Support User Manuals

ZyXEL Communications 100 Series Network Router User Manual

Open as PDF

of 902

Chapter 17 HTTP Redirect

ZyWALL USG 100/200 Series User’s Guide

322

17.1.2 What You Need to Know About HTTP Redirect

Web Proxy Server

A proxy server helps client devices make indirect requests to access the Internet or outside

network resources/services. A proxy server can act as a firewall or an ALG (application layer

gateway) between the private network and the Internet or other networks. It also keeps hackers

from knowing internal IP addresses.

A client connects to a web proxy server each time he/she wants to access the Internet. The web

proxy provides caching service to allow quick access and reduce network usage. The proxy

checks its local cache for the requested web resource first. If it is not found, the proxy gets it

from the specified server and forwards the response to the client.

HTTP Redirect, Firewall and Policy Route

With HTTP redirect, the relevant packet flow for HTTP traffic is:

1 Firewall

2 Application Patrol

3 HTTP Redirect

4 Policy Route

Even if you set a policy route to the same incoming interface and service as a HTTP redirect

rule, the ZyWALL checks the HTTP redirect rules first and forwards HTTP traffic to a proxy

server if matched. You need to make sure there is no firewall rule(s) blocking the HTTP

requests from the client to the proxy server.

You also need to manually configure a policy route to forward the HTTP traffic from the

proxy server to the Internet. To make the example in Figure 229 on page 321 work, make sure

you have the following settings.

For HTTP traffic between lan1 and dmz:

• a from LAN1 to WAN firewall rule (default) to allow HTTP requests from lan1 to dmz.

Responses to this request are allowed automatically.

• an application patrol rule to allow HTTP traffic between lan1 and dmz.

• a HTTP redirect rule to forward HTTP traffic from lan1 to proxy server A.

For HTTP traffic between dmz and wan1:

• a from DMZ to WAN firewall rule (default) to allow HTTP request from dmz to wan1.

Responses to this request are allowed automatically.

• a application patrol rule to allow HTTP traffic between dmz and wan1.

• a policy route to forward HTTP traffic from proxy server A to the Internet.

Finding Out More

See Section 5.4.20 on page 120 for related information on these screens.

17.2 The HTTP Redirect Screen

To configure redirection of a HTTP request to a proxy server, click Network > HTTP

Redirect. This screen displays the summary of the HTTP redirect rules.

previous next