> I have FW-1 4.1 in NT and I want to make web proxy in Linux with Squid.
> Is anybody know about the setting?
> The Squid use Private IP in internal network and I want to make tranparent
> proxy.
> Any suggestion?
Yes, Since the security servers in Checkpoint will not be on (unless you have them
turned on) you'll have a number of options:
Please join in if I am mistaken:
1) multi-home the linux machine INTERNAL to the firewall, route all outbound
traffic to interface "A" of the linux machine. You'll need static routes on the
linux machine and IP_Forwarding turned on. Set the Squid proxy to listen On
interface "A" and to forward packets bound for the Internet to the firewall.
2)Use a "layer-4" switch (never understood the theory behind calling these switches
layer-4) to pull port 80 traffic (since nothing else can be proxied) off of the wire
and send it to the linux/squid machine. This device will then send all other
traffic directly to the firewall, at which point your traffic will be subject to the
rules on the firewall.
3) Turn on (a rather ubiquitous protocol) ICP on the routers/switches local to the
linux machine and firewall. I only know that this is possible, a bit buggy and
definitely not the preferred method...
There are some drawbacks, as option 1 above will give you a single point of failure
(sort of)...if the linux machine fails your port 80 traffic stops...( proxy.pac
statements internal to your network can provide an element of fail-over).
Option 2 provides a single point of failure, bu hot stand-by solutions are
relatively easy to configure and have available.
Option 3 is a nightmare to set-up, or troubleshoot.
Take your pick...there are probably more///
Chris
--
Chris Trudeau
Partner-Managed Security Services
DigitalMoJo Inc.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
