Internet Related/Filtering/Firewall Thread, SonicWall 2040 http port forwarding question in Technical; I hate the rules settings with a passion on this Sonicwall box, nothing seems to be logical.
Anyway... I want ...
21st April 2010, 09:14 AM #1
- Rep Power
SonicWall 2040 http port forwarding question
I hate the rules settings with a passion on this Sonicwall box, nothing seems to be logical.
Anyway... I want to trap all internal web traffic on port 80 and transparently forward it to port 8080. My reasoning is to give our network transparent web filtering and proxying via the Dansguardian / squid box.
I know that I can set proxy settings via GP, and I have done so, but this doesn't stop users manually modifying the proxy settings, nor installing browsers that won't pick up on the GP setting. We also have roaming users who are not AD users but who use internet access via our network. I'd also like to trap things like iPhone browsing. I want to send all web traffic to the proxy.
Sooo.... can anyone who actually understands SonicWall's forwarding rules tell me if this is feasible and if so how I'd do it?
21st April 2010, 09:30 AM #2
This probably isn't practical. I've never seen one box do transparent capture and another box do filter/proxy except with WCCP, and you need cisco at the router for that.
Bear in mind that you will lose all your hard work with squid/dg authentication if you go transparent - very few transparent proxies do auth (SmoothWall Guardian does, but its not the sort of thing that's particularly easy to replicate on your own!).
21st April 2010, 09:53 AM #3
- Rep Power
Originally Posted by tom_newton
Are you sure? If a user on our network opens up a browser and requests a web page this would normally go out on port 80 or 443 through the firewall, if the firewall silently redirects port 80 / 443 traffic to port 8080 instead then the browser will still think it's talking to the web site but is passing it's header info to port 8080 instead? Wouldn't it? In which case wouldn't the authenticators in the header still be passed to DG?
22nd April 2010, 12:22 PM #4
Short answer: Transparently proxied client is not aware of auth.
(Tom is on leave)
By ryanster in forum Internet Related/Filtering/Firewall
Last Post: 29th January 2010, 08:56 AM
By danrhodes in forum Internet Related/Filtering/Firewall
Last Post: 21st January 2010, 01:00 PM
By localzuk in forum *nix
Last Post: 3rd June 2009, 11:18 PM
By localzuk in forum General Chat
Last Post: 29th October 2008, 09:55 AM
By IA76 in forum Wireless Networks
Last Post: 15th August 2008, 02:29 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)