Applies to platform: all
Last updated: 13 May 2014
This lessons explains why the outgoing firewall seems not to work when some service uses a transparent proxy.
How the Proxy Works
The following picture shows what happens when retrieving a web page from a remote server with a proxy server in between, that is, with an Endian UTM Appliance running the squid proxy server.
The scenario sees an user who wants to access Google's home page. Without the presence of the http proxy, the user's computer would contact directly www.google.com, on port 80, retrieve the home page, and display it.
With the proxy activated, however, whenever a connection starts from a client to the Internet, it will either be intercepted by the proxy on the Endian UTM Appliance (in transparent mode) or go directly to the firewall, but never go 'through' the firewall. The proxy then starts a new connection to the real destination, retrieves the data and sends it to the client. Those connections to the Internet always start from the Endian UTM Appliance, which hides the clients internal IP address. Therefore, such connections never go through the (outgoing) firewall, since in fact they are local connections.
The outgoing firewall indeed has the task of granting or preventing the access to remote resources from devices in the local zones (GREEN, ORANGE, BLUE). But the proxy removes all the information about the internal IP addresses and replaces them with the RED IP, so a single connection from the GREEN to the RED becomes, in fact, two connections: one from the GREEN to the GREEN, the second from the RED to the RED: there is no more a connection from the GREEN to the RED, hence the outgoing firewall is never involved!
If you want to block those kind of connections, for the HTTP Protocol only, you can add entries in the Access Policy tab, located under Menubar > Proxy > HTTP .