• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Need a new caching proxy

I

Inf0

Limp Gawd
Joined
Nov 29, 2007
Messages
298
I'm in virgin territory and need a little help. I've been tasked with setting up a new caching proxy for our medium business. Currently we have an old box running SUSE9 with Squid. It works fine for our design needs - it caches and proxies - but it's on old hardware and is tasking the machine, and we're expanding again. Our existing firewalls are Cisco Pix 506E, so a firewall is not a necessity.

A requirement is that it must run on Windows (arguing this won't help, I tried).

I first thought about ISA, either on a normal server or an appliance, but it seems extreme overkill to just to proxy. Should we just go back with the windows version of Squid? Thoughts?
 
ISA is a great piece of software, but it's more of a firewall than a proxy. There are third party packages, but I haven't tested any of them.

One way I have set up systems in the past is to have a PIX/ASA on the edge of the network. This is connected to a DMZ. The DMZ is then connected to ISA, which is connected to the internal network. So:

Internet > PIX/ASA > DMZ > ISA > Internal

But, the two times I have done this was for pretty large networks that had specific security requirements.
 
I found this after a little googling, looks to be free proxy server software for windows:
http://www.youngzsoft.net/ccproxy/index.html

Don't have any idea how good it is. Probably should just get ISA if it absolutely HAS to be on a windows server. Have you thought about a transparent proxy appliance that ties in with AD like Astaro Web Gateway?
 
I know you can have a transparent proxy with pfsense and the squid plugin.
 
Captain Colonoscopy said:
Have you thought about a transparent proxy appliance that ties in with AD like Astaro Web Gateway?
Click to expand...

I've given it thought, but dont have any experience with any of them. We use Dell as our vendor, so it might just be easier to buy a full server from them and put it on it. Thanks for the ideas, keep em coming. ;)
 
Squid is one of the best proxies out there. Pretty much all the ones on systems like IPCop, Smoothwall, pfsense, m0n0wall, etc. are all based on it.

Why not just setup a server with Squid again? It should be able to handle any load you put on it...
 
the only web proxy appliance i have familiarity with is the Bluecoat ProxySG series. From my experience, they work pretty well. Not sure what they cost though, so you'd have to compare that to how much you're spending on software and hardware for a server based solution.
 
Rakinos said:
I know you can have a transparent proxy with pfsense and the squid plugin.
Click to expand...

I wouldnt go with pfSense for the Squid. Its not integrated into the base install the way it is with Endian because its buggy, and does not work with all the features (eg. multiwan/load balancing). I personally havent had any problems using it as a transparent proxy, but quite a few people on the pfsense forums have. Endian's proxy feature works pretty flawlessly out of the box on the other hand.

 
Thanks for all the suggestions guys. I ordered a Barracuda Web Filter today. It will proxy for us as well as allow us to filter traffic and keep our (l)users honest. ;)
 
Inf0 said:
Thanks for all the suggestions guys. I ordered a Barracuda Web Filter today. It will proxy for us as well as allow us to filter traffic and keep our (l)users honest. ;)
Click to expand...

Glad I could be of assistance. If you don't have a decent spam solution, their spam firewall appliances are killer.
 
You must log in or register to reply here.
Back
Top