Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: HTTP Proxy placement

HTTP Proxy placement 10 years 3 months ago #25353

  • Chojin
  • Chojin's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 251
  • Thank you received: 0
What is the best place to place your web-proxy server and why?

At the moment we have a Firewall with a webproxy server, but we are going to distingiush these from eachother, so in the new Scenario we have a Firewall and a separate web-proxy

Is it best to place the web-proxy server on a DMZ?
is it best to place it on the internal side?
External side?

and most important.. why?

thanks for the time invested already :)

Please Log in to join the conversation.

CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA

Re: HTTP Proxy placement 10 years 3 months ago #25355

On a DMZ.
Because
a) you don't want it external as you make it an easy target
b) you don't want it on your internal network as if it does get compromised it has easy access to the rest of your infrastructure
c) if you put it in a DMZ you have the opportunity to tie down the traffic permitted from the outside to the proxy server (i.e. just the stuff you want to proxy, block the rest) and from the proxy back through the firewall to the hosting server(s). Ideally these would be on a second, separate DMZ as well

Please Log in to join the conversation.

Re: HTTP Proxy placement 10 years 3 months ago #25356

  • Chojin
  • Chojin's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 251
  • Thank you received: 0
External is indeed the last option you would like to consider...

For Internal and DMZ I am still doubting,

If I Place my WebProxy on the DMZ my Firewall will receive a double ammount of HTTP traffic right?
I am not fully aware how many traffic we generate by browsing.

Isn't it safe enough to allow port 80 for the webproxy to go outside and no-one else? If so it would result in a 50% less HTTP traffic crossing the firewall.

Thanks in advance.

Please Log in to join the conversation.

CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA

Re: HTTP Proxy placement 10 years 3 months ago #25364

Yes you could put the proxy on the internal network and reduce the traffic across the firewall by 50%. But any decent firewall should be able to handle that extra 50% with ease, and that's what firewalls are for - to give you the protection you need. Unless your user base is huge you're not talking about a lot of traffic

Please Log in to join the conversation.

Re: HTTP Proxy placement 10 years 3 months ago #25365

  • Chojin
  • Chojin's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 251
  • Thank you received: 0
I guess it is a choice based on money, security and performance...

As you said, firewall should be more then able to have this load.. Thanks for your point of view on this one.

Next step will be deciding which webproxy to place :-).
Thinking about a Bluecoat SG810

Please Log in to join the conversation.

CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
  • Page:
  • 1
Time to create page: 0.138 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup