RE: Cache server between FW-1 and LAN

Mon, 3 May 1999 17:53:07 -0700 

I'm not sure I understand the question...

By caching, I'll assume you mean WWW caching. In which case:

You can stick the proxy server anywhere on your network. At all. Once this
is done, tell people to use the proxy server, and they will get nifty keen
web caching, the Microsoft way. If you find that you have recalcitrant users
that insist on not checking the "use proxy server" box, you can go and block
all outbound WWW traffic that doesn't come from the proxy server. If your
firewall allows you can even block it by substituting a WWW page that tells
them to use the proxy server.

So, in scenario one, the WWW proxy is not "between" the LAN and anything.

You could also put the WWW proxy as a "bastion host" in your DMZ (if you
have one). In that case you'd need to point the firewall itself at the proxy
(Gauntlet calls this a "handoff IP address" but I'm sure the major guys have
an equivalent). This has the advantage that the users can't get away from
using the proxy, and it's completely transparent.

So, in scenario two, the WWW proxy is "between" the firewall and the gateway
router.

You could probably have a sicko scenario three where you "handoff" the
request to the proxy server _inside_ the network (if you didn't have a DMZ
for example), but you'd need to do horrible things with proxy permissions
and packet filtering which I won't go into lest I spend the afterlife in
TCP/IP Hell.[1]

Cheers,


[1] Who am I kidding? Like I won't anyway. >;)
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520

        -----Original Message-----
        From:   [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
        Sent:   Monday, May 03, 1999 6:55 PM
        To:     [EMAIL PROTECTED]
        Subject:        Cache server between FW-1 and LAN



        Hi,

        Prior to shifting to FW-1 we were using MS Proxy server on one of
our Internet
        links and used to use the caching capabilities of MS Proxy server.
This feature
        is not present in FW-1. Is there any option/way of connecting the
FW-1 so that
        one can use the cache server of MS Proxy. The only way which I can
think of is
        placing the Proxy server between the FW and the LAN but this
scenario is ruled
        out.

        Would appreciate any comments on the same.

        Regards,

        Gaurav Sabharwal
        [EMAIL PROTECTED]
        Senior Systems Engineer
        Hughes Software Systems


        -
        [To unsubscribe, send mail to [EMAIL PROTECTED] with
        "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to