owaisberg Wed, 03/28/2007 - 06:06
User Badges:

Carl,


Best practices when running your LAN on proxy

are:

CLIENT portion:

1. All clients IE configured with Proxy IP

and allowed to reach Proxy only for

HTTP/S, FTP and possible other protocols

that can be supported by proxy


2. All DNS clients query local DNS server

only to get external names resolved


Firewall:


1. Only Proxy allowed out for HTTP/S, FTP

and other protocols used by clients

against proxy


2. Only DNS server allowed out for name

queries and zone transfers (TCP/UDP:53)


Having setup above implemented will allow

you to have you clients to go to the Internet through the Proxy only and at the same time Proxy will have connectivity to

serve the clients.


HTH,

OW


*Please rate all usefull posts


owaisberg Wed, 03/28/2007 - 15:10
User Badges:

It is best to have proxy on the same

subnet of internal interface of the

firewall (LAN), this way you need to cross firewall only once on a way out.


HTH,

OW


* Plz rate all useful posts

Actions

This Discussion