On Fri, 19 Dec 2003, David O wrote: > I am trying to help someone setup his PIX firewall to use Squid. Problem is > he doesn't know how to configure the PIX and I don't have one to even try to > figure it out, but this seems like a very basic task for a firewall.
If the PIX supports WCCP this is most likely the easiest approach. And no it is not a very basic task, there is very complex issues involved in intercepting traffic. If you can I would instead recommend blocking direct access to port 80 and have the browsers reconfigured to use the proxy. If it is a local lan then using domain login scripts etc can automate the process. WPAD also helps. > All I need is a basic port forward command to direct 80, 8080 and 443 > traffic to the squid box. 443 you can't without having the browser configured to use the proxy. > Setup: PIX 520 Squid 2.5 Stable1, behind the firewall. You really should upgrade that Squid while looking at it. REgards Henrik