Cardinal Christopher wrote:
>
> We are using Netscape Proxy and are thinking of moving to Squid. We are also
> moving from Raptor Firewall to PIX. Q: Is it better to have an internal
> Proxy and an external proxy talk through the PIX firewall, rather than one
> internal Proxy send all requests to the Internet from the PIX firewall? Any
> pros and cons? Thanks.
Well, having only an internal proxy makes the rules on the firewall more
complicate (e.g. not only port 80, but also port 8080, 443, in general:
people aren't limited on which port they want their web servers to run)
With an external proxy you only have to configure to ports on your FW
and that's it. But, then you have to protect your external proxy or
tighten the configuration very good.
Make your choice...
Juri
-- juri.haberland@innominate.com system engineer innominate AG clustering & security the linux architects tel: +49-30-308806-45 fax: -77 http://www.innominate.com -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Fri Dec 08 2000 - 10:51:05 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:53 MST