Explicit Proxy: HTTP Web Proxy

To replace your current proxy server, you can configure the settings in the Explicit Proxy to enable your Firebox as an explicit web proxy server for HTTP traffic, When you configure the Explicit Proxy, you select the HTTP proxy action to use for connections to your network, and specify the options to configure your client web browsers to send requests directly to the IP address of the Firebox over TCP port 3128 (the port for the Explicit Proxy). All HTTP traffic to your network is examined by the Explicit Proxy and the subscription services that you have configured on your Firebox.

The Explicit Proxy does not cache web data.

When you use the Explicit Proxy, the Firebox adds a Via Header to HTTP requests and responses. A Via Header tells the server which proxies sent the request. The Via Header can contain the Firebox IP address or an alias that you can customize.

The Firebox supports the use of PAC (Proxy Auto-Configuration) files distributed by WPAD through DHCP on the Firebox. For more information about PAC Files, see Explicit Proxy: PAC Files.

For information about how to configure client web browsers, see Explicit Proxy: Configure Client Web Browsers.

If you use the Explicit Proxy for connections to your network, you can force your users to authenticate before they can connect to your network. When you enforce authentication in the Explicit Proxy, unauthenticated connections are redirected to the Firewall authentication page. For more information about how to configure Firewall authentication, see Firewall Authentication.

Configure an Explicit Proxy Policy

Configure the Proxy Action for the Explicit Proxy

When you add the Explicit-proxy policy, the predefined proxy action Explicit-Web.Standard is automatically selected. Because you cannot edit a predefined proxy action, you must clone the proxy action and then configure the settings for the cloned proxy action.

Explicit Proxy Policy and PAC File Download Policy

When you add an Explicit-proxy policy, the Firewall allows Any-Trusted and Any-Optional to the Firebox on port TCP 3128. A WG-PAC-File-Download policy is also automatically added to the Firebox configuration. The WG-PAC-File-Download policy allows client web browsers to download the PAC file that contains the information necessary to configure the client to use the Firebox as the explicit proxy server. This policy allows traffic from Any-Trusted and Any-Optional to the Firebox on TCP port 4125.

Screen shot of the Explicit-proxy policy and PAC file download policy in Fireware Web UI

See Also

About Policies

Explicit Proxy: PAC Files