--- In [email protected], "Nadeem M. Khan" <nadeem.m.k...@...> wrote: > > On Tue, Feb 9, 2010 at 11:48 AM, pushpraj nimbalkar > <pushprajnimbal...@...> wrote: > > > Hello All, > > I need one suggestion.I have set-up like squid proxy with ip addr > > 192.168.1.2 and fortinet firewall on 192.168.1.4. my all clients are using > > proxy as a gateway and request from clients goes to proxy and proxy > > forwards request to firewall.now firewall person saying use firewall as a > > gateway and let request goes directly from firewall means indirectly dont > > use proxy.which is perfect means allowing clients to connect firewall > > directly or forcing clients to use proxy. > > I am not sure I understand your issue, but if you want to force users > to use squid, you can configure it as a transparent proxy. > > users --> squid --> firewall ---> internet > > Is this what you want to acheve? > > Regards, > NMK. > Hello As far as i can understand Your setup is something like this users --> squid --> firewall ---> internet
and your Firewall guys that means fortigate company wants them in this way users --> firewall ---> internet and you are confused whether you should go for this or not. while as per my advice you should go through firewall directly without using the proxy. the benifits will be - Less hopes to connect to internet. - All authentication and data filtering which you want to do over squid can be directly done over firewall easily. - easy administration. Now the disadvantages - if you are using system users for authentication, it wont work. - while authenticating password goes in clear text, so can be easily sniffed. - no caching like squid. In my earlier company we had cyberoam and we connected users directly to firewall to access internet, and i will suggest the same. Arpit Tolani
