Path: Policy - Network Objects - Static Network Objects

Path: Policy - Rules


In a company there is a proxy server with detailed URL-based rule sets. Therefore, all HTTP/HTTPS traffic which is not handled by the proxy server should be blocked.


To achieve this, you need to set up the following:

  • a static network object that contains the proxy server,
  • a rule that handles the allowed traffic, and
  • a rule that blocks all other traffic.



Navigate to Policy > Network Objects > Static Network Objects to create a static network object that contains the proxy server. The proxy server can be identified by its MAC address, for example.

For instructions on how to create a static network object, refer to Creating Static Network Objects.


Navigate to Policy > Rules. Configure a rule set consisting of two global rules:

  • Rule 1 allows all HTTP/HTTPS traffic to the proxy server.
  • Rule 2 rejects all HTTP/HTTPS traffic in the network that is not directed at the proxy server.

The following table shows the required rule settings:



RuleSourceDestinationConditionActions
1AnyProxy Server
Classification
Included Applications/Protocols:HTTP, SSL
Final Action:
Allow Traffic and Skip to Next Scenario
2AnyAnyClassification
Included Applications/Protocols:HTTP, SSL
Final Action:
Reject Traffic and Stop Processing


For instructions on how to create a rule, refer to Creating Global Rules in the Threat Defender manual.


Click APPLY CHANGES to activate your configuration changes.


As a result, network packages sent via HTTP (or HTTPS) to the network address of the proxy server match rule 1 and are allowed to pass.

Network packages sent via HTTP (or HTTPS) to another destination than the proxy server match rule 2 and are rejected. The client application is notified that the web server cannot be reached.


For a more detailed description of this example, see the relevant section in the Threat Defender manual.