Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

« Vorherige Version anzeigen Version 9 Nächste Version anzeigen »


Description:

In isolated cases it can happen, that particular web pages (or applications which use HTTP/HTTPS for communication) cannot be invoked when using the HTTP-Proxy. In such a case it is necessary to create an exception for such a web page / application, so that the traffic isn't routed via the HTTP-Proxy.

This article describes the options to create a bypass for particular web pages / applications, so that they aren't filtered by the HTTP-Proxy.


Requirements:


Procedure:

1) Entering the DNS name in the HTTP-Proxy:

1.1) Open the configuration of the Unified Firewall in a web browser and go to the menu UTM → Proxy → HTTP Proxy Settings.

1.2) Enter the desired web page in the Whitelist and click on the "Plus" symbol to add it to the list.

Click on Save afterwards.

Please note, that the Whitelist doesn't evaluate the URL but simply the SAN (Subject Alternative Name) of the SSL certificate. Thus it can occur, that individual sub domains cannot be invoked.



2) Creating a separate firewall rule with the public IP address of the web server:

2.1) Open the configuration of the Unified Firewall in a web browser and click on the button to Create a host.

Only one IP address can be entered in a host object. Thus, if several IP addresses are needed, you have to create a host/network group.

2.2) Edit the following parameters and click Create:

  • Name: Enter a meaningful name for the web page object.
  • Connected to: In the dropdown-menu select the object internet.
  • IP Adress: Enter the public IP address of the web page, for which the exception should be created.

If you have several internet connections and the web page should be reachable via all of these connections, you have to set the parameter Connected to to any. Otherwise you would have to create a host object for each internet connection.

2.3) On the desktop click on the network object, select the Connection Tool and click on the host object created in step 2.2).

2.4) From the protocol list add HTTP and HTTPS.

2.5) For the protocol HTTP click once on the green arrow under Action so it points to the right and then click on None under Options.

2.6) For the parameter NAT / Masquerading select the option left-to-right and click OK.

2.7) Repeat the steps 2.5) and 2.6) for the protocoll HTTPS.

2.8)  The connection has to look as follows. Now click on Create.

2.9) Click on Activate, so that the changes are implemented by the Unified Firewall.

  • Keine Stichwörter