Re: [squid-users] Configuring PIX with Squid

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 20 Dec 2003 01:12:55 +0100 (CET)

On Fri, 19 Dec 2003, David O wrote:

> I am trying to help someone setup his PIX firewall to use Squid. Problem is
> he doesn't know how to configure the PIX and I don't have one to even try to
> figure it out, but this seems like a very basic task for a firewall.

If the PIX supports WCCP this is most likely the easiest approach. And no
it is not a very basic task, there is very complex issues involved in
intercepting traffic.

If you can I would instead recommend blocking direct access to port 80 and
have the browsers reconfigured to use the proxy. If it is a local lan then
using domain login scripts etc can automate the process. WPAD also helps.

> All I need is a basic port forward command to direct 80, 8080 and 443
> traffic to the squid box.

443 you can't without having the browser configured to use the proxy.

> Setup: PIX 520 Squid 2.5 Stable1, behind the firewall.

You really should upgrade that Squid while looking at it.

REgards
Henrik
Received on Fri Dec 19 2003 - 17:12:59 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:18 MST