Solved

Proxy and Firewall

Posted on 2009-05-06
4
592 Views
Last Modified: 2013-11-22
Hi

I was hoping for some advice on a proxy and firewall setup I am doing, as I am a bit unsure of what will have to be done.

I have setup a transparent Squid Proxy for Caching and to give the internal lan access to the internet. Thus it is configured transparently with a few Access rules and it has some IPtables rules in. For the setup I set it up with my router as the main point of internet access with the Proxy behind it and then the LAN.

But we have an already existing Firewall (Cisco Pix) what we need to use. Thus from the router it will then be the Firewall and then behind it the proxy and then the rest of the lan.

Will anyone be able to tell me what changes I will have to make (except for configuring the network interfaces between the Proxy and Firewall) to the Squid Proxy and the Cisco Pix to allow the traffic from inside to go through the proxy and then trough the Pix, but still making use of the Pix Firewall rules?

Or will it maybe be possible to switch of/disable all the firewall/iptable/acl on the Squid Proxy that only the Cisco Pix is the only Firewall access control method?
0
Comment
Question by:Rigged
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 2

Accepted Solution

by:
Miele102 earned 500 total points
ID: 24313765
If i understand the question, there is no need for change anything.
The firewall allows http and https, and that is what the proxy uses.
The proxy caches the internet pages so a client ask for a page and the proxy looks through the firewall (port 80 or 443) and download that page. He puts that page is his cache and then deliver the page to the client.
So, if a client has internet access through the firewall (proxy is not set yet), and you activate the proxy the only change you must made is that the client looks at the proxy. IE Setting.

Hopes this was helpfull.
0
 
LVL 1

Author Comment

by:Rigged
ID: 24313846
That sounds reasonable, Thanks.

Have anyone heard of or used WCCP (Cisco's Web Cache Coordination Protocol). I see the Squid server has options for it and I believe the IOS on the Pix should support it as well. How does WCCP work and will it help me in the above mentioned setup as we basically just need a caching proxy to help alleviate the bandwidth strain?
0
 
LVL 1

Author Comment

by:Rigged
ID: 24334455
Well the WCCP isn't that necesarry anymore. I Have put the proxy server to connect through our PIX and the rest of our lan to use the proxy as the gateway.

All I ended up changing is the Proxy servers external interface and set the gateway to be the pix, All was working then except for RDP. I ended up taking out the IPTables rule I created for RDP to work when the Proxy was going straight through the Router.
:D
0
 
LVL 1

Author Closing Comment

by:Rigged
ID: 31579361
Thanks again Miele :)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to create the monitoring for Spiceworks 2 39
Help creating a custom privilege level in a Cisco switch or router 3 67
Cisco AnyConnect VPN 4 46
types of VPN 2 58
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question