Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.
- From: Craig Van Tassle <craig@xxxxxxxxxxxxx>
- Date: Thu, 19 Oct 2006 15:08:14 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That is the plan we are going to move to eventually, but for now its manualy set
threw a the group policy.
Let me give you a little bit more of a layout.
site1-<>vpn<>internet<>main office
site2-<>vpn<>internet<>-^
site3-<>vpn<>internet<>-^
As you can see, we don't have a single Internet Firewall, if it was all in one
location then yea that would be easy to do, but we are split up across multiple
locations.
Behm, Jeffrey L. wrote:
For one client of ours, we blocked all outbound port 80 traffic at the
Internet firewall (with some exceptions, as usual!), and then use an
"automatic configuration script" that is on the HTTP proxy. When the
browser fires up on the end-user PC, it first contacts the proxy server
to retrieve the .pac file (auto config script), and based on where it is
headed and/or where it came from, it is directed to one of three HTTP
proxy servers. Using the auto config script allows us to centrally
manage where PC's go for web surfing(via changes to the .pac file). It's
the block of direct port 80 access at the Internet firewall that
"forces" the PC's to comply with use of the script. I guess they could
od manual entry of the proxy settings, but most end users don't quite
get how to do that. Additionally, use of active directory group policy
"resets" the proxy settings on a regular basis to "force" use the .pac
file.
Here's a Microsoft Technet article on Automatic Proxy.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/ierk
/Ch21_b.mspx?mfr=true
It talks about using Automatic Configuration and Automatic Proxy. We are
using the latter only. The proxy you are directed to does not *have* to
be a Microsoft proxy. We have some traffic head to a squid proxy on a
Solaris machine(long story).
Hope this helps,
Jeff
-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Craig Van Tassle
Sent: Tuesday, October 17, 2006 10:36 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Forcing All Web traffice thew a remote proxy.
I have several site and I would like to force all traffic thew a remote
proxy at
one site. I was thinking of setting up some form of NAT rules for
pushing
everything thew our proxy.
How would something like that be implimented? Or what are other thoughs?
Thanks,
Craig
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFN9suAOTIJ89W4sIRAhHKAJ98IPUdfJp1BiqV4z1+RCuBEm9w6wCfS+B4
s+3ilYhXjdM1QOeVVb2EbHo=
=tpSf
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.
- From: Behm, Jeffrey L.
- Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.
- Prev by Date: [fw-wiz] Cisco 2811 vs. ASA 55xx
- Next by Date: Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.
- Previous by thread: Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.
- Next by thread: Re: [fw-wiz] Forcing All Web traffice thew a remote proxy.
- Index(es):
Relevant Pages
|
