Description:
There are scenarios where only normal Internet browsing should be routed via the proxy, but not your applications.
This can be desirable if you don't want to add lots of exceptions.
In order to guarantee security, group policies (or similar) need to be used to force browsers to work with a proxy. Users should not be able to circumvent this mechanism with their client settings. |
Requirements:
Procedure:
1) Switch the HTTP and HTTPS proxy to non-transparent mode:
In non-transparent mode, the proxy must be manually addressed in the browser. This is done for HTTP via port 10080 and for HTTPS via port 10443 (see step 4). |
1.1) Open the HTTP proxy settings in the menu UTM → Proxy → HTTP Proxy Settings.
1.2) For the Plain HTTP Proxy and HTTPS Proxy, set each one to Non-transparent.
1.3) Save the changes.
2) Create a user-defined service for HTTP and HTTPS:
2.1) Navigate to the menu Desktop → Services → User-defined services.
2.2) Click on the + button to create a new service.
2.3) Give the service a name (e.g. HTTP proxy) and configure port 80 TCP for HTTP connections.
2.4) Save the new service.
2.5) Create another service for HTTPS and configure port 443 TCP for HTTPS connections.
2.6) Save the new service.
3) Use the new service objects in a connection rule
3.1) Configure a new connection rule or modify an existing rule so that it looks like the one illustrated below.
3.2) Save the changes.
4) Enter the proxy into the browser:
4.1) Open your browser's proxy settings and create a manual proxy configuration.
In this example, the Unified Firewall has the local IP address 192.168.3.254.
The HTTP proxy is addressed via port 10080 and the HTTPS proxy is addressed via port 10443.