Networking Question - Web Browsing

Posted on 2011-10-07
Last Modified: 2012-05-12

We have an older network (please don't say it, i been pushing to upgrade it for years) consisting of 6 sites, 5 branches and 1 Head Office.

All the branches are meshed to the head office network via permanent VPN's (handled by Cisco PIX's). The branch sites do not have IP access to directly connect out to the internetand must pass through the head office network to where a proxy server and content management appliance resides. Each PC has the Proxy configuration set and it all works well.

Question is, i want to pull out the proxy server and put a new Sonicwall UTM solution between the PIX and network but to do this i will need to turn off the proxy settings in the browsers as no proxy servers will exist. The trouble is when doing this the browsers do not connect to the internet and do not seem to route through the head office network and back out the internet.

They seem to want to use the gateway of the branch router/PIX to which has rules to prevent access directly out through the Internet but i want the http traffic to flow through the head office network and through the UTM.

Hope that makes sense?
Question by:tmaster100
    LVL 7

    Accepted Solution

    you should be able to create a route on the branch PIX that tells http and https traffic to go via the IP of the sonicwall at head office
    LVL 28

    Expert Comment

    I'm not familiar with that specific product, but many security appliances will allow you to run them in some mode where you can specify it's IP address in the proxy settings of IE.

    For example, we use an iPrism web appliance device that sits between our LAN and the firewall. It's set to pass thru mode so that users at our main facility can just point to the Internet and go; no proxy settings.  But it also has an IP and for users on remote network who get their Internet access through our main facility, we can set the IP address and port of the device in their IE settings and it works fine.

    You might check with the company to see if that functionality exists.
    LVL 3

    Assisted Solution

    Cant you just give the pix a static route for http/s to the main office gateway and set an access list to allow it to happen?
    LVL 1

    Author Comment

    I will give that a go.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now