• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 597
  • Last Modified:

Proxy and Firewall

Hi

I was hoping for some advice on a proxy and firewall setup I am doing, as I am a bit unsure of what will have to be done.

I have setup a transparent Squid Proxy for Caching and to give the internal lan access to the internet. Thus it is configured transparently with a few Access rules and it has some IPtables rules in. For the setup I set it up with my router as the main point of internet access with the Proxy behind it and then the LAN.

But we have an already existing Firewall (Cisco Pix) what we need to use. Thus from the router it will then be the Firewall and then behind it the proxy and then the rest of the lan.

Will anyone be able to tell me what changes I will have to make (except for configuring the network interfaces between the Proxy and Firewall) to the Squid Proxy and the Cisco Pix to allow the traffic from inside to go through the proxy and then trough the Pix, but still making use of the Pix Firewall rules?

Or will it maybe be possible to switch of/disable all the firewall/iptable/acl on the Squid Proxy that only the Cisco Pix is the only Firewall access control method?
0
Rigged
Asked:
Rigged
  • 3
1 Solution
 
Miele102Commented:
If i understand the question, there is no need for change anything.
The firewall allows http and https, and that is what the proxy uses.
The proxy caches the internet pages so a client ask for a page and the proxy looks through the firewall (port 80 or 443) and download that page. He puts that page is his cache and then deliver the page to the client.
So, if a client has internet access through the firewall (proxy is not set yet), and you activate the proxy the only change you must made is that the client looks at the proxy. IE Setting.

Hopes this was helpfull.
0
 
RiggedAuthor Commented:
That sounds reasonable, Thanks.

Have anyone heard of or used WCCP (Cisco's Web Cache Coordination Protocol). I see the Squid server has options for it and I believe the IOS on the Pix should support it as well. How does WCCP work and will it help me in the above mentioned setup as we basically just need a caching proxy to help alleviate the bandwidth strain?
0
 
RiggedAuthor Commented:
Well the WCCP isn't that necesarry anymore. I Have put the proxy server to connect through our PIX and the rest of our lan to use the proxy as the gateway.

All I ended up changing is the Proxy servers external interface and set the gateway to be the pix, All was working then except for RDP. I ended up taking out the IPTables rule I created for RDP to work when the Proxy was going straight through the Router.
:D
0
 
RiggedAuthor Commented:
Thanks again Miele :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now