Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
131132133134135136137138139140
Chapter 9: Configuring Proxied Services
120 WatchGuard Firebox System
Selecting an HTTP Service
Because of the extensive security implications of HTTP traffic, it is
important to restrict the incoming service as much as possible. Many
administrators set up public Web servers only on their Optional interface.
They restrict incoming HTTP traffic to the Optional interface and prohibit
incoming HTTP traffic from traveling from the Optional interface to the
Trusted interface. Outgoing traffic is generally less restrictive. For
example, many companies open outgoing HTTP traffic from Any to Any.
WatchGuard Firebox System offers three different types of HTTP services.
Choose the HTTP service that best meets your needs:
Proxied-HTTP is a multiservice that combines configuration options
for HTTP on port 80 with a rule that allows (by default) all outgoing
TCP connections. In other words, the Proxied-HTTP is not bilateral
incoming and outgoing; this service controls incoming TCP traffic
only on port 80, but allows outgoing TCP traffic on all ports. The
Proxied-HTTP service includes a variety of custom options including
specialized logging features, definition of safe content types, and
WebBlocker.
HTTP is a proxy service that functions very much like Proxied-HTTP,
except that it controls both incoming and outgoing access only on port
80.