Solved

Proxy and Firewall

Posted on 2009-05-06
4
589 Views
Last Modified: 2013-11-22
Hi

I was hoping for some advice on a proxy and firewall setup I am doing, as I am a bit unsure of what will have to be done.

I have setup a transparent Squid Proxy for Caching and to give the internal lan access to the internet. Thus it is configured transparently with a few Access rules and it has some IPtables rules in. For the setup I set it up with my router as the main point of internet access with the Proxy behind it and then the LAN.

But we have an already existing Firewall (Cisco Pix) what we need to use. Thus from the router it will then be the Firewall and then behind it the proxy and then the rest of the lan.

Will anyone be able to tell me what changes I will have to make (except for configuring the network interfaces between the Proxy and Firewall) to the Squid Proxy and the Cisco Pix to allow the traffic from inside to go through the proxy and then trough the Pix, but still making use of the Pix Firewall rules?

Or will it maybe be possible to switch of/disable all the firewall/iptable/acl on the Squid Proxy that only the Cisco Pix is the only Firewall access control method?
0
Comment
Question by:Rigged
  • 3
4 Comments
 
LVL 2

Accepted Solution

by:
Miele102 earned 500 total points
ID: 24313765
If i understand the question, there is no need for change anything.
The firewall allows http and https, and that is what the proxy uses.
The proxy caches the internet pages so a client ask for a page and the proxy looks through the firewall (port 80 or 443) and download that page. He puts that page is his cache and then deliver the page to the client.
So, if a client has internet access through the firewall (proxy is not set yet), and you activate the proxy the only change you must made is that the client looks at the proxy. IE Setting.

Hopes this was helpfull.
0
 
LVL 1

Author Comment

by:Rigged
ID: 24313846
That sounds reasonable, Thanks.

Have anyone heard of or used WCCP (Cisco's Web Cache Coordination Protocol). I see the Squid server has options for it and I believe the IOS on the Pix should support it as well. How does WCCP work and will it help me in the above mentioned setup as we basically just need a caching proxy to help alleviate the bandwidth strain?
0
 
LVL 1

Author Comment

by:Rigged
ID: 24334455
Well the WCCP isn't that necesarry anymore. I Have put the proxy server to connect through our PIX and the rest of our lan to use the proxy as the gateway.

All I ended up changing is the Proxy servers external interface and set the gateway to be the pix, All was working then except for RDP. I ended up taking out the IPTables rule I created for RDP to work when the Proxy was going straight through the Router.
:D
0
 
LVL 1

Author Closing Comment

by:Rigged
ID: 31579361
Thanks again Miele :)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question