I never said that ;-) So I just found this article that describes it furthermore. If I got it right, then any traffic over ports 80,443 and 21 in transparent mode will go through the filter. From the article: In most firewall products, Access Control Entries are used to evaluate source and destination together. In UTM, any traffic handled by the proxies will bypass any firewall rules, so source-destination restrictions must be enforced in the proxy configuration. This requires extra care because the proxies implement source filtering and destination filter at different stages of the filtering process. When planning an implementation, consider that traffic can be blocked in multiple ways: The packet can be evaluated by the proxy, then blocked by proxy configuration. The packet can be ignored by the proxy, then blocked by an explicit or default-deny firewall rule. The packet can be ignored by the proxy, allowed by the firewall rules, but blocked if no public-to-private IP NAT rule is applicable.
↧