Smoothwall's web proxy service can be configured to operate in either transparent or non-transparent mode - but what are the differences, and how should you choose between them?
Choosing between Transparent and non-transparent proxying.
In transparent mode, there are no special configuration steps needed to setup client browsers, thus allowing the proxy service to be activated and in-use almost immediately. Once activated, all traffic destined for the Internet arriving on port 80 and port 443 (optional) is automatically redirected through the proxy.
Both transparent and non-transparent proxying can be used together at the same time. Enabling transparent does not stop non-transparent from working. In situations where transparent is the norm but a specific application requires non-transparent you can simply configure the proxy settings in that application.
NOTE: Transparent proxy only intercepts traffic for TCP port 80 and 443. Traffic going to non-standard ports is not intercepted.
Why use non-transparent proxying?
The main reason to use a non-transparent proxy is so that the web browser and other client applications know that a proxy is being used, and so can act accordingly. Initial configuration of a non-transparent proxy might be trickier, but ultimately provides a much more powerful and flexible proxying service. Spyware and worms that use the web for transmission may not be able to function because proxy settings are unknown. This can reduce the spread of malicious software and prevent bandwidth from being wasted by infected systems.
Configuring proxy settings in non-transparent mode
When using non-transparent proxying, appropriate proxy settings must be configured on client machines and browsers. This can be achieved in a number of different ways:
Proxy settings can be entered manually in most web browsers and web-enabled applications. Usually such settings are entered as part of the application's Connection Settings or similar. The address of the proxy is required, along with the proxy port number. These settings are displayed on the Web proxy > Web proxy > Settings page. See our help topic, Configuring the web proxy.
- Automatic configuration script
The Smoothwall proxy provides a
proxy.pacfile that can be used to automatically configure proxy settings in most Internet browsers. To use the automatic configuration script, go to Web proxy > Web proxy > Automatic configuration. See our help topic, Configuring the web proxy with proxy auto-config (PAC) scripts.
- Microsoft Windows 2000 domain
In a Windows 2000+ domain, proxy settings can be configured in the domain security policy. This eliminates the need to manually configure any part of the users system.
- Automatic discovery
Many browsers support automatic discovery of proxy settings using the WPAD (Web Proxy Auto-Discovery) protocol. This is relatively easy to configure if you have a local DNS server. Using DHCP to distribute proxy settings - DHCP can also be used to set proxy settings. That might be a better method than using security policies. Currently the DHCP server on the Smoothwall firewalls cannot be used for giving out
- Microsoft Windows login script
The Windows login script can be used to import a registry file which will automatically configure the system wide proxy settings.
Browsers like Firefox can be configured automatically with ini files. Such files could be copied or modified as part of the login script on a Microsoft Windows or Linux network.
- Third party solutions
Third party applications are available for Windows which can, at login, automatically configure web browser proxy settings. These range from simple programs designed specifically to automate proxy configuration, or more sophisticated applications that provide a range of services such as monitoring the user's desktop.
When to use transparent proxying
When minimal or no network configuration is required. Transparent proxying can be useful in mixed environments containing Unix, Linux, Apple Mac and Microsoft Windows systems. This allows quick access to the web proxy for everyone, without having to configure a multitude of different platform specific applications and browsers.