Solved

Squid cache server behind a Watchguard appliance

Posted on 2011-09-21
5
2,298 Views
Last Modified: 2013-11-23
Hi,
I have a Watchguard XTM-520 box and I'm trying to configure it to use a Squid linux as an external cache server, since watchguard does not do caching.

If I point my browser directly to the squid server
(which is behind the firewall) I'm able to browse ok.
The firebox has a setting for the http proxy that
allows you to point all outgoing http requests to a
proxy caching server (Use Webcache Server). If I plug the squid IP address
in here, browsing stops working. The browsers hang
for a while at the site contacted, waiting for reply.
Finally the request times out.

Can anyone please help me to find out why this config is not working?

Thanks,
0
Comment
Question by:A-MONTERO
5 Comments
 
LVL 4

Accepted Solution

by:
Felicia King earned 500 total points
ID: 36577799
I'm a WatchGuard certified partner. I think you need to ask the WatchGuard support experts this question. The problem may be an incompability in the redirection.
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36583876
Hi,
If I understand correctly you have some net-design like this:

PC - Watchguard - Squid - RouterInternet

The trouble could be routing-traffic from squid-box to wathguard what OS you use for Squid?

-regards-
0
 

Author Comment

by:A-MONTERO
ID: 36583896
OS for Squid is Ubuntu Linux 9.10
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36711503
Hi,
Asumming you Network Topology is like a ask before...

You need to be shure that can reach your networks by running traceroute from your linux box to your inside LAN and to internet.
Then perhaps validate a fix iptables o rounting rules on your linux, at least check squid config ACL.
Also check the logs to see whats goin on.

-regards
0
 
LVL 1

Expert Comment

by:marcoseguracr
ID: 39672082
This is not the right solution, in general, Watchguard HTTP-PROXY only can handle WEB-CACHE SERVER only when the rule is HTTP-PROXY rule and not part of TCP-UDP-PROXY rule. The most important is that your squid need full access (preferred in different VLAN, without direct access at your local LAN). with this you will warranty that will work great.

You can use THUNDER CACHE or RAPTOR CACHE that include really good combination of cache-proxy that help to speed up your network with new WEB 2.0 technologies (facebook, youtube, googlevideo, etc...)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now