Skip to end of metadata
Go to start of metadata


Description:

There are scenarios where only normal Internet browsing should be routed via the proxy, but not your applications.

This can be desirable if you don't want to add lots of exceptions.

In order to guarantee security, group policies (or similar) need to be used to force browsers to work with a proxy. Users should not be able to circumvent this mechanism with their client settings.


Requirements:

  • LANCOM R&S®Unified Firewall with LCOS FX as of version 10
  • Web browser for configuring the Unified Firewall.

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox


Procedure:

1) Switch the HTTP and HTTPS proxy to non-transparent mode:

In non-transparent mode, the proxy must be manually addressed in the browser. This is done for HTTP via port 10080 and for HTTPS via port 10443 (see step 4).

1.1) Open the HTTP proxy settings in the menu UTM → Proxy → HTTP Proxy Settings.

1.2) For the Plain HTTP Proxy and HTTPS Proxy, set each one to Non-transparent.

1.3) Save the changes.


2) Create a user-defined service for HTTP and HTTPS:

2.1) Navigate to the menu Desktop → Services → User-defined services.

2.2) Click on the + button to create a new service.

2.3) Give the service a name (e.g. HTTP proxy) and configure port 80 TCP for HTTP connections.

2.4) Save the new service.

2.5) Create another service for HTTPS and configure port 443 TCP for HTTPS connections.

2.6) Save the new service.

  


3) Use the new service objects in a connection rule:

3.1) Configure a new connection rule or modify an existing rule so that it looks like the one illustrated below.

  • The standard objects for HTTP or HTTPs in this case must not use a proxy
  • The user-defined objects for HTTP or HTTPs must use the proxy, however.

3.2) Save the changes.


4) Enter the proxy into the browser:

4.1) Open your browser's proxy settings and create a manual proxy configuration.

In this example, the Unified Firewall has the local IP address 192.168.3.254.

The HTTP proxy is addressed via port 10080 and the HTTPS proxy is addressed via port 10443.