Segui

Web Proxy - Basic Setup (Transparent)

Version 2.5

Applies to Platform: UTM 2.4, UTM 2.5
Last Update: 28 April 2011

This lesson will illustrate the necessary steps to configure a very simple transparent web proxy on a typical Endian appliance. A transparent web proxy is one that requires no client-side changes to operate effectively (all traffic is tranparently redirected). The primary purpose of the web proxy is to (1) allow for a simple method to filter web traffic to appropriate levels for business and (2) provide accountability for user web traffic.

Note

If you have an endian UTM Appliance equipped with version 3.0 or 5.0, please refer to this howto.

Enable the Web Proxy

?name=media_1300829038816.png

The first step is to enable the web proxy by clicking the gray button (which will turn green when enabled). Once this is done, we can configure the networks we want to be filtered transparently (using Green only in this example).

Configure the Log Settings

?name=media_1300828798973.png

Since we want to have all web access (allowed and blocked) logged for review purposes, we're going to enable the appropriate logging options.

Click Save and then Apply the changes to proceed.

Configure the Content Filter Profile (Default)

?name=media_1300829711111.png

In this example, we're only going to configure web filtering by URL Blacklist (only) for ease and administration purposes. The first thing we'll do is ensure our HTTP antivirus is enabled by checking the appropriate box. You can select the whole category to block by clicking the green arrow or, alternatively, you can drop down the subcategories and select those individually in order to block some and not others. You can also attach custom white- or blacklists to this profile as well.

Click Update Profile and then Apply the changes to proceed.

Note

When you enable web filtering by phrases (Content Filtering) this will block those categories of phrases for content "inside the page" which will result in a more aggressive blocking strategy with potentially a higher false positive rate.

Configure the Access Policy

?name=media_1300829958665.png

The last step is to create an access policy which will map the content filtering profile based on a specific network configuration. In the example above, we're creating a simple policy for the Green zone (entire network) that is using the content filtering profile (default) that we just configured in the previous step.

Click Create Profile and then Apply the changes to finalize the configuration.

Test the Web Proxy

?name=media_1300831781271.png

You can test your configuration now by browsing the Internet from the Green network and you should see a block page on sites that match the categories selected.

Verify Logging

?name=media_1300832018560.png

You should also be able to view all the web traffic in real-time by going to Logs > Live Log Viewer and select the "Web Proxy" log to view.

Altre domande? Invia una richiesta

Commenti