--- In [email protected], pushpraj nimbalkar <pushprajnimbal...@...> wrote: > > > --- On Tue, 9/2/10, Nadeem M. Khan <nadeem.m.k...@...> wrote: > > From: Nadeem M. Khan <nadeem.m.k...@...> > Subject: Re: [LinuxVadaPav] Suggestion for Squid and Firewall > To: [email protected] > Date: Tuesday, 9 February, 2010, 4:35 PM > > > > > > > > > > > > > > > > > > On Tue, Feb 9, 2010 at 11:48 AM, pushpraj nimbalkar > > <pushprajnimbalkar@ yahoo.co. in> wrote: > > > > > Hello All, > > > I need one suggestion.I have set-up like squid proxy with ip addr > > 192.168.1.2 and fortinet firewall on 192.168.1.4. my all clients are using > > proxy as a gateway and request from clients goes to proxy and proxy > > forwards request to firewall.now firewall person saying use firewall as a > > gateway and let request goes directly from firewall means indirectly dont > > use proxy.which is perfect means allowing clients to connect firewall > > directly or forcing clients to use proxy. > > > > I am not sure I understand your issue, but if you want to force users > > to use squid, you can configure it as a transparent proxy. > > > > users --> squid --> firewall ---> internet > > > > Is this what you want to acheve? > > > > Regards, > > NMK. > > > > > At present i have setup like what you have said. > > users --> squid --> firewall ---> internet > but we want to remove squid from this and allow users to connect firewall > directly. > because firewall people asking to use only firewall to make maximum use of > it. but one IT person finding it's insecure because by doing so every client > can access firewall directly and which should not be allowed. > so just want to know what is perfect combination, squid+firewall or only > firewall. > > Regards, > Pushpraj. > >
Hello Pushpraj Regarding ACL's As ganesh has mentioned, there isnt any problem for that, because there firewalls has inbuilt all the ACL options for time, filtering with sites, contents (even blocking using signatures, file size), it can also support scanning for virus if you have bought the licence for inbuilt antivirus. Now coming at your point, only firewall will be enough and perfect, as the users will be having only user account of firewall. they wont be able to change or even see your settings, only administrator account will be able to do that. I will suggest to go for firewall as if you have invested such a big amount, you should take all the advantages of it. Arpit Tolani
