Re: [SQU] pix firewall and squid

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 15 Dec 2000 06:31:26 +0100

Robert Collins wrote:
>
> You should probably spend a bit of time on www.securityfocus.com, and also search the fw-wizards mailing list archives before making
> your decision.
>
> My preferred configuration for most sites is
>
> external FW
> |
> |
> --------DMZ LAN ---------
> | | |
> | gatewaysquid1 .. gatewaysquidn
> internal FW
> |
> |
> ------------internal LAN -----------
> | | |
> squid1 squid2 .. squidn ... as many as needed in a farm.

My setup would skip the internal squids, and have the cache farm in the
DMZ. This way you have less machines, and the proxies are protected both
from the Internet and the internal network...

The "internal FW" can be a combination of firewalls and load balancers,
depending on products selected.

--
Henrik Nordstrom
Squid hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Dec 14 2000 - 22:54:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:58 MST