Configuring Transparent Proxy
When configured as a Transparent Proxy, GFI WebMonitor acts as an intermediary between client machines and web servers to monitor and control HTTPHypertext Transfer Protocol. and HTTPSHypertext Transfer Protocol over Secure Socket Layer (SSL). traffic transparently. When a user makes a request to a web server, the Transparent Proxy intercepts the request to deliver the requested content. When GFI WebMonitor is deployed in this mode, you do not need to set client browser settings to point to a specific proxy.
This feature is not available for GFI WebMonitor installed as a plug-in for Microsoft Forefront TMGMicrosoft Forefront Threat Management Gateway. A Microsoft product that provides firewall and web proxy services. It also enables administrators to manage Internet access through policies. It is the successor of the Microsoft ISA Server and is part of the Microsoft Forefront line of business security software..
Transparent Proxy can filter only HTTP (TCP port 80) and HTTPS (TCP port 443) traffic.
Environment considerations when GFI WebMonitor is configured as a Transparent Proxy
|Supported Operating Systems||
Transparent Proxy can be enabled on servers running the following operating systems:
Ensure the operating system is up-to-date with all Windows updates installed.
By default, Transparent Proxy uses port 8082. Ensure that the listening port does not conflict with other applications. When the port is changed the proxy is restarted and ongoing connections are terminated. Applications do not need to be configured to connect to the Transparent Proxy port. The port is needed for internal operations by GFI WebMonitor.
Ensure that GFI WebMonitor is running in Gateway mode. Transparent Proxy cannot work in Simple Proxy mode. For more information refer to Deployment in an Internet Gateway environment.
|Microsoft TMG firewall and Transparent Proxy||Transparent proxy is not compatible with Microsoft Forefront TMG.|
|Proxy Chaining||Transparent proxy cannot be enabled if Proxy Chaining is already used, because of possible conflicts. For more information refer to Configuring Chained Proxy.|
|Network address translation (NAT)||Ensure Network address translation (NAT) is disabled on the GFI WebMonitor server for Transparent Proxy to work. Network address translation (NAT) modifies network address information in HTTP and HTTPS traffic.|
How it works
Transparent Proxy can work in parallel with the regular proxy. HTTP and HTTPS traffic originating from client machines that are not set to explicitly point to GFI WebMonitor (manually or through WPADWeb Proxy AutoDiscovery protocol.) is captured by the Transparent Proxy once this functionality is enabled.
When a user makes a request, the GFI WebMonitor Transparent Proxy intercepts the request even if the client machine has no configured proxy. If the requested content is allowed by GFI WebMonitor, the Transparent Proxy delivers it to the destination.