Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Proxy and Firewall

Posted on 2009-05-06
4
Medium Priority
?
595 Views
Last Modified: 2013-11-22
Hi

I was hoping for some advice on a proxy and firewall setup I am doing, as I am a bit unsure of what will have to be done.

I have setup a transparent Squid Proxy for Caching and to give the internal lan access to the internet. Thus it is configured transparently with a few Access rules and it has some IPtables rules in. For the setup I set it up with my router as the main point of internet access with the Proxy behind it and then the LAN.

But we have an already existing Firewall (Cisco Pix) what we need to use. Thus from the router it will then be the Firewall and then behind it the proxy and then the rest of the lan.

Will anyone be able to tell me what changes I will have to make (except for configuring the network interfaces between the Proxy and Firewall) to the Squid Proxy and the Cisco Pix to allow the traffic from inside to go through the proxy and then trough the Pix, but still making use of the Pix Firewall rules?

Or will it maybe be possible to switch of/disable all the firewall/iptable/acl on the Squid Proxy that only the Cisco Pix is the only Firewall access control method?
0
Comment
Question by:Rigged
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 2

Accepted Solution

by:
Miele102 earned 2000 total points
ID: 24313765
If i understand the question, there is no need for change anything.
The firewall allows http and https, and that is what the proxy uses.
The proxy caches the internet pages so a client ask for a page and the proxy looks through the firewall (port 80 or 443) and download that page. He puts that page is his cache and then deliver the page to the client.
So, if a client has internet access through the firewall (proxy is not set yet), and you activate the proxy the only change you must made is that the client looks at the proxy. IE Setting.

Hopes this was helpfull.
0
 
LVL 1

Author Comment

by:Rigged
ID: 24313846
That sounds reasonable, Thanks.

Have anyone heard of or used WCCP (Cisco's Web Cache Coordination Protocol). I see the Squid server has options for it and I believe the IOS on the Pix should support it as well. How does WCCP work and will it help me in the above mentioned setup as we basically just need a caching proxy to help alleviate the bandwidth strain?
0
 
LVL 1

Author Comment

by:Rigged
ID: 24334455
Well the WCCP isn't that necesarry anymore. I Have put the proxy server to connect through our PIX and the rest of our lan to use the proxy as the gateway.

All I ended up changing is the Proxy servers external interface and set the gateway to be the pix, All was working then except for RDP. I ended up taking out the IPTables rule I created for RDP to work when the Proxy was going straight through the Router.
:D
0
 
LVL 1

Author Closing Comment

by:Rigged
ID: 31579361
Thanks again Miele :)
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question