Sophos UTM Web Proxy is a pain in the backside.
It allows access to web-based admin pages EVEN THOUGH the FIREWALL doesn't allow such access! The firewall doesn't allow access, but the web proxy does!! FFS!!!
So, for example, your ISP router configuration interface could be accessible by a guest user, albeit protected by a password. Then your ISP router is susceptible to password guessing or script-based attacks.
And it's not just your ISP router is at risk, it's everything with an admin page.
On top of that, it re-badges your (valid) connection as though it's coming from the DESTINATION network. FFS! I guess it's a proxy, so that's sort of expected.
The web proxy is sort of necessary, since it has the dual-AV scanning engine. Therefore, disabling the web proxy and using only the firewall will result in web traffic not being scanned for malware.
