Chapter 18 HTTP Redirect
ZyWALL USG 50 User’s Guide
332
18.1.2
What You Need to Know
Web Proxy Server
A proxy server helps client devices make indirect requests to access the Internet
or outside network resources/services. A proxy server can act as a firewall or an
ALG (application layer gateway) between the private network and the Internet or
other networks. It also keeps hackers from knowing internal IP addresses.
A client connects to a web proxy server each time he/she wants to access the
Internet. The web proxy provides caching service to allow quick access and reduce
network usage. The proxy checks its local cache for the requested web resource
first. If it is not found, the proxy gets it from the specified server and forwards the
response to the client.
HTTP Redirect, Firewall and Policy Route
With HTTP redirect, the relevant packet flow for HTTP traffic is:
1
Firewall
2
Application Patrol
3
HTTP Redirect
4
Policy Route
Even if you set a policy route to the same incoming interface and service as a
HTTP redirect rule, the ZyWALL checks the HTTP redirect rules first and forwards
HTTP traffic to a proxy server if matched. You need to make sure there is no
firewall rule(s) blocking the HTTP requests from the client to the proxy server.
You also need to manually configure a policy route to forward the HTTP traffic from
the proxy server to the Internet. To make the example in
Figure 197 on page 331
work, make sure you have the following settings.
For HTTP traffic between
lan1
and
dmz
:
•
a from LAN1 to WAN firewall rule (default) to allow HTTP requests from
lan1
to
dmz
. Responses to this request are allowed automatically.
•
a application patrol rule to allow HTTP traffic between
lan1
and
dmz
.
•
a HTTP redirect rule to forward HTTP traffic from
lan1
to proxy server
A
.
For HTTP traffic between
dmz
and
wan1
:
•
a from DMZ to WAN firewall rule (default) to allow HTTP requests from
dmz
to
wan1
. Responses to these requests are allowed automatically.
19216811.live