On 23.02.2012 09:53, Roman Gelfand wrote:
> Currently, my NAT firewall (fortigate) is both forwarding wan web
> requests in reverse proxy and receiving web requests in proxy to
> squid
> server. The communication between the firewall and squid server is
> done through http/https.
>
> I am thinking of connecting squid server with fortigate firewall via
> wccp.
>
> It seems it should greatly improve the speed and administration.
>
> Is there any issues with doing this?
>
> Thanks in advance
Others have mentioned using Fortigates' with WCCP to Squid in the past.
WCCP is IPv4-only, but other than that the only issues are getting the
configuration right for your network.
If anything you gain. NAT must not be done outside of the Squid box due
to the way it erases the destination IP. WCCP retains the original IPs
on the packets. So if the Fortigate is currently doing NAT to redirect
the packets at Squid you are likely to require WCCP and/or policy
routing to upgrade beyond squid-3.1.
Amos
Received on Thu Feb 23 2012 - 01:23:00 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 23 2012 - 12:00:04 MST