On Fri, 19 Dec 2003, David O wrote:
> I am trying to help someone setup his PIX firewall to use Squid. Problem is
> he doesn't know how to configure the PIX and I don't have one to even try to
> figure it out, but this seems like a very basic task for a firewall.
If the PIX supports WCCP this is most likely the easiest approach. And no
it is not a very basic task, there is very complex issues involved in
intercepting traffic.
If you can I would instead recommend blocking direct access to port 80 and
have the browsers reconfigured to use the proxy. If it is a local lan then
using domain login scripts etc can automate the process. WPAD also helps.
> All I need is a basic port forward command to direct 80, 8080 and 443
> traffic to the squid box.
443 you can't without having the browser configured to use the proxy.
> Setup: PIX 520 Squid 2.5 Stable1, behind the firewall.
You really should upgrade that Squid while looking at it.
REgards
Henrik
Received on Fri Dec 19 2003 - 17:12:59 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:18 MST