User guide
Selecting an HTTP Service
User Guide 121
N
OTE
The WatchGuard service called “HTTP” is not to be confused with an
HTTP caching proxy. An HTTP caching proxy refers to a separate
machine that performs caching of Web data.
• Filtered-HTTP is a multiservice that combines configuration options
for HTTP on port 80 with a rule allowing (by default) all outgoing
TCP connections. As a filtered service, Filtered-HTTP is considerably
faster than Proxied-HTTP or HTTP, but does not provide protection
that is as thorough or as effective. In addition, none of the custom
options, including WebBlocker, are available for Filtered-HTTP.
Adding a proxy service for HTTP
Most network administrators use the HTTP proxy service when
configuring Web traffic. Many administrators combine their HTTP service
with an outgoing proxy service configured Any to Any to keep the HTTP
service both easy to understand and control. In the following procedure,
you define the content allowed to pass through the firewall.
1 In Policy Manager, click the Add Service icon. Expand the Proxies
folder, double-click HTTP, and then click OK.
The HTTP Properties dialog box appears. The default stance is to deny incoming
traffic and to allow outgoing traffic from Any to Any.
2 Use the Incoming HTTP connections are drop list to select Enabled
and Allowed.
3 Configure the service as you want. For example, to configure the
HTTP proxy to allow incoming traffic from Any to the optional
network, click Add beneath the To list. In the Add Address dialog
box, add the optional Firebox group. Click OK.
4 Click the Properties tab. Click Settings.
5 On the Settings tab, enable HTTP proxy properties according to your
security policy preferences.
6 If you are using the HTTP proxy service because you want to use
WebBlocker, see Chapter 16, “Controlling Web Site Access.”
For a description of each control, right-click it, and then select What’s This?. Or,
refer to the Field Definitions chapter in the Reference Guide.