03-27-2007 04:04 PM - edited 03-05-2019 03:08 PM
Hi all, when allowing internet connections from my work proxy server, would I just allow outbound, port 80, 443, and dns queries from anywhere ?
03-28-2007 06:06 AM
Carl,
Best practices when running your LAN on proxy
are:
CLIENT portion:
1. All clients IE configured with Proxy IP
and allowed to reach Proxy only for
HTTP/S, FTP and possible other protocols
that can be supported by proxy
2. All DNS clients query local DNS server
only to get external names resolved
Firewall:
1. Only Proxy allowed out for HTTP/S, FTP
and other protocols used by clients
against proxy
2. Only DNS server allowed out for name
queries and zone transfers (TCP/UDP:53)
Having setup above implemented will allow
you to have you clients to go to the Internet through the Proxy only and at the same time Proxy will have connectivity to
serve the clients.
HTH,
OW
*Please rate all usefull posts
03-28-2007 02:36 PM
is it best to place the proxy in the dmz or the lan ?
03-28-2007 03:10 PM
It is best to have proxy on the same
subnet of internal interface of the
firewall (LAN), this way you need to cross firewall only once on a way out.
HTH,
OW
* Plz rate all useful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide