need to update my guide since there are a lot more laptops in use today than when I originally wrote that over seven years ago.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Use Proxy Auto Configuration instead of a GPO.  Here's a basic exmple:

    function FindProxyForURL(url, host)
    {
       //The following URLs will not be proxied
           if (shExpMatch(url,"passthrough.fw-notify.net*/*"))
             {return "DIRECT";}
       //Don't Proxy local domains
       if (dnsDomainIs(host, ".ourdomain.local"))
             {return "DIRECT";}
       //Don't proxy hosts on LAN(s)
           if (isPlainHostName(host) ||
               isInNet(dnsResolve(host), "172.17.1.0", "255.255.255.0"))
             {return "DIRECT";}

       // Set the proxy server(s) for LAN(s)
       if (isInNet(myIpAddress(), "172.17.1.0", "255.255.255.0"))
             {return "PROXY 172.17.1.1:8080" ; DIRECT"; }
     
       // For all other networks, do not proxy
       return "DIRECT" ;
    }

    I need to update my guide since there are a lot more laptops in use today than when I originally wrote that over seven years ago.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children