Deployment
There are four different ways you can deploy the Bloxx Web Filter or Secure Web Gateway within your network:
- Single interface/client configured proxy mode (proxy mode)
- Single interface/routed proxy mode
- Dual interface/transparent proxy mode (pass-thru mode)
- Dual interface/client configured proxy mode (pass-thru proxy mode)
In addition, appliances can be configured to work together to deal with larger or complex networks and to increase performance and resilience.
For more detailed information about deployment methods and which one is best suited to your network, please contact your Bloxx sales representative.
Single interface/client configured proxy mode (proxy mode)
When in proxy mode, the Bloxx Web Filter or Secure Web Gateway can be deployed anywhere on the LAN, downstream of the default gateway.
In this mode, all Web traffic (normally, traffic bound for TCP ports 80 and 443) is directed towards the Bloxx appliance by the client browsers. Each browser must be configured in some way to send Web traffic to the Bloxx appliance, which listens by default on port 8881.
Single interface/routed proxy mode
In this mode, instead of the client browsers directing Web traffic towards the Bloxx appliance, an additional network device such as a router or a switch performs this task. This relieves the administrator of the need to deploy proxy configuration to each client.
Dual interface/transparent proxy mode (pass-thru mode)
When the Bloxx appliance is deployed in Pass-thru mode, both of the appliance network interfaces are used. One is connected to the side of the LAN where the client machines are located and the other points towards the default gateway.
All traffic bound for the default gateway passes through the Bloxx appliance, which intelligently intercepts and filters HTTP traffic whilst allowing other protocols through untouched. Pass-thru is useful when you cannot roll out proxy configuration to all the clients in your network.
However, those features that depend on clients being explicitly aware of the proxy (such as NT authentication and HTTPS filtering) are unavailable.
Dual interface/client configured proxy mode (pass-thru proxy)
In Pass-thru Proxy mode, the appliance is configured as in Pass-thru mode, with one interface pointing towards the LAN and the other towards the default gateway. However, instead of being transparent, client browsers are configured to use the appliance as a proxy. This brings with it the advantages of a traditional proxy deployment, such as HTTPS filtering and NT authentication.
When deployed in Pass-thru mode, it is possible to configure some clients in your network to send Web traffic via the Bloxx appliance and to have other clients filtered transparently. You can also make use of different authentication schemes across the different network subnets, giving you maximum flexibility as to how you deploy Bloxx.