Sophos UTM: Redirect single domains through FoxyProxy Proxy Servers

Suppose you have Sophos Unified Threat Management (any edition, including the free home edition) and want to load sites like Google through country-specific proxy servers. This would allow people on your network to use a web-filtering proxy like Sophos UTM, while still leveraging FoxyProxy proxy servers for geo-specific testing. In the example below:

• https://google.pl and www.iplocation.net load through a Polish FoxyProxy proxy server
• https://google.es and www.iplocation.net load through a Spanish FoxyProxy proxy server
• All other sites through your default local proxy server

Many thanks to Rainer Quack for assistance.

1. First, get your local proxy server configured as described here. Here is a screenshot from a fully functional installation of the free Sophos home edition. Click image for larger screenshot:

   

2. Now define the first external (FoxyProxy) proxy server. Under Web Protection, Choose Web Filter Profiles -> Click button “+New Parent Proxy”. Click image for larger screenshot:

   

3. Enter a name and comment, like “External proxy in poland”. Click image for larger screenshot:
   
4. Under “Use Proxy for these hosts”, click on the green “+” sign and define the URLs you want to be redirected to this FoxyProxy server. In this example, we use: *.google.pl and *.iplocation.net. Then click Apply:
   
5. Under Parent Proxy, check the “+” sign and add the DNS Name of your FoxyProxy proxy server. Don’t forget to correct the Port (usually 3128 or 13129):
   
6. Check “Proxy requires authentication” and add the username and password that was given to you. In this example, you’ll see the username is “demo”.
   
7. Don’t forget to click the Save button after entering this info. You should see this screen:
   
8. Create additional proxies if needed. Here we create another but for Spain:
   
9. Finally, enable the upstream proxies in your Webfilter Policy: Web Protection->Web Filtering->Policies Tab –> click “Default content filter action”:
   
10. From the new window, choose Additional Options–>Network configuration–>Parent proxies. Enable the Parent Proxies and define the priority by clicking the Up/down Arrows:
    

Traffic will pass through the specified proxy only for the URLs defined in the upstream-proxy settings. In this example, it is www.google.pl and www.iplocation.net through Poland; www.google.es and www.whatsmyip.org through Spain. All other traffic passes through your UTM Proxy directly with your original external IP Address.