[squid-users] Sidewinder WebCache and ICP

From: Kevin <[email protected]>
Date: Fri, 18 Feb 2005 19:11:41 -0600

I learned something today, but if you have no interest in Secure Computing's
Sidewinder G2 firewall, you probably want to stop reading now.

While the WebProxy service in Sidewinder is based on Squid 2.4.STABLE6,
the actual caching functionality is *very* limited, and even though the firewall
has a 'cf' command to enable ICP, the service cannot reply to ICP queries.

On the firewall, the cache.log file will show errors transmitting the UDP
reply packet, like this:
comm_udp_sendto: FD 18, 192.168.42.7, port 34467: (1) Operation not permitted

I should have known, this limitation is documented in the man pages:

$ man squid
 . . .
 At this time Sidewinder does not support any of squid's hierarchical
 caching capability.
 . . .
SIDEWINDER November 14, 2003 1
$ uname -a
SecureOS . . . 6.1.0.05 SW_OPS Fri Nov 12 14:19:42 CST 2004 i386
$ exit

I realize that the Squid community cannot support the Sidewinder firewall,
and that Secure Computing cannot support Squid. I just thought it'd be
useful to mention this limitation so the next person attempting this
doesn't have to waste as much time as I did in trying (and failing) to get
ICP working.

Kevin Kadow

(P.S. No support for Cache Digests either. When they say the proxy
"does not support" features needed for cache hierarchy, they really
mean it.)
Received on Fri Feb 18 2005 - 18:11:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST