Usually Squid runs on a machine with Public Access, as opposed to the
rest of the network, whether it being a NAT/Firewall itself, or behind a
Hardware Firewall, while the Firewall blocks outbound traffic from
everywhere BUT the Proxy.
Placing Squid in the DMZ can work as well, as long as the same rules
apply, and the Internal Network can access it on the configured port(s),
and Squid can access to AD Domain. I would just be more cautious of
various security ACL's, and general security of the box, so it can't be
used as a public relaying proxy, or anything else. You also need to
consider how easily it can access the AD Domain for authentication,
because there will be a significant amount of traffic required for that
as well.
1000 machines should be able to be served by 1 dedicated Squid install
fairly well, assuming that it is configured optimally, and with the
correct CPU + RAM + HDD configurations.
>>> Cedric DC <oneal42_at_hotmail.com> 2/8/2011 3:53 PM >>>
Hello all,
I want to configure a web proxy squid cache for my LAN
users (~1000 PCs exist on the LAN). I want use
squid+squidguard+authentication on a domain controler (active directory
:')
For the moment, we want install only one server (and in the future a
second...).
My question is where can I install the squid ? On the LAN or on the
private DMZ of our firewalls cluster ?
Do you have some best pratices concerning the position of the squid ?
If there are several possibilities what are for each one the advantages
and nconveniences ?
Do you have documents about proxy cache architecture ?
Thank you in advance for your help.
OnEal
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."
Received on Tue Feb 08 2011 - 21:15:06 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 09 2011 - 12:00:02 MST