Explicit Deployment

This deployment involves explicitly configuring all client web browsers to use the Web Appliance, although you can also do this centrally by using distributed Active Directory Group Policy Objects (GPO).

  • Inspects HTTP, HTTPS, and FTP over HTTP traffic.
  • All clients require configuration (may be done centrally; see the "Configuration" section below).
  • If the deployment fails, all clients must be reconfigured (may be done centrally; see the "Configuration" section below).


  • Users' HTTP, HTTPS, and FTP over HTTP requests are passed to the Web Appliance .
  • The Web Appliance assesses URLs, blocks disallowed requests, checks if allowed URL requests are currently cached, and passes URL requests that are not cached through the firewall to retrieve them from the internet .
    Port 80, port 443, port 20, and port 21 requests from users are blocked at the firewall ; URLs are only accepted by the firewall if they are from the Web Appliance .
  • The Web Appliance receives any new pages or files and caches them; it passes the pages or files of allowed requests back to the users .
  • The users receive only safe and allowed pages and files or a notification page.


  1. Connect your organization's LAN to the Web Appliance's LAN port.
  2. Configure each user's web browser to use the Web Appliance via port 8080 as their web proxy for HTTP, HTTPS, and FTP. (Ports 3128 and 8081 are also supported, but their use is only suggested if the Web Appliance is replacing a previous proxy configuration that used one of these ports.)
    For information about adding support for HTTPS applications that use non-standard ports, see "Using the Local Site List Editor" in the Group Policy section of the documentation.
    Configuring all users' browsers to use the Web Appliance as a web proxy can be done centrally in Windows networks by using any of the methods described in the Sophos Web Appliance: Configuring your network for Explicit Deployment Knowledgebase article, which also includes links to the following:
  3. In the Web Appliance's administrative web interface, on the Configuration > Network > Network Interface page, set the Deployment Mode to Explicit proxy.