Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 10 November 2024, 08:33:33 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14251 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  2.4.1 - Proxy & Firewall Setup Advice
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: 2.4.1 - Proxy & Firewall Setup Advice  (Read 12757 times)
a18041967
Jr. Member
*
Offline Offline

Posts: 7


« on: Friday 24 December 2010, 08:19:13 am »

I’d like to ask for some advice regarding how the Proxy & Firewall work as I’m struggling to get them to work correctly, and I’ll try and explain what I’m doing . Before I start I’ll try and explain how my system is setup.

I’m running Windows 2008 and this is running Exchange 2007, DNS, DHCP and the scopes default gateway points to the EFW Green interface. EFW has two interfaces, Red & Green with authentication back to Active Directory this appears to be working.
Client machines that have their proxy settings are authenticating and in the proxy logs the IP, Username & URL are being logged…. most of the time! There are a number of entries that just have a ‘-‘ in the username field as if they are not being authenticated.

Clients that do not have proxy settings set (Internet Radio, WEB Cams), have their default gateway pointing to the Green interface and successfully connect to the internet, completely by passing the proxy. The only way I have found to stop access for these clients is to disable selected protocols on the outgoing firewall rules.

Is this the correct way to configure this, if so it would appear that all traffic that hits the proxy server bypasses the firewall rules which is not ideal?

In addition to clients that authenticate I have a number of other devices that do not support proxy settings so on the firewall I’ve re enabled the outgoing protocols and added just the IP addresses of these devices to the source field. This also works.

To summarise the above is working but doesn’t seem correct, in an ideal world I’d like the following:

All clients to hit the proxy and then the firewall rules applied, for those devices that do not support proxy setting to add their IP address to the proxy bypass settings. Is this possible?

Sorry for such a long post but thank you for any help people can provide.


Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com