Re: [SQU] pix firewall and squid

From: Juri Haberland <[email protected]>
Date: Fri, 08 Dec 2000 18:47:31 +0100

Cardinal Christopher wrote:
>
> We are using Netscape Proxy and are thinking of moving to Squid. We are also
> moving from Raptor Firewall to PIX. Q: Is it better to have an internal
> Proxy and an external proxy talk through the PIX firewall, rather than one
> internal Proxy send all requests to the Internet from the PIX firewall? Any
> pros and cons? Thanks.

Well, having only an internal proxy makes the rules on the firewall more
complicate (e.g. not only port 80, but also port 8080, 443, in general:
people aren't limited on which port they want their web servers to run)
With an external proxy you only have to configure to ports on your FW
and that's it. But, then you have to protect your external proxy or
tighten the configuration very good.

Make your choice...

Juri

-- 
juri.haberland@innominate.com
system engineer                                         innominate AG
clustering & security                            the linux architects
tel: +49-30-308806-45   fax: -77            http://www.innominate.com
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Dec 08 2000 - 10:51:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:53 MST