On 04/01/2022 04:19, Grant Taylor wrote:
On 1/3/22 5:19 PM, Will BMD wrote:
Hey all,
Hi,
From the Firewalls perspective all client connections are originating
as the proxy server. We're wanting to use the https inspect feature
of the firewall,
I'm taking "HTTPS inspect" to be the firewall's counterpart to ssl_bump.
That's correct.
but according to our firewall documentation it appears due to the
location of our proxy servers we would be unable to do so.
Where does the firewall documentation / vendor want the proxy server
to be?
That's a great question, I suspect that this might be an error in their
documentation.
My question is, if the proxy is behaving as a MITM between itself and
the client, can't the Firewall do the same thing between itself and
the proxy?
I don't see why it can't.
That's good to hear.
I suspect it is possible, but might potentially involve a lot of
headaches and a big hit on performance?
Do you are about original client IP addresses? If not, then I think
this should be as simple as one proxy (Squid) talking to another proxy
(firewall).
Yea, that's that we're looking to obtain.
Any insight into this would be greatly appreciated.
I would wonder if WCCP /might/ be a viable option in this scenario or
not. As in configure clients to use the firewall as a proxy and have
the firewall do it's thing while leveraging Squid's caching capability
via WCCP.
There might also be the some room for having Squid view the firewall
as a parent proxy.
I'm not aware of WCCP, but I'll look into it.
Thanks for info Grant.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
