I am not quite sure of your topology, but if I have it correct, your proxy server, being dueled homed is sitting between the two routers. So in affect if the routers have a good set of ACL's on them they are providing a sort of a DMZ environment between the internet and the local LAN? And your proxy server is sitting between the two routers on the DMZ? Would that be a your topology? So now what you want to do is place a firewall someplace to create more LAN security. You also said that you want to minimize bottlenecks and router configurations I am not sure what that means? Are you having throughput issues?
I would say this, if your firewall can support a dmz configuration, which would be a three legged design, for example, interface "0" to face to you LAN router, interface "1" to your DMZ, and interface "2" to face the internet you would be on your way to providing a higher level of security than you currently have. You should put your proxy on the firewall DMZ, then the LAN users should be allowed only to go to the "LAN" side of your proxy. Your firewall would control this access. And the proxy server would talk to the Internet through the DMZ. I hope this helps. rgds Myro [EMAIL PROTECTED] wrote: > Hi, I've to install a firewall in a company. They've got a > lan with a dual homed proxy server with a router (providing > internet connection) connected to the ext interface. > A second router provide access to the lan from a remote > network, providing it the internet connection by the proxy. > > Now I'm in doubt if re-locate proxy in a DMZ, or leaving in > it's present location, and therefore install the firewall > between the proxy's ext interface and the router's internal > interface. > > What's the best to minimize bottlenecks and routers > configuration changes? > > Thanks!
