Solved

Corporate Proxy Server - still relevant now?

Posted on 2013-11-29
7
467 Views
Last Modified: 2016-02-25
We are currently putting all internal computers that connect through the internet through our Sophos UTM via proxy.  I have been told that this reduces connection speed and the use of this type of proxy is not relevant anymore. Is this the case and are there any alternatives?
We still want to block sites such as facebook etc.
0
Comment
Question by:scoops98
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
ID: 39685234
If you have a proxy server and are routing thru that to the UTM, then yes, perhaps that does affect bandwidth.  If you are using the IP of the UTM as a proxy setting in IE, then probably not. Whether that proxy address is needed or not depends on why you set it up in the first place and the physical location of the UTM in the network.

For example, I have an iPrism device that does our web filtering.  It sits physically in-line between the switch and the firewall.  Since there is no other way out to the Internet other than going thru the firewall and since traffic headed there has to pass thru the switch first, it must also pass thru the iPrism device so I don't need to specify a proxy setting of any kind nor do I need a proxy server.

However, I also have PCs on partner networks that must come back to our network to access our resources. In those cases, I specify a proxy setting in IE, because if I didn't IE would not be able to access most of our resources.  The proxy setting in IE in these cases is the IP of the iPrism device.

If you are running a real proxy server for some other security or routing issue, you may still need that on your main LAN.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 500 total points
ID: 39685235
Forgot to say that if there are multiple ways to the Internet and you want to make sure that all of that traffic traverses the UTM, then you may very well need the proxy setting in IE to point to the proxy server or the UTM depending on your setup.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 39686948
Proxy servers and UTM firewalls are out dated.  The next generation firewalls such Palo Alto Networks Firewalls provides the ability to filter based on Content-ID, User-ID, and App-ID as well as protects against malware.  There is no longer a need to redirect traffic through multiple proxy filter points or layers of protection; you only need to go through one device for all filtering and protection needs.  In this Web 2.0/3.0 era you need an appliance that can filter traffic more granularly beyond just a site, but the sites individual applications/services.  For example: Facebook and other site provide chatting, file transferring, and other services.  So being able to allow access to a site for select purposes, but disabling the ability to chat, transfer files, remove malicious advertisements, etc... these days is very important.

So, I think the point that was being made that today you only need a single firewall appliance for filtering user internet access vs the use of a proxy server that impedes traffic and bandwidth.
0
 

Author Comment

by:scoops98
ID: 39687347
Thanks for all your prompt answers:) I have been looking at opendns umbrella as a potential solution. Will also research the products mentioned above.
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39995380
Palo Alto firewalls are the way to go in my opinion. They certainly take the LEAST amount of performance hit when enabling IPS/AV/URL filtering.

Even the LOWEST end firewall still pushes 50mbps TCP/HTTP with everything enabled.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question