________________________________ > From: oneal42@xxxxxxxxxxx > To: chad.naugle@xxxxxxxxxxx > Subject: RE: Squid architecture > Date: Sat, 12 Feb 2011 10:09:49 +0000 > > Thank you shad for your reply. > We use dedicated cluster hardware firewalls enought powerfull, I think. > We will install the squid cache server in the DMZ private. > On the firewall, we will allow only DNS, NTP, HTTP, HTTPS from the > squid server to internet AND LDAP port between the squid and the active > directory servers. The web traffic initiated since Internet will be > drop. > > Regards, > > OnEal > > > > Date: Tue, 8 Feb 2011 16:13:21 -0500 > > From: Chad.Naugle@xxxxxxxxxxx > > To: oneal42@xxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx > > Subject: Re: Squid architecture > > > > Usually Squid runs on a machine with Public Access, as opposed to the > > rest of the network, whether it being a NAT/Firewall itself, or behind a > > Hardware Firewall, while the Firewall blocks outbound traffic from > > everywhere BUT the Proxy. > > > > Placing Squid in the DMZ can work as well, as long as the same rules > > apply, and the Internal Network can access it on the configured port(s), > > and Squid can access to AD Domain. I would just be more cautious of > > various security ACL's, and general security of the box, so it can't be > > used as a public relaying proxy, or anything else. You also need to > > consider how easily it can access the AD Domain for authentication, > > because there will be a significant amount of traffic required for that > > as well. > > > > 1000 machines should be able to be served by 1 dedicated Squid install > > fairly well, assuming that it is configured optimally, and with the > > correct CPU + RAM + HDD configurations. > > > > >>> Cedric DC 2/8/2011 3:53 PM >>> > > > > Hello all, > > > > I want to configure a web proxy squid cache for my LAN > > users (~1000 PCs exist on the LAN). I want use > > squid+squidguard+authentication on a domain controler (active directory > > > > :') > > For the moment, we want install only one server (and in the future a > > second...). > > My question is where can I install the squid ? On the LAN or on the > > private DMZ of our firewalls cluster ? > > > > Do you have some best pratices concerning the position of the squid ? > > If there are several possibilities what are for each one the advantages > > and nconveniences ? > > Do you have documents about proxy cache architecture ? > > > > Thank you in advance for your help. > > > > OnEal > > > > > > Travel Impressions made the following annotations > > ------------------------------------------------------------- > > "This message and any attachments are solely for the intended recipient > > and may contain confidential or privileged information. If you are not > > the intended recipient, any disclosure, copying, use, or distribution of > > the information included in this message and any attachments is > > prohibited. If you have received this communication in error, please > > notify us by reply e-mail and immediately and permanently delete this > > message and any attachments. > > Thank you."
