Path: Policy - Network Objects - Static Network Objects
Path: Policy - Rules
In a company there is a proxy server with detailed URL-based rule sets. Therefore, all HTTP/HTTPS traffic which is not handled by the proxy server should be blocked.
To achieve this, you need to set up the following:
- a static network object that contains the proxy server,
- a rule that handles the allowed traffic, and
- a rule that blocks all other traffic.
Navigate to Policy > Network Objects > Static Network Objects to create a static network object that contains the proxy server. The proxy server can be identified by its MAC address, for example.
For instructions on how to create a static network object, refer to Creating Static Network Objects.
Navigate to Policy > Rules. Configure a rule set consisting of two global rules:
- Rule 1 allows all HTTP/HTTPS traffic to the proxy server.
- Rule 2 rejects all HTTP/HTTPS traffic in the network that is not directed at the proxy server.
The following table shows the required rule settings:
Rule | Source | Destination | Condition | Actions |
1 | Any | Proxy Server | Classification Included Applications/Protocols: HTTP , SSL | Final Action: Allow Traffic and Skip to Next Scenario |
2 | Any | Any | Classification Included Applications/Protocols: HTTP , SSL | Final Action: Reject Traffic and Stop Processing |
For instructions on how to create a rule, refer to Creating Global Rules in the Threat Defender manual.
Click APPLY CHANGES to activate your configuration changes.
As a result, network packages sent via HTTP (or HTTPS) to the network address of the proxy server match rule 1 and are allowed to pass.
Network packages sent via HTTP (or HTTPS) to another destination than the proxy server match rule 2 and are rejected. The client application is notified that the web server cannot be reached.
For a more detailed description of this example, see the relevant section in the Threat Defender manual.