Solved

Squid cache server behind a Watchguard appliance

Posted on 2011-09-21
5
2,341 Views
Last Modified: 2013-11-23
Hi,
I have a Watchguard XTM-520 box and I'm trying to configure it to use a Squid linux as an external cache server, since watchguard does not do caching.

If I point my browser directly to the squid server
(which is behind the firewall) I'm able to browse ok.
The firebox has a setting for the http proxy that
allows you to point all outgoing http requests to a
proxy caching server (Use Webcache Server). If I plug the squid IP address
in here, browsing stops working. The browsers hang
for a while at the site contacted, waiting for reply.
Finally the request times out.

Can anyone please help me to find out why this config is not working?

Thanks,
0
Comment
Question by:A-MONTERO
5 Comments
 
LVL 4

Accepted Solution

by:
Felicia King earned 500 total points
ID: 36577799
I'm a WatchGuard certified partner. I think you need to ask the WatchGuard support experts this question. The problem may be an incompability in the redirection.
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36583876
Hi,
If I understand correctly you have some net-design like this:

PC - Watchguard - Squid - RouterInternet

The trouble could be routing-traffic from squid-box to wathguard what OS you use for Squid?

-regards-
0
 

Author Comment

by:A-MONTERO
ID: 36583896
OS for Squid is Ubuntu Linux 9.10
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36711503
Hi,
Asumming you Network Topology is like a ask before...

You need to be shure that can reach your networks by running traceroute from your linux box to your inside LAN and to internet.
Then perhaps validate a fix iptables o rounting rules on your linux, at least check squid config ACL.
Also check the logs to see whats goin on.

-regards
0
 
LVL 1

Expert Comment

by:marcoseguracr
ID: 39672082
This is not the right solution, in general, Watchguard HTTP-PROXY only can handle WEB-CACHE SERVER only when the rule is HTTP-PROXY rule and not part of TCP-UDP-PROXY rule. The most important is that your squid need full access (preferred in different VLAN, without direct access at your local LAN). with this you will warranty that will work great.

You can use THUNDER CACHE or RAPTOR CACHE that include really good combination of cache-proxy that help to speed up your network with new WEB 2.0 technologies (facebook, youtube, googlevideo, etc...)
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question