<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";
        mso-fareast-language:EN-US;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-NZ link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi guys.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>We have a customer who’d like to implement a transparent web proxy configuration using a Sophos Web Appliance. They sit behind an SSG20 that connects them to the Internet. I’m suggesting the proxy will have an IP in the LAN range.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’ve confirmed with Sophos that the proxy will correctly handle connections if we policy-route any packets matching a destination port of TCP 80 & 443 to it using the firewall, however I’m a little confused about how the return traffic should be handled.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I don’t believe the proxy will rewrite the layer 3 address of the packets it sends out, so return traffic back from the external web servers will be (theoretically) sent back to the internal IP address, which is the client directly.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Does anyone have any experience in implementing this, or any suggestions how we go about returning the traffic to the proxy and not directly to the end client? Any suggestions otherwise? Explicit mode on the proxy is not an option.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='mso-fareast-language:EN-NZ'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D;mso-fareast-language:EN-NZ'><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><b><span lang=EN-US style='font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-NZ'>Josh Farrelly</span></b><span lang=EN-US style='font-size:16.0pt;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-NZ'><br></span><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:silver;mso-fareast-language:EN-NZ'>Senior Project Engineer<br></span><span lang=EN-US style='font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-NZ'><br></span><b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#3FA337;mso-fareast-language:EN-NZ'>P</span></b><b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#7E007E;mso-fareast-language:EN-NZ'> </span></b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-NZ'>+64 9 630 4095</span><b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#7E007E;mso-fareast-language:EN-NZ'> <br></span></b><b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#3FA337;mso-fareast-language:EN-NZ'>M</span></b><b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#7E007E;mso-fareast-language:EN-NZ'> </span></b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:EN-NZ'>+64 21 919 885</span><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#363635;mso-fareast-language:EN-NZ'> <br></span><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#3FA337;mso-fareast-language:EN-NZ'>E</span></b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#363635;mso-fareast-language:EN-NZ'> <a href="mailto:josh@base-2.co.nz"><span style='color:blue'>josh@base-2.co.nz</span></a><br></span><b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#3FA337;mso-fareast-language:EN-NZ'><br></span></b><span lang=EN-US style='font-size:9.0pt;font-family:"Arial","sans-serif";mso-fareast-language:EN-NZ'>PO Box 24666, Royal Oak, Auckland 1345.<br>126 Valley Rd, Mt Eden, Auckland 1024.<span style='color:#1F497D'><br></span><span style='color:#363635'><br></span></span><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#3FA337;mso-fareast-language:EN-NZ'><a href="http://www.base-2.co.nz/"><span style='color:blue'>www.base-2.co.nz</span></a></span></b><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F007F;mso-fareast-language:EN-NZ'> </span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F007F;mso-fareast-language:EN-NZ'><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F007F;mso-fareast-language:EN-NZ'><img border=0 width=650 height=82 id="Picture_x0020_1" src="cid:image001.gif@01CD27B3.C010D410" alt="Description: Description: Description: Description: Description: Description: cid:3390911214_26814945"></span><span lang=EN-US style='color:#1F497D;mso-fareast-language:EN-NZ'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>