Usually Squid runs on a machine with Public Access, as opposed to the rest of the network, whether it being a NAT/Firewall itself, or behind a Hardware Firewall, while the Firewall blocks outbound traffic from everywhere BUT the Proxy. Placing Squid in the DMZ can work as well, as long as the same rules apply, and the Internal Network can access it on the configured port(s), and Squid can access to AD Domain. I would just be more cautious of various security ACL's, and general security of the box, so it can't be used as a public relaying proxy, or anything else. You also need to consider how easily it can access the AD Domain for authentication, because there will be a significant amount of traffic required for that as well. 1000 machines should be able to be served by 1 dedicated Squid install fairly well, assuming that it is configured optimally, and with the correct CPU + RAM + HDD configurations. >>> Cedric DC <oneal42@xxxxxxxxxxx> 2/8/2011 3:53 PM >>> Hello all, I want to configure a web proxy squid cache for my LAN users (~1000 PCs exist on the LAN). I want use squid+squidguard+authentication on a domain controler (active directory :') For the moment, we want install only one server (and in the future a second...). My question is where can I install the squid ? On the LAN or on the private DMZ of our firewalls cluster ? Do you have some best pratices concerning the position of the squid ? If there are several possibilities what are for each one the advantages and nconveniences ? Do you have documents about proxy cache architecture ? Thank you in advance for your help. OnEal Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
