Internal network, as close to the users as possible.
1) Can simplify configuration, log analysis etc of internal firewall -
firewall only sees one client for http traffic.
2) A hop's a hop, so you save a few milliseconds in each request
3) From a risk management point of view you want to keep all systems which
don't need to be in the DMZ in the internal network. The risk is mostly
from outside, not inside.
Cheers
Robin
-----Original Message-----
From: Adam Lang [mailto:aalang@rutgersinsurance.com]
Sent: Thursday, 3 May 2001 23:46
To: Squid-Users
Subject: [squid-users] location of web cache
I'm beating myself up on the pros and cons of where I want to locate the
Proxy server (caches for clients getting webpages... no acceleration).
I have the following setup.
Internet
|
public router
|
firewall
|
DMZ
|
firewall
|
internal network
Do I want to put Squid in the internal network or the DMZ? The argument for
each in a nutshell is: DMZ offers more security control, but the internal
network would optimize bandwidth even more (cached pages wouldn't be served
across the internal firewall). (Side note. both firewalls use 10 MB
connections, so technically squid would be able to server pages faster on
the internal network)
Opinions?
Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
Received on Thu May 03 2001 - 19:15:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:48 MST