Robert Collins wrote:
>
> You should probably spend a bit of time on www.securityfocus.com, and also search the fw-wizards mailing list archives before making
> your decision.
>
> My preferred configuration for most sites is
>
> external FW
> |
> |
> --------DMZ LAN ---------
> | | |
> | gatewaysquid1 .. gatewaysquidn
> internal FW
> |
> |
> ------------internal LAN -----------
> | | |
> squid1 squid2 .. squidn ... as many as needed in a farm.
My setup would skip the internal squids, and have the cache farm in the
DMZ. This way you have less machines, and the proxies are protected both
from the Internet and the internal network...
The "internal FW" can be a combination of firewalls and load balancers,
depending on products selected.
-- Henrik Nordstrom Squid hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Dec 14 2000 - 22:54:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:58 MST