On Thu, May 21, 2009 at 9:16 AM, N Parr <[email protected]> wrote: > I have a few pc's at a remote location connected via hardware VPN with our > ASA's. I want to set up a simple software proxy on a VM and direct their > browsing to it so they have to pass through our Barracuda at the main office > for Web filtering.
In that scenario, I'd agree with what others have said -- why not just route *all* traffic over the VPN? That way you've got just one firewall, at HQ, you have to worry about. Is there some traffic you don't want traversing the VPN? I'd also agree that in this scenario, you don't need a web proxy at the remote site just for access control -- you can just as easily point IE to use your Barracuda at HQ as a local proxy. The one thing I'd put a proxy at the remote site for is for caching at the remote site, so that frequently-requested pages/objects don't make the trip over the VPN as often. For that, Squid is free and works well. Configuration can be as complex as you want to make it, but for a simple forwarding cache with no access control or authentication, it's only a few lines in the config file. I could post an example if you like. --- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
