Re: Firewall And Proxy Servers With Sonicwall
From: Chris Comley (Chris@donotspamwizards.co.uk)
Date: 03/20/03
- Next message: Chris Comley: "Re: SonicWall 200 Setup"
- Previous message: WizzyWoW: "Re: Nokia ip330 & Ghost"
- In reply to: Barry Anderson: "Firewall And Proxy Servers With Sonicwall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chris Comley <Chris@donotspamwizards.co.uk> Date: Wed, 19 Mar 2003 23:48:40 +0000
I don't see what's upsetting teh CFL.
I've run proxy servers inside Sonicwall no problem. We block outbound
port 80 from all machines except the Squid box, so even if the users
change their proxy settings they can't browse directly.
So far as the sonic is concerend, the Squid is just a busy browser.
But I've never added the Sonic's CFL to the equation. I'm at a loss to
see why it would cause problems, though, as, after all, the Sonic
should just see the squid as a browser.
The other option you might consider would be to put the squid box on
the WAN side of the sonic. Then for CFL to work you'd probably have to
have it running on port 80 instead of 3128, but of course you can
still set the Sonic up to permit port 80 to that box and not to
anywhere else. The squid box is unprotected, of course, but it's a
one-function box, and there's no critical data on it, only your web
cache.
If you spot the silly mistake I'd be interested to hear what it is. I
promise I won't tell anyone if it *is* a silly mistake. :-)
"Barry Anderson" <barry.anderson@computer.org> wrote:
>Not sure if this is the correct group but... has anyone any experience or
>advice they can give me with placing a proxy server on a network that
>utilises a sonicwall pro. Without going into specifics re ip addresses etc
>here is the scenario...
>
>The proxy server has been implemented for added security/control/performance
>management of the 2mb link in place for internet access. It is a squid
>server running Linux with PROXY_AUTH providing login control for user access
>to the internet. This works fine.
>
>A sonicwall Pro with Content Filter List has been introduced to provide VPN
>access etc etc. This seems to work fine too.
>But put the two together and one always seems to cause the other problems.
>
>If I put the proxy on the DMZ the sonicwall CFL does not block unless I have
>transparent proxy (to squid) enabled. But in this setup the Proxy_auth
>reports access denied messages. I also have problems downloading the CFL.
>
>If I put the proxy server inside the Lan, again I have issues with CFL not
>working.
>
>Has anyone any experience with these issues? On other sites we have normally
>used a Linux dedicated firewall and used squid to do the content filtering.
>On this site we decided to use a sonicwall because of its straightforward
>VPN interface - starting to wish I hadnt bothered.
>
>Regards
>Barry
>
--- Wizards Ltd www.wizards.co.uk UK supplier of Sonicwall, Watchguard, Zywall.
- Next message: Chris Comley: "Re: SonicWall 200 Setup"
- Previous message: WizzyWoW: "Re: Nokia ip330 & Ghost"
- In reply to: Barry Anderson: "Firewall And Proxy Servers With Sonicwall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
