Solved

Corporate Proxy Server - still relevant now?

Posted on 2013-11-29
7
348 Views
Last Modified: 2016-02-25
We are currently putting all internal computers that connect through the internet through our Sophos UTM via proxy.  I have been told that this reduces connection speed and the use of this type of proxy is not relevant anymore. Is this the case and are there any alternatives?
We still want to block sites such as facebook etc.
0
Comment
Question by:scoops98
7 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
ID: 39685234
If you have a proxy server and are routing thru that to the UTM, then yes, perhaps that does affect bandwidth.  If you are using the IP of the UTM as a proxy setting in IE, then probably not. Whether that proxy address is needed or not depends on why you set it up in the first place and the physical location of the UTM in the network.

For example, I have an iPrism device that does our web filtering.  It sits physically in-line between the switch and the firewall.  Since there is no other way out to the Internet other than going thru the firewall and since traffic headed there has to pass thru the switch first, it must also pass thru the iPrism device so I don't need to specify a proxy setting of any kind nor do I need a proxy server.

However, I also have PCs on partner networks that must come back to our network to access our resources. In those cases, I specify a proxy setting in IE, because if I didn't IE would not be able to access most of our resources.  The proxy setting in IE in these cases is the IP of the iPrism device.

If you are running a real proxy server for some other security or routing issue, you may still need that on your main LAN.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 500 total points
ID: 39685235
Forgot to say that if there are multiple ways to the Internet and you want to make sure that all of that traffic traverses the UTM, then you may very well need the proxy setting in IE to point to the proxy server or the UTM depending on your setup.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 39686948
Proxy servers and UTM firewalls are out dated.  The next generation firewalls such Palo Alto Networks Firewalls provides the ability to filter based on Content-ID, User-ID, and App-ID as well as protects against malware.  There is no longer a need to redirect traffic through multiple proxy filter points or layers of protection; you only need to go through one device for all filtering and protection needs.  In this Web 2.0/3.0 era you need an appliance that can filter traffic more granularly beyond just a site, but the sites individual applications/services.  For example: Facebook and other site provide chatting, file transferring, and other services.  So being able to allow access to a site for select purposes, but disabling the ability to chat, transfer files, remove malicious advertisements, etc... these days is very important.

So, I think the point that was being made that today you only need a single firewall appliance for filtering user internet access vs the use of a proxy server that impedes traffic and bandwidth.
0
 

Author Comment

by:scoops98
ID: 39687347
Thanks for all your prompt answers:) I have been looking at opendns umbrella as a potential solution. Will also research the products mentioned above.
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39995380
Palo Alto firewalls are the way to go in my opinion. They certainly take the LEAST amount of performance hit when enabling IPS/AV/URL filtering.

Even the LOWEST end firewall still pushes 50mbps TCP/HTTP with everything enabled.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now