firewall connections for internet

carl_townshend · ‎03-27-2007

Hi all, when allowing internet connections from my work proxy server, would I just allow outbound, port 80, 443, and dns queries from anywhere ?

owaisberg · ‎03-28-2007

Carl,

Best practices when running your LAN on proxy

are:

CLIENT portion:

1. All clients IE configured with Proxy IP

and allowed to reach Proxy only for

HTTP/S, FTP and possible other protocols

that can be supported by proxy

2. All DNS clients query local DNS server

only to get external names resolved

Firewall:

1. Only Proxy allowed out for HTTP/S, FTP

and other protocols used by clients

against proxy

2. Only DNS server allowed out for name

queries and zone transfers (TCP/UDP:53)

Having setup above implemented will allow

you to have you clients to go to the Internet through the Proxy only and at the same time Proxy will have connectivity to

serve the clients.

HTH,

OW

*Please rate all usefull posts

carl_townshend · ‎03-28-2007

is it best to place the proxy in the dmz or the lan ?

owaisberg · ‎03-28-2007

It is best to have proxy on the same

subnet of internal interface of the

firewall (LAN), this way you need to cross firewall only once on a way out.

HTH,

OW

* Plz rate all useful posts