ISSUE:
There appears to be no way to fully disable the transparent web proxy functionality, even when using a FW rule with:
- Scan HTTP: Off
- Decrypt & Scan HTTPS: Off
- Web Policy: "None"
Although no rules are applied to web traffic, and SSL certificates are not changed, the XG firewall still appears to proxy the request in some manner, in the requests are sent to the IP address based on a DNS lookup from XG and not the IP address specified by the client.
Steps to reproduce:
- Create a FW rule with the above proxy settings (should not be proxied at all)
- Add a static DNS entry for a website under "Network" -> "DNS" using a different IP address to the real website (example add an entry for "bbc.co.uk" pointing to the IP address of www.google.co.uk (216.58.210.35)
- Restart "Web Proxy" service under "System Services" -> "Services"
- Browse to the website (https://www.bbc.co.uk)
Expected behaviour:
- The BBC website should be displayed
Actual behaviour:
- Google website is displayed
Summary:
Despite the fact that the client connection should not have been proxied, XG firewall has redirected the client connection to another IP address based on its own DNS lookup, rather than the IP address specified by the client.
SOLUTION:
Even with firewall rules configures to completely not do Web, the XG still sends traffic through the web proxy.
There are reasons for doing it this way.
To disable this feature:
* Go into Web
* Go to General Settings
* Click Advanced Settings.
* Make sure that "Enable Pharming Protection" is turned off.
As per the feature description "Protect users against pharming and other domain name poisoning attacks by repeating DNS lookups before connecting."