Network settings

From Secure Web Gateway
Revision as of 00:31, 25 July 2021 by Manish (talk | contribs) (1 revision imported)

Overview

Configure the basic Network Infrastructure.

Configure the Sockets on which SafeSquid will Listen, and accept connections from clients.

Manage SafeSquid's outgoing connections through existing IP's of your host system.

Listen

Setup SafeSquid’s Listen Interfaces to accept connections from clients.

When SafeSquid starts-up, all the enabled entries will be evaluated, and create appropriate Listening Sockets.

You may specify these Interfaces when creating policies in Access Restrictions Section.

Evaluation logically skips disabled Entries.

Service restart is required to effect any changes made here.

Networksettings listen.jpg

Enabled

Enable or Disable this entry

  • TRUE :  Enable this entry.
  • FALSE : Disable this entry 

Comment

For documentation, and future references, explain the relevance of this entry with your policies.

That is, by reading the policies, a future user can understand the purpose of that entry.

Port

Specify the Listen port. By default, SafeSquid listens on port 8080.

Port value can be a positive integer between 1 and 65535. Default value is 8080

IP

Specify the IP address to complete the socket definition.

You may choose a specific IPv4 or IPv6 address.

Empty or Blank: All the IPv4 and IPv6 addresses of the host.

  • set to 0.0.0.0  :    Listen to all IPv4 IPs only
  • set to ::          :    Listen to all IPv6 IPs only

Bindings

Choose additional bindings (roles) for this Socket.

You may select multiple options if you need.

  • SSL_TRANSPARENT :  Accept SSL requests in a transparent proxy mode.
  • CAPTIVE_PORTAL :  Setup a captive portal for user authentication, when SafeSquid is used as a Transparent Proxy.
  • SSL_AUTHENTICATION : User authentication via SSL client certificates.(Not Yet Implemented)
  • SSL_BRIDGE : If SafeSquid has been setup as Reverse Proxy, and must provide SSL for non-SSL HTTP servers.(Not Yet Implemented)

Interface

Specify Interfaces for outgoing connections.

SafeSquid can take advantage of multiple ISPs or outbound connection routes, on multi-homed host systems.

Create multiple entries as required.

SafeSquid evaluates all enabled entries starting from top, and selects the first one that matches the connection.

Evaluation skips the disabled Entries.

Networksettings interface.jpg

Enabled

Enable or Disable this entry

  • TRUE :  Enable this entry.
  • FALSE : Disable this entry. 

Comment

For documentation, and future references, explain the relevance of this entry with your policies.

That is, by reading the policies, a future user can understand the purpose of that entry.

Profiles

Specify the Profiles applicable for this entry.

This entry will be applicable only if the connection has any one of the specified profiles.

Leave it Blank, to apply for all connections irrespective of any applied profile.

To avoid application to a connection that has a profile, use negated profile (!profile).

IP

Specify an IP address assigned to the host system.

SafeSquid will bind the outgoing connection to this IP address thus effectively applying the desired routing for the connection.

Note : The configuration must be saved and the proxy server has to be restarted before any changes take effect.

See Also

Secure WIFI Access Through  Active Directory Infrastructure And SafeSquid Captive Portal

Retrieved from "https://docs.safesquid.com/index.php?title=Network_settings&oldid=2191"