3. In the Web Appliance’s administrative web interface, on the Configuration > Network >
Network Interface page, set the Deployment Mode to Explicit proxy.
Related concepts
on page 198
Related tasks
Using the Local Site List Editor
on page 99
on page 151
Bypassing for Internal Servers
on page 33
Upstream ISA/TMG Server Deployment
on page 36
Related information
2.3.1.1 Downstream ISA/TMG Server Deployment
This option, which uses either a Microsoft Internet Security and Acceleration (ISA) server or a
Microsoft Forefront Threat Management Gateway (TMG) server, is based on the Explicit
Deployment. This deployment is different in that it includes an ISA/TMG server (and optionally
an Active Directory server) between users and the Web Appliance.
■
Allows the Web Appliance to work with an ISA/TMG Server.
■
If the Sophos ISA/TMG plug-in is installed, and an Active Directory server is on the network
side of the ISA or TMG server, then clients (users) can be seen as usernames.
■
Allows you to use multiple Web Appliances in a simple load-balancing deployment.
■
If the Sophos ISA/TMG plug-in is not installed, all traffic will be identified as coming from one
user: the ISA/TMG server.
■
If the Sophos ISA/TMG plug-in is not installed or an Active Directory server is not on the
network side of the ISA/TMG server, then clients (users) will appear as IP addresses only.
■
Does not support individual user opt-out, although with the ISA/TMG plug-in installed custom
policy can be applied to an individual user or group.
Operation
Sophos Web Appliance | Getting Started | 27