Your LANCOM R&S®Unified Firewall uses the Squid proxy. This proxy serves as an interface to the content filter and the antivirus scanner (see URL/Content Filter and Antivirus Settings).
Under , you can configure the HTTP(S) proxy for your LANCOM R&S®Unified Firewall.
The HTTP(S) proxy serves as a man-in-the-middle. For this purpose, it establishes a connection to the web server, generates a pseudo certificate for the website using its own HTTP(S) Proxy CA, and uses this pseudo certificate to establish a connection to the browser. This way, the proxy can analyze the traffic, apply the URL/content filter and scan for viruses.
When the HTTP(S) proxy is active, make sure that the DNS server of your LANCOM R&S®Unified Firewall is able to correctly resolve the domains to be accessed.Furthermore, import the HTTP(S) Proxy CA of your LANCOM R&S®Unified Firewall as a trusted CA into the browsers of all clients.
| Input field | Description |
|---|---|
| I/0 |
A slider switch indicates whether the HTTP(S) proxy is active (I) or inactive
(0). Click the slider switch to toggle the state of this service regardless of the configured
proxy modes. The HTTP(S) proxy is deactivated by default.
Important: Activating or deactivating the HTTP(S) proxy will also activate or deactivate the FTP
proxy.
|
| Plain HTTP Proxy | To deactivate the HTTP proxy, select the "Disable Proxy" option. If you choose Transparent, your LANCOM R&S®Unified Firewall automatically forwards all requests which arrive on port 80 (HTTP) through the proxy (default setting). If you choose Intransparent, the HTTP proxy of your LANCOM R&S®Unified Firewall must explicitly be addressed on port 10080. |
| HTTPS Proxy |
To deactivate the HTTPS proxy, select the Disable Proxy
option.
Note: You can configure the HTTP(S) proxy independently from the HTTP proxy.
If you select Transparent, your LANCOM R&S®Unified Firewall forwards all requests which arrive on port 443 (HTTPS)
automatically through the proxy (default setting).
If you choose Intransparent, the HTTP(S) proxy of R&S
Unified Firewall must explicitly be addressed on port 10443.
|
| Proxy CA |
The CA is used by the HTTP(S) proxy to generate the pseudo certificates.
Depending on the certificate type, the LANCOM R&S®Unified Firewall will make a proposal on
which certificates are useful and which are not.
Important: The CA will only be shown if HTTPS Proxy is
set to Transparent or Intransparent.
|
| Client Authentication |
Only available if Plain HTTP Proxy or HTTPS Proxy are set to Intransparent: Select this check box to enable HTTP(S) client
authentication using the LANCOM R&S®Unified Firewall user management.
Important: When you enable Client Authentication, the
FTP proxy will be disabled. In that case, a warning will be displayed.
Important: The proxy can only process HTTP data packets. If a program tries to transmit data packets
of other protocols through this port, the packets are blocked.
|
| Whitelists |
You can define separate whitelists for individual domain groups.
A domain group consists of a name, an optional description and a list of URLs (domains) that should be
excluded from SSL inspection, virus scanning and URL filtering. You can add any number of domains to a
domain group. Enter a domain and click  to add it to the list.
Domains in the whitelist are accepted by the HTTP(S) proxy without analysis and become directly available to
the users' browser. No certificates are created. This is necessary for services which employ strict
Certificate Pinning, such as Windows Update (windowsupdate.com).
You can edit or delete a domain group by clicking on the corresponding button next to an entry. Select or
deselect the checkbox to the left of a domain group to enable or disable its use.
For more information, see Icons and buttons.
Note: To unblock a domain "example.com" including all subdomains like "www.example.com",
write ".example.com" with a dot at the beginning. To unblock only the domain "example.com" without
subdomains, write "example.com" without a dot at the beginning.
|
If you have modified these settings, use the buttons at the bottom right of the editor panel to confirm (Save) or to discard your changes (Reset). Otherwise, you can close the dialog (Close).
Click 
Activate in the toolbar at the top of the desktop to apply your configuration changes.
