On 19/06/2013 5:19 a.m., Blason wrote:
Hi Fellas, I have a below scenario and wanting to achieve benefits of squid cache. Can someone suggest how do i do it by putting squid in between? Well I have AD set up with firewall on which I will be setting up application controls and this firewall is integrated with AD. This firewall does provide best in class security for application control/url filtering.
What firewall BTW?
This firewall does offer proxy functionality but unfortunately does not have caching functionality which would provide burden on my link. To avoid this I m planning to put squid in between to avail the caching functionality but in that case user data will not be forwarded to firewall and application control can not take decision based on that.
What user data and why not? Squid is a fully featured HTTP proxy.
If i dont integrate squid with AD only proxy ip will be forwarded and again user or group based decision can not be taken. So, does any one have any idea about implementation?
The basis of this is incorrect. Squid contains both X-Forwarded-For header feature to relay client IP in HTTP headers and TPROXY support to perform transparent proxy at the TCP/IP level. If the firewall contains any useful IP-based HTTP proxy functionality it should be capable of processing the Forwarded-For headers, otherwise you will have to use TPROXY to relay the IP details through.
I was thinking about Parent and Child feature [cache_peer], will it work? USER LAN [192.168.1.0]-------=========>[192.168.1.1 FIREWALL 20.20.20.20]========== INTERNET | | | SQUID Server [192.168.1.5]
Probably. It will double the HTTP traffic going through that firewall though. You may want to consider a Users->Squid->Firewall->Internet topology with TPROXY instead.
Amos