04-29-2009 06:27 AM
Hello all specialists !
I'm completely newbie in netscreen configuration ...
I 'd want to know how to configure my netscreen 50 to redirect web traffic through my Linux proxy :
Lan : 192.168.4.0 mask 255.255.255.0
Netscreen : 192.168.4.203
proxy on Linuxbox : 192.168.4.247:8080
I've tried with policies but no success !
Thank you for your answers ...
04-29-2009 06:57 AM
you can try to set porxy on your webrowser for your all PC's and open policy from proxy server to untrust any any NAT egress
hope help you
04-29-2009 07:03 AM
thank you mehdi for your answer
I don't want to set proxy on the PC's, I want to force the use of the proxy for all the browser (firefox, IE, ...) so if a user chooses any browser, he will be redirected to my proxy ...
04-29-2009 07:08 AM
yes my answer mean this, when you set proxy on the browser the all traffic will be redirect to your proxy server
for example :
on firefox clic tools>>> option>>>>advenced>>> network>>>> setting you set you ip proxy
after that you permit on the firewall traffic to internet
hop this helps
04-29-2009 07:15 AM
I think you don't understand what i mean : I want all the http(s) traffic redirected to my proxy. So if a user installs a new browser, even if i don't configure his new browser to work with the proxy, it will be redirected ...
04-29-2009 07:23 AM
Ah i so sorry, ok , i don't think you can use this with redirect traffic, i know only :
first: you use gataway for all internet traffic for you can use the firewall
scond : you user proxy server but you should to setting the all browser
you can try this
you change IP addresse for your proxy server and bind it in the DMZ
and crete policy from local network to DMZ
create policy from DMZ to Untrust with nat
don't forget the routiing
hope this help you
04-29-2009 08:08 AM
It is possible to redirect web traffic to the proxy automatically, using policy based routing, but the configuration isn't trival. Basically what you have to do is route all outbound traffic on port 80 via your proxy - except for traffic originating from the proxy itself, or you'll end up in an infinite loop.
Check the user guide, there might be an example there (its a bit long to describe it all here).
ps: it will be easier if you make your proxy listen on port 80 for transparent interception, that way you won't have to translate the destination port on the firewall.