ICP proxy for Firewall

Hello,

I am looking for an ICP proxy for our Firewall. We're using the Tis
Gauntlet software here, which is the full version of the Tis Firewall
toolkit. This may be not the right forum for Firewall issues, but I've seen
form the recent messages to this list, a lot of people using their Squid
cache servers along with Firewalls, especially the tis toolkit.

I'm currently setting up a cache server which has to be located inside our
organisation protected by the Firewall. But it has to be able to contact
its parent cache servers outside via ICP (and receive ICP answers).

I've first tried to place the cache server outside the Firewall on our
external LAN segment, using the http-gw handoff option, which works fine,
but has the sideeffect on not being able to process requests back to
internal WWW servers. These internal WWW servers cannot easily excluded in
a browser client using i.e. a "no proxy for" setting, as our internal
protected network is spread over different sites and identifying internal
and external isn't possible by looking simply at the domainname
(unfortunately we don't have a common naming convention for int. and ext.
yet).

Do you know how to handle ICP through a Firewall without opening a specific
port i.e. the default 3130 completely and leave it unchecked? Are there
maybe an add-on products available? Well, I was also thinking of so called
plug-gateways, but as far as I know they don't allow multiple hosts to talk
to and our cache will not have only one parent, but i.e 4 or 5.

Many thanks in advance,
          Thomas

---
Thomas Graff
European Space Operations Centre
phone: (+49)-6151-90-2996
FAX: (+49)-6151-90-3503
Email: tgraff@esoc.esa.de