Sophos UTM has many open source services. Each service is for another function. The Web Protection is a squid proxy which can be used via Proxy-IP or via transparent mode. The VPN service “pluto” is an implemenation of strongSwan, etc. A data-packet runs trough many layers. I tried to figure out in which order it happens. I hope they are correct :->
feel free to correct me with your comment. I will be on vacation in Las Vegas, I will answer after my holiday. I wish you a nice weekend! See you!
3 Responses
Thank you so much for the workflow. It ‘s really useful.
You can specify how they work url filtering and application control? What control is done before? I this firse the web filtering and then the application control. is it right?
Hi,
regarding the ATP, there must be something before iptables which is sniffing the network traffic.
In general ATP messages are always dns requests to blacklisted domains. In fact, when you drop DNS traffic and forge a request to a blacklisted domain, you will get an alert. So there must be a daemon in promiscous mode which sits in front of iptables.
Such a Diagram allready exists, in Sophos’s Documentations. See:
https://i.imgsafe.org/995bf6a210.png