This article answers the query: What are the limitations of the Transparent Proxy feature?
- The Transparent Proxy cannot be enabled if Proxy Chaining is already used because of possible conflicts.
- The Transparent Proxy uses a driver-based solution to capture HTTP(S) traffic from the network. Therefore, it is incompatible with other driver-base solutions such as:
- NAT solutions: NAT needs to be disabled on the server machine so that the Transparent Proxy can work.
- Microsoft TMG Transparent Proxy: Transparent Proxy is not compatible with TMG. It cannot be enabled on machines with TMG.
- The applications that use other protocols besides HTTP/HTTPS may not work correctly. It happens because that traffic cannot be adequately controlled via the proxy. An example would be Skype. In this case, machines using this application would need to bypass the proxy.
- Applications generating HTTPS traffic and not using the SNI (Server Name Indication) extension header can have issues. In such situations, the GFI Proxy can’t handle connections properly that have destination port 443, because it doesn’t know the server name. Applications that use an older version of the TLS 1.0 protocol would have the above problem.
- Although regular proxy-based authentications cannot occur in transparent mode, transparent proxy still supports basic and integrated authentication. If authentication is set, the browsers will display a pop-up window asking for the user to enter credentials manually. If some applications are not capable of displaying the pop-up window to transmit the credentials further, authentication will not work on them.