?
Solved

Squid cache server behind a Watchguard appliance

Posted on 2011-09-21
5
Medium Priority
?
2,514 Views
Last Modified: 2013-11-23
Hi,
I have a Watchguard XTM-520 box and I'm trying to configure it to use a Squid linux as an external cache server, since watchguard does not do caching.

If I point my browser directly to the squid server
(which is behind the firewall) I'm able to browse ok.
The firebox has a setting for the http proxy that
allows you to point all outgoing http requests to a
proxy caching server (Use Webcache Server). If I plug the squid IP address
in here, browsing stops working. The browsers hang
for a while at the site contacted, waiting for reply.
Finally the request times out.

Can anyone please help me to find out why this config is not working?

Thanks,
0
Comment
Question by:A-MONTERO
5 Comments
 
LVL 4

Accepted Solution

by:
Felicia King earned 2000 total points
ID: 36577799
I'm a WatchGuard certified partner. I think you need to ask the WatchGuard support experts this question. The problem may be an incompability in the redirection.
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36583876
Hi,
If I understand correctly you have some net-design like this:

PC - Watchguard - Squid - RouterInternet

The trouble could be routing-traffic from squid-box to wathguard what OS you use for Squid?

-regards-
0
 

Author Comment

by:A-MONTERO
ID: 36583896
OS for Squid is Ubuntu Linux 9.10
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36711503
Hi,
Asumming you Network Topology is like a ask before...

You need to be shure that can reach your networks by running traceroute from your linux box to your inside LAN and to internet.
Then perhaps validate a fix iptables o rounting rules on your linux, at least check squid config ACL.
Also check the logs to see whats goin on.

-regards
0
 
LVL 1

Expert Comment

by:marcoseguracr
ID: 39672082
This is not the right solution, in general, Watchguard HTTP-PROXY only can handle WEB-CACHE SERVER only when the rule is HTTP-PROXY rule and not part of TCP-UDP-PROXY rule. The most important is that your squid need full access (preferred in different VLAN, without direct access at your local LAN). with this you will warranty that will work great.

You can use THUNDER CACHE or RAPTOR CACHE that include really good combination of cache-proxy that help to speed up your network with new WEB 2.0 technologies (facebook, youtube, googlevideo, etc...)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question