OK, may I restate this to be certain that I've understood correctly?

In the 'Transparent mode', the HTTP/S Proxy only captures traffic on ports 80 and 443, and that traffic is the only traffic scanned by the A-V engines. Instead of creating packet filter rules for other web traffic, you can put those services into 'Allowed services' on the 'Advanced' tab, and the Astaro will create the necessary rules for you. The traffic for these other services is NOT scanned by the A-V engines, nor is it otherwise handled by the Proxy.

In the non-transparent modes, the HTTP/S proxy handles all of the services in 'Allowed Services' and the traffic is scanned by the A-V engines.

I'm still left with the following questions:

1. If the FTP Proxy is enabled, should one remove FTP from the HTTP allowed services regardless of the mode one is in?
   
2. How does the Proxy know that it's my browser making an FTP request instead of Filezilla? Is it possible to make a port-20 request via port 8080? I must be ignorant of some fundamental principle.

Thanks - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!