Solved

Proxy and Firewall

Posted on 2009-05-06
4
588 Views
Last Modified: 2013-11-22
Hi

I was hoping for some advice on a proxy and firewall setup I am doing, as I am a bit unsure of what will have to be done.

I have setup a transparent Squid Proxy for Caching and to give the internal lan access to the internet. Thus it is configured transparently with a few Access rules and it has some IPtables rules in. For the setup I set it up with my router as the main point of internet access with the Proxy behind it and then the LAN.

But we have an already existing Firewall (Cisco Pix) what we need to use. Thus from the router it will then be the Firewall and then behind it the proxy and then the rest of the lan.

Will anyone be able to tell me what changes I will have to make (except for configuring the network interfaces between the Proxy and Firewall) to the Squid Proxy and the Cisco Pix to allow the traffic from inside to go through the proxy and then trough the Pix, but still making use of the Pix Firewall rules?

Or will it maybe be possible to switch of/disable all the firewall/iptable/acl on the Squid Proxy that only the Cisco Pix is the only Firewall access control method?
0
Comment
Question by:Rigged
  • 3
4 Comments
 
LVL 2

Accepted Solution

by:
Miele102 earned 500 total points
ID: 24313765
If i understand the question, there is no need for change anything.
The firewall allows http and https, and that is what the proxy uses.
The proxy caches the internet pages so a client ask for a page and the proxy looks through the firewall (port 80 or 443) and download that page. He puts that page is his cache and then deliver the page to the client.
So, if a client has internet access through the firewall (proxy is not set yet), and you activate the proxy the only change you must made is that the client looks at the proxy. IE Setting.

Hopes this was helpfull.
0
 
LVL 1

Author Comment

by:Rigged
ID: 24313846
That sounds reasonable, Thanks.

Have anyone heard of or used WCCP (Cisco's Web Cache Coordination Protocol). I see the Squid server has options for it and I believe the IOS on the Pix should support it as well. How does WCCP work and will it help me in the above mentioned setup as we basically just need a caching proxy to help alleviate the bandwidth strain?
0
 
LVL 1

Author Comment

by:Rigged
ID: 24334455
Well the WCCP isn't that necesarry anymore. I Have put the proxy server to connect through our PIX and the rest of our lan to use the proxy as the gateway.

All I ended up changing is the Proxy servers external interface and set the gateway to be the pix, All was working then except for RDP. I ended up taking out the IPTables rule I created for RDP to work when the Proxy was going straight through the Router.
:D
0
 
LVL 1

Author Closing Comment

by:Rigged
ID: 31579361
Thanks again Miele :)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now