On 1/3/22 5:19 PM, Will BMD wrote:
Hey all,
Hi,
From the Firewalls perspective all client connections are originating as the proxy server. We're wanting to use the https inspect feature of the firewall,
I'm taking "HTTPS inspect" to be the firewall's counterpart to ssl_bump.
but according to our firewall documentation it appears due to the location of our proxy servers we would be unable to do so.
Where does the firewall documentation / vendor want the proxy server to be?
My question is, if the proxy is behaving as a MITM between itself and the client, can't the Firewall do the same thing between itself and the proxy?
I don't see why it can't.
I suspect it is possible, but might potentially involve a lot of headaches and a big hit on performance?
Do you are about original client IP addresses? If not, then I think this should be as simple as one proxy (Squid) talking to another proxy (firewall).
Any insight into this would be greatly appreciated.
I would wonder if WCCP /might/ be a viable option in this scenario or not. As in configure clients to use the firewall as a proxy and have the firewall do it's thing while leveraging Squid's caching capability via WCCP.
There might also be the some room for having Squid view the firewall as a parent proxy.
-- Grant. . . . unix || die
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users