Re: [fw-wiz] PIX Transparent proxy

From: Kevin (
Date: 10/23/04

  • Next message: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities"
    To: Juan Pablo Feria <>
    Date: Fri, 22 Oct 2004 22:58:05 -0500

    On Fri, 22 Oct 2004 12:13:38 -0700, Juan Pablo Feria
    <> wrote:
    > I want to use "Transparent proxy" with a PIX using squid cache

    Are you looking to use the Squid cache for caching?

    Do you have the option to reconfigure the clients to use an explicit
    configured proxy instead?

    > on the squid documentation tells about routers, but the configuration
    > commands are not on the pix...
    > On pix documentation appears commands to communicate with Websense and
    > other commercial products...

    IIRC these options are for passing URLs (only the URL, not the
    session) to a remote filter service which will return a simple
    permit/deny response code. This is sufficient for filtering, but does
    not help at all in caching.

    > Anyone has any ideas to send the port 80 requests to the squid box?

    I do not believe PIX offers this functionality.

    Cisco routers offer two distinct optiions which will assist in
    deploying a "transparent" caching proxy -- route-map (to re-route
    packets to a cache based on the port, protocol or any other ACL match)
    and Web Cache Communication Protocol (WCCP).

    So if you had a router that supports either of the above features, you
    could configure the router to re-route the packets to the Squid
    server, but PIX is not a router, and does not offer these routing

    firewall-wizards mailing list

  • Next message: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities"