cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Maarten_Sjouw
Platinum

Proxy and SecureXL

Is there any way that SecureXL Medium path can be used when the GW is used as a proxy?

We have a customer that has a 15600 and they have asked us to setup a proxy for several reasons. Now they are migrating to Office365 and I see a lot of traffic hitting the FW path, some traffic hitting the medium path and none hitting the fast path.

As Proxy traffic needs to be handled by the gateway itself, I would not expect this to be able to accelerated, so my thoughts were to ask the customer to exclude the Office 365 URL's from the PAC file, so they will not use the proxy, thus allowing this traffic to be accelerated.

They also have WiFi networks that do not need to use the proxy and we see 200/600Mbps in traffic in PXL/FW paths. We have 12 cores for the FW-Workers but are all at or close to 100% at the busy moments.

Regards, Maarten
0 Kudos
3 Replies

Re: Proxy and SecureXL

In R80.10 gateway and earlier I'm pretty sure the answer is no.  This might be handled differently in R80.20 gateway however due to the wholesale changes in SecureXL, but I doubt it.  See:

sk92482 - Performance impact from enabling HTTP/HTTPS Proxy functionality

Also if you are inspecting Office 365 traffic, you probably have HTTPS Inspection enabled which will force F2F handling for all traffic subject to it anyway on R80.10 gateway regardless of whether proxy mode is used or not.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Maarten_Sjouw
Platinum

Re: Proxy and SecureXL

We are running R77.30 for this customer.

In Proxy environment you do not need to enable the HTTPS inspection separately as the traffic is unpacked anyway.

But in this case we really need to have this traffic in bypass-the-proxy-mode to move it into the PXL path. So we have asked the customer to adjust the proxy pac file, so we can add a small policy to allow this traffic to pass and be moved to PXL path.

Regards, Maarten
0 Kudos

Re: Proxy and SecureXL

Correct, the answer is NO

0 Kudos