What You Need To Know - ZyXEL Communications ZyWALL USG 200 Series User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 200 Series:
- User manual (902 pages) ,
- Manual (1157 pages) ,
- Reference manual (394 pages)
Table of Contents
Advertisement
Chapter 20 HTTP Redirect
20.1.2 What You Need to Know
Web Proxy Server
A proxy server helps client devices make indirect requests to access the Internet
or outside network resources/services. A proxy server can act as a firewall or an
ALG (application layer gateway) between the private network and the Internet or
other networks. It also keeps hackers from knowing internal IP addresses.
A client connects to a web proxy server each time he/she wants to access the
Internet. The web proxy provides caching service to allow quick access and reduce
network usage. The proxy checks its local cache for the requested web resource
first. If it is not found, the proxy gets it from the specified server and forwards the
response to the client.
HTTP Redirect, Firewall and Policy Route
With HTTP redirect, the relevant packet flow for HTTP traffic is:
Firewall
1
Application Patrol
2
HTTP Redirect
3
Policy Route
4
Even if you set a policy route to the same incoming interface and service as a
HTTP redirect rule, the ZyWALL checks the HTTP redirect rules first and forwards
HTTP traffic to a proxy server if matched. You need to make sure there is no
firewall rule(s) blocking the HTTP requests from the client to the proxy server.
You also need to manually configure a policy route to forward the HTTP traffic from
the proxy server to the Internet. To make the example in
work, make sure you have the following settings.
For HTTP traffic between lan1 and dmz:
• a from LAN1 to WAN firewall rule (default) to allow HTTP requests from lan1 to
dmz. Responses to this request are allowed automatically.
• a application patrol rule to allow HTTP traffic between lan1 and dmz.
• a HTTP redirect rule to forward HTTP traffic from lan1 to proxy server A.
For HTTP traffic between dmz and wan1:
• a from DMZ to WAN firewall rule (default) to allow HTTP requests from dmz to
wan1. Responses to these requests are allowed automatically.
428
Figure 321 on page 427
ZyWALL USG 100/200 Series User's Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
