This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Security Appliance transparent mode

Hi All,

On page 9 of the SWA config guide (http://wsa.sophos.com/swa_docs/pdf/ws1000/SWAConfigGuide.pdf)  under point 3 it says “Configure your router so that it redirects all port 80 traffic to port 80 and port 443 traffic to port 443 on the Web Appliance.”

We mainly use Draytek or Watchguard devices which I don’’’’t think can do this but I’’’’d be interested in what routers can.

I'm sure Cisco routers have this option.

Sophos support answered with:

Unfortunately we don't have any information on which routers can perform this and how to configure them.
Its a pretty basic function though that should be available in some form in all routers.

Generally you would just need to set up a policy route for this type of traffic

Can anyone give examples of what routers can actually do this and an example config for them?

:53521


This thread was automatically locked due to age.
Parents
  • Dear All,

    the fact that we have only one match on a keyword search "Watchguard" speaks volumes, anyway...

    On a XTM use the policy "http-proxy", in proxy-action, choose a client, then edit the proxy client settings. A new dialogue opens and in "use web cache server" you point to your WSA. Make sure you use port 3128 or 8081, not 80 .

    The additional ports (if not set) are found in WSA, network, advanced, down below (the page may be longer than your screen high).

    The alternative is (only with fireware pro) to try a policy base routing, as described by red-warrior

    Regards from Hamburg, DE

    :54873
Reply
  • Dear All,

    the fact that we have only one match on a keyword search "Watchguard" speaks volumes, anyway...

    On a XTM use the policy "http-proxy", in proxy-action, choose a client, then edit the proxy client settings. A new dialogue opens and in "use web cache server" you point to your WSA. Make sure you use port 3128 or 8081, not 80 .

    The additional ports (if not set) are found in WSA, network, advanced, down below (the page may be longer than your screen high).

    The alternative is (only with fireware pro) to try a policy base routing, as described by red-warrior

    Regards from Hamburg, DE

    :54873
Children
No Data