?
Solved

Squid cache server behind a Watchguard appliance

Posted on 2011-09-21
5
Medium Priority
?
2,442 Views
Last Modified: 2013-11-23
Hi,
I have a Watchguard XTM-520 box and I'm trying to configure it to use a Squid linux as an external cache server, since watchguard does not do caching.

If I point my browser directly to the squid server
(which is behind the firewall) I'm able to browse ok.
The firebox has a setting for the http proxy that
allows you to point all outgoing http requests to a
proxy caching server (Use Webcache Server). If I plug the squid IP address
in here, browsing stops working. The browsers hang
for a while at the site contacted, waiting for reply.
Finally the request times out.

Can anyone please help me to find out why this config is not working?

Thanks,
0
Comment
Question by:A-MONTERO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Accepted Solution

by:
Felicia King earned 2000 total points
ID: 36577799
I'm a WatchGuard certified partner. I think you need to ask the WatchGuard support experts this question. The problem may be an incompability in the redirection.
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36583876
Hi,
If I understand correctly you have some net-design like this:

PC - Watchguard - Squid - RouterInternet

The trouble could be routing-traffic from squid-box to wathguard what OS you use for Squid?

-regards-
0
 

Author Comment

by:A-MONTERO
ID: 36583896
OS for Squid is Ubuntu Linux 9.10
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36711503
Hi,
Asumming you Network Topology is like a ask before...

You need to be shure that can reach your networks by running traceroute from your linux box to your inside LAN and to internet.
Then perhaps validate a fix iptables o rounting rules on your linux, at least check squid config ACL.
Also check the logs to see whats goin on.

-regards
0
 
LVL 1

Expert Comment

by:marcoseguracr
ID: 39672082
This is not the right solution, in general, Watchguard HTTP-PROXY only can handle WEB-CACHE SERVER only when the rule is HTTP-PROXY rule and not part of TCP-UDP-PROXY rule. The most important is that your squid need full access (preferred in different VLAN, without direct access at your local LAN). with this you will warranty that will work great.

You can use THUNDER CACHE or RAPTOR CACHE that include really good combination of cache-proxy that help to speed up your network with new WEB 2.0 technologies (facebook, youtube, googlevideo, etc...)
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question