I have been pulling my hairs on this for a few days now, so I hope someone here can help me prevent premature baldness.

I have a ClusterXL Firewall (NGX R65 on Splat). I also have a proxy server on port 8080 in the dmz.

What I want is to scan the traffic from the intranet to the proxy so I can use the inclusion/exclusion for the URL Filtering. This because when you use a proxy all scanned traffic originates from the proxy server and not the client station in the intranet.

I configured the CFW Cluster to use 'Next Proxy' to the proxy server 8080. Wierd thing is that I now must allow all internal hosts to connect to port 8080 everywhere because otherwise I get an 'Access Denied' screen. The weird thing is that when I connect to the proxy from the intranet, do a request (i.e. google), the firewall tries to do a request directly to the destination host google on port 8080 with the client source IP! When I do allow all internal host access to port 8080->any, all traffic is still routed through the proxy when I configure a proxy in the browsers. But when I try to connect to an internet host directly from the intranet on 8080 (so outside the proxy) it also allows my connection.

This is definitly not what I want. I also tried running the proxy on port 80, but then I get the same problems. I also tried to add port 8080 to the HTTP filter (as described by another thread here) but somehow that traffic is not passing the URL filter.

Can anyone shed a light on this ?