FW: [squid-users] Squid architecture

________________________________
> From: oneal42_at_hotmail.com
> To: chad.naugle_at_travimp.com
> Subject: RE: [squid-users] Squid architecture
> Date: Sat, 12 Feb 2011 10:09:49 +0000
>
> Thank you shad for your reply.
> We use dedicated cluster hardware firewalls enought powerfull, I think.
> We will install the squid cache server in the DMZ private.
> On the firewall, we will allow only DNS, NTP, HTTP, HTTPS from the
> squid server to internet AND LDAP port between the squid and the active
> directory servers. The web traffic initiated since Internet will be
> drop.
>
> Regards,
>
> OnEal
>
>
> > Date: Tue, 8 Feb 2011 16:13:21 -0500
> > From: Chad.Naugle_at_travimp.com
> > To: oneal42_at_hotmail.com; squid-users_at_squid-cache.org
> > Subject: Re: [squid-users] Squid architecture
> >
> > Usually Squid runs on a machine with Public Access, as opposed to the
> > rest of the network, whether it being a NAT/Firewall itself, or behind a
> > Hardware Firewall, while the Firewall blocks outbound traffic from
> > everywhere BUT the Proxy.
> >
> > Placing Squid in the DMZ can work as well, as long as the same rules
> > apply, and the Internal Network can access it on the configured port(s),
> > and Squid can access to AD Domain. I would just be more cautious of
> > various security ACL's, and general security of the box, so it can't be
> > used as a public relaying proxy, or anything else. You also need to
> > consider how easily it can access the AD Domain for authentication,
> > because there will be a significant amount of traffic required for that
> > as well.
> >
> > 1000 machines should be able to be served by 1 dedicated Squid install
> > fairly well, assuming that it is configured optimally, and with the
> > correct CPU + RAM + HDD configurations.
> >
> > >>> Cedric DC 2/8/2011 3:53 PM >>>
> >
> > Hello all,
> >
> > I want to configure a web proxy squid cache for my LAN
> > users (~1000 PCs exist on the LAN). I want use
> > squid+squidguard+authentication on a domain controler (active directory
> >
> > :')
> > For the moment, we want install only one server (and in the future a
> > second...).
> > My question is where can I install the squid ? On the LAN or on the
> > private DMZ of our firewalls cluster ?
> >
> > Do you have some best pratices concerning the position of the squid ?
> > If there are several possibilities what are for each one the advantages
> > and nconveniences ?
> > Do you have documents about proxy cache architecture ?
> >
> > Thank you in advance for your help.
> >
> > OnEal
> >
> >
> > Travel Impressions made the following annotations
> > -------------------------------------------------------------
> > "This message and any attachments are solely for the intended recipient
> > and may contain confidential or privileged information. If you are not
> > the intended recipient, any disclosure, copying, use, or distribution of
> > the information included in this message and any attachments is
> > prohibited. If you have received this communication in error, please
> > notify us by reply e-mail and immediately and permanently delete this
> > message and any attachments.
> > Thank you."
                                               
Received on Sat Feb 12 2011 - 22:58:11 MST