Using Application Control Features with HTTP(S) Proxies
You can use Application Control features with the internal HTTP Proxy service and external proxies. Depending on what type of proxy is used, Application Control might be limited or require additional configuration.
Proxy Type | HTTP Proxy Service: | HTTP Proxy Service: | External HTTP(S) Proxy | External HTTP + HTTPS Proxies |
|---|---|---|---|---|
Application Control | Yes | Yes | Yes | Yes |
Sub-application Detection | No | Yes (with an access rule for HTTPS) | Yes | Yes |
TLS Inspection | Yes (via HTTP Proxy Service) | Yes (with an access rule for HTTPS) | Yes | Yes |
Virus Scanning | Yes (via HTTP Proxy Service) | Yes (via HTTP Proxy Service) | Yes | Yes |
URL Filter | Yes (via HTTP Proxy Service or Firewall Service) | Yes (via HTTP Proxy Service or Firewall Service) | Yes | Yes |
ATP | Yes | Yes | Yes | Yes |
Application Based Provider Selection | No | No | - | - |
Safe Search | No | No | No | No |
Google Accounts Filtering | No | No | No | No |
File Content Filtering | No | No | No | No |
User Agent Filtering | Yes | Yes | Yes | Yes |
Custom Block Pages | No | No | No | No |
HTTP Proxy Service (Forward Proxy)
When the client is configured to use the HTTP Proxy service for both HTTP and HTTPS, Application Control can be used to detect applications for HTTP connections. Clients contact the HTTP Proxy service directly on port 3128 or 8080 for both HTTP and HTTPS connections. TLS Inspection is handled in the HTTP Proxy service.
Please note that this setup does not work if you are using a load balanced HA deployment in which the Forwarding Firewall service and the HTTP Proxy service are not on the same firewall.
HTTP Proxy Service (Transparent Proxy)
When the HTTP Proxy service on the CloudGen Firewall is configured as a transparent proxy, only HTTP traffic is sent to the HTTP Proxy. To pass HTTPS traffic through Application Control and TLS Inspection, you must configure an explicit access rule.
It is not possible to use the built-in TLS Inspection in the HTTP Proxy in a transparent proxy configuration.
External Proxy
When clients use an external proxy for both HTTP and HTTPS traffic, there are no restrictions. Application Control can inspect all traffic coming from or going to the proxy.
Separate HTTP and HTTPS (TLS) Proxies
No limitations apply when clients are configured to use separate external HTTP and HTTPS proxies. Application Control and TLS Inspection can inspect all traffic coming from and going to the HTTP and HTTPS proxies.
Contact Us
Barracuda Campus
Barracuda Support