Re: [fw-wiz] PIX Transparent proxy

From: Kevin (KKadow_at_gmail.com)
Date: 10/23/04

  • Next message: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities" 
    To: Juan Pablo Feria <feria@tpitic.com.mx>
Date: Fri, 22 Oct 2004 22:58:05 -0500

    On Fri, 22 Oct 2004 12:13:38 -0700, Juan Pablo Feria
    <feria@tpitic.com.mx> wrote:
    > I want to use "Transparent proxy" with a PIX using squid cache

    Are you looking to use the Squid cache for caching?

    Do you have the option to reconfigure the clients to use an explicit
    configured proxy instead?

     
    > on the squid documentation tells about routers, but the configuration
    > commands are not on the pix...
    >
    > http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.5
    >
    > On pix documentation appears commands to communicate with Websense and
    > other commercial products...

    IIRC these options are for passing URLs (only the URL, not the
    session) to a remote filter service which will return a simple
    permit/deny response code. This is sufficient for filtering, but does
    not help at all in caching.

    > Anyone has any ideas to send the port 80 requests to the squid box?

    I do not believe PIX offers this functionality.

    Cisco routers offer two distinct optiions which will assist in
    deploying a "transparent" caching proxy -- route-map (to re-route
    packets to a cache based on the port, protocol or any other ACL match)
    and Web Cache Communication Protocol (WCCP).

    So if you had a router that supports either of the above features, you
    could configure the router to re-route the packets to the Squid
    server, but PIX is not a router, and does not offer these routing
    features.

    Kevin
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities"

    Relevant Pages