Jump to content


Photo

Conf for Transparent Proxy and the FW rule TRANSPARENT-PROXY

Proxy

  • Please log in to reply
5 replies to this topic

#1 frenay

frenay
  • Members
  • 99 posts

Posted 04 August 2016 - 02:52 AM

Hi,

I'm doing some tests to use the FW NG F600 like a transparent proxy (only Filter URL).

Currently the LAN use a proxy on Linux.

I have a problem on the rule TRANSPARENT-PROXY which not redirect the flow.

The source for the test is my PC, services are http & https, destination is the World and redirection the IP of the proxy service 192.168.20.2 (port 3128).
In my IE no proxy is configured.
I can go out on the Internet (BLOCKED) and in the FW history I don't see the redirection (TRANSPARENT-PROXY)...

In IE when I fill 192.168.20.2/3128 in server proxy, it works, so for me this is only the redirection which not works, but why ?

thanks for your help.

Regards.

David



#2 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts
  • LocationEMEA

Posted 04 August 2016 - 03:15 AM

hi David
Why are you trying to use proxy module for this? URL filtering in firewall is easier to configure and offers way better performance.

https://campus.barra...0/URLFiltering/



#3 frenay

frenay
  • Members
  • 99 posts

Posted 04 August 2016 - 07:34 AM

Uh, I thought URL Filter was a module of proxy service  :wacko:  ..Yes you are right.



#4 frenay

frenay
  • Members
  • 99 posts

Posted 05 August 2016 - 03:13 AM

Another question about security and proxy.

What is the interest of a proxy for the security if the proxy is used without option like Antivirus/Malware Protection & Access Control and Auth...

The caching option with the high speed internet is redundant;

 

Thank you for your opinion.



#5 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts
  • LocationEMEA

Posted 05 August 2016 - 03:33 AM

Most proxy deployments in case of NGF are obsolete. Very long time ago the reason for proxy was antivirus, later - logging, now the last features present in proxy and not supported by firewall module are:

1. Kerberos authentication

2. Hostname based routing for reverse proxy (when you access several websites hosted on different physical servers via one public IP)

3. and not to be underestimated... "we use a proxy, because our corporate security policy requires a proxy". fullstop ;)



#6 frenay

frenay
  • Members
  • 99 posts

Posted 16 August 2016 - 06:33 AM

ok, I want the best solution and the easiest so if a proxy is not useful for security, no proxy and only Barracuda filtering.