User guide
CHAPTER 5: Types of Services
78 WatchGuard Firebox System 6.0
N
OTE
The WatchGuard service called HTTP Proxy is not to be confused with an
HTTP caching proxy. An HTTP caching proxy is a separate machine, and
it performs caching of Web data.If you use an external caching proxy, you
must explicitly enable (by adding service icons) any outgoing services you
intend to use. If you do not, outgoing TCP connections won’t work
properly.
Characteristics
•Protocol: TCP
• Server Port(s): 80 (although servers can be run on any port, a common
alternative is 8080, and Secure Socket Layer (SSL) connections are
generally served on port 443)
• Client Port(s): greater than 1023
• RFC: 1945
Common Scenarios
Scenario 1
Description
“Public” HTTP server on the Optional network.
Icons in the Services Arena
An HTTP icon, with Incoming From Any to the HTTP server.
Scenario 2
Description
“Public” HTTP server on the Trusted network.
Icons in the Services Arena
Even with dynamic NAT, the HTTP server must have a “public”
address. Configuration is exactly the same as in Scenario 1.
Proxied-HTTP
Proxied-HTTP combines configuration options for HTTP on port 80 with
a rule allowing all outgoing TCP connections by default. Using the