Multi-Tech Systems RF600, RF660, RF760 Proxy

Chapter 6 – RouteFinder Software

Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 65

Proxy

Proxy

While the packet filter filters the data traffic on a network level, the use of a Proxy (also called an Application Gateway)

increases the security of the RouteFinder on the application level, as there is no direct connection between client and server.

Every proxy can offer further security for its application protocols. Since each proxy is intended to serve only one or a few

application protocols, it usually offers more sophisticated features for logging and real-time analysis of transferred content.

General Information About Proxies

Proxy Services and Authentication Methods

The SOCKSv5 and HTTP proxy services support user authentication. Both proxies can be configured so that they either

accept all clients (based on IP addresses), or only those clients with a valid user name and password. If you activate

user authentication, you must determine which method your RouteFinder will use to evaluate the requested credentials,

otherwise the proxy service cannot be used.

The RouteFinder supports user authentication against:

• RADIUS server

• Windows NT SAM user base

• Defined user database in Administration Access

The three user databases can also be interrogated one after the other.

To Switch Off Proxy Using Netscape Navigator

1. Open the menu Edit/Settings/Extended/Proxies.

2. At Manual Proxies Configuration, click the View button.

3. At No Proxy For, enter the IP address of your RouteFinder.

4. Click the OK button to save the entries.

To Switch Off Proxy Using Microsoft Internet Explorer

1. Open the menu Extras/Internet options.

2. Choose the register card Connections.

3. Open the menu LAN Settings/Extended.

4. Under Exceptions, enter the IP address of your RouteFinder.

5. Click the OK button to save your settings.

Rules and Suggestions for Using HTTP Proxy

• A valid name server is required for using an HTTP proxy.

• Administration Access should not be called up via one of its own proxies. You should configure your Web

browser in such a way that the IP address of the RouteFinder is not reached via a proxy.

• The HTTP proxy is an application gateway that converts the HTTP protocol (TCP/IP-port 80) for the

transmission of Web pages. To use an active HTTP proxy, you need matching browser settings (TCP/IP

address of your RouteFinder and port 3128); otherwise, the proxy must be run in transparent mode. Requests

to HTTPS (TCP/IP port 443) are forwarded unchanged.

• Parts of a Web page such as streaming audio and video are not loaded via port 80 (HTTP), but via a different

TCP port. These must be dealt with via an appropriate rule in the Packet Filter Rules.

Using Transparent Mode with HTTP Proxy

• While using transparent mode, all networks that should be forwarded transparently to the Proxy must be

assigned. All unassigned networks that you want to connect to the Internet without the proxy must be inserted

with a corresponding rule in Packet Filter. There is no access to the HTTP proxy using predefined settings in

the browser in transparent mode.

• If you choose Non-Transparent mode, consider the following:

• You must assign the networks that are to be allowed to use the proxy.

• No unassigned networks can use the HTTP proxy if the proxy is configured in the browser.

• You must set up the RouteFinder internal IP and port 3128

• User Authentication is possible only in non-transparent mode.