Sophos Web Appliance: Configuring your network for Explicit Deployment

  • Article ID: 38779
  • Updated: 07 Dec 2010

Configuring your network for Explicit Mode requires the following steps.

Configure Your Firewall

In general, it is good security practice to only allow workstations to make connections to the internet if absolutely necessary. With the Web Appliance in Explicit Mode, there should be no reason for workstations to connect directly to the internet. Sophos recommends configuring your organization's firewall to only allow outbound internet connections from the Web Appliance. This prevents users from bypassing the security and control provided by the Web Appliance and helps prevent unauthorized use of your network.

Configure Your Users' Browsers

To use Explicit Mode, you must configure you users' browsers to use the Web Appliance as their web proxy. There are three methods for automatically configuring your users' browsers from a centralized location.

  1. Proxy Auto-Configuration files (proxy.pac) are used to configure browsers when users select the "configuration from a file option" for proxy configuration. They contain web proxy information in the form of a few simple lines of JavaScript.
  2. Web Proxy Autodiscovery Protocol files (wpad.dat) are identical in terms of their content to proxy.pac files, but they are deployed as files renamed to the specific name of wpad.dat and placed in specifically named websites so that they can be found at the expected addresses if users choose the "automatic" option to configure their browsers to use a web proxy.
  3. Group Policy Objects (GPO) is an Active Directory utility for enforcing centralized automatic configuration of your users' systems, including configuring their browsers to use the Web Appliance as their web proxy.

To make these tasks as simple as possible, Sophos has created the following step-by-step procedures to aid you in automatically configuring your users' browsers to use the Web Appliance as their web proxy:

Further network administration benefits are available by using PAC files for:


Support for problems with third-party products discussed in this article may be provided by the manufacturer of that product. Sophos does not support such third-party products. The third-party products discussed here are manufactured by companies that are independent of Sophos, and Sophos makes no warranty, implied or otherwise, about the performance or reliability of these products.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments