Jump to content

SonicWall 2040 http port forwarding question

Number6
 Share

Recommended Posts

Number6

Number6

Posted
Posted

I hate the rules settings with a passion on this Sonicwall box, nothing seems to be logical.

 

Anyway... I want to trap all internal web traffic on port 80 and transparently forward it to port 8080. My reasoning is to give our network transparent web filtering and proxying via the Dansguardian / squid box.

 

I know that I can set proxy settings via GP, and I have done so, but this doesn't stop users manually modifying the proxy settings, nor installing browsers that won't pick up on the GP setting. We also have roaming users who are not AD users but who use internet access via our network. I'd also like to trap things like iPhone browsing. I want to send all web traffic to the proxy.

 

Sooo.... can anyone who actually understands SonicWall's forwarding rules tell me if this is feasible and if so how I'd do it?

 

Many thanks.

tom_newton

tom_newton

Posted
Posted

This probably isn't practical. I've never seen one box do transparent capture and another box do filter/proxy except with WCCP, and you need cisco at the router for that.

 

Bear in mind that you will lose all your hard work with squid/dg authentication if you go transparent - very few transparent proxies do auth (SmoothWall Guardian does, but its not the sort of thing that's particularly easy to replicate on your own!).

Number6

Number6

Posted
  • Author
Posted
This probably isn't practical. I've never seen one box do transparent capture and another box do filter/proxy except with WCCP, and you need cisco at the router for that.

 

Bear in mind that you will lose all your hard work with squid/dg authentication if you go transparent - very few transparent proxies do auth (SmoothWall Guardian does, but its not the sort of thing that's particularly easy to replicate on your own!).

 

Will I?

 

Are you sure? If a user on our network opens up a browser and requests a web page this would normally go out on port 80 or 443 through the firewall, if the firewall silently redirects port 80 / 443 traffic to port 8080 instead then the browser will still think it's talking to the web site but is passing it's header info to port 8080 instead? Wouldn't it? In which case wouldn't the authenticators in the header still be passed to DG?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 9 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Please comment in the thread what works for you
      • Either time
×
×
  • Create New...