cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1271
Views
0
Helpful
3
Replies

Deploying WSA with an Existing Proxy

angfeglandagan
Level 1
Level 1

Hi,
Does anyone have this kind of setup?

Existing proxy is squid, MAC was used to filter users with internet connections.

No domain controller on the client side and has a dhcp environment.

Any tips?

Capt. Winters

3 Replies 3

jowolfer
Level 1
Level 1

Captain Winters,

Currently the WSA does not provide any filtering based on MAC addresses. All policies utilize IPs or authenticated usernames / groups. I do not believe MAC policies are on the road map, but I can file this as an enhancement request if it is something you desire.

Since you are using DHCP, I would typically recommend using authentication and building policies based on user / group. You state that you have no DC on the client side though.

If there is a DC near by, it can be used for authentication. Or if you have an LDAP server, that would suffice as well.

Hope this information helps.

angfeglandagan
Level 1
Level 1

Hi Josh,
Thanks for your reply.

They filter web access by manually defining the mac addresses of the clients on their current proxy (SQUID).

I will setup my ironport as downstream proxy which will point to the upstream proxy which is the SQUID.

Is there any configuration write ups on this one?

I already configured the ironport to have an UPSTREAM proxy which is the ip address of the SQUID proxy : port number.

As per manual, there are two options on the UPSTREAM , transparent and forward mode...which do i use and how do i configure the IRONPORT.

Would be highly appreciated...thank you.

capt. winters

jowolfer
Level 1
Level 1

Capt. Winters,

The WSA can can use the squid as both an explicit or transparent proxy. This will change how the WSA creates its own requests to fetch the objects.

With a transparent upstream proxy, there is nothing additional that needs to be done. The WSA will send it's requests to the configured default gateway.

With an explicit upstream proxy, you will need to enter your Squid's IP and port (typically 80 or 8080) to be used. The WSA will send requests directly to the Squid proxy, as opposed to the default gateway.

Both of these options are configured under the Network tab -> Upstream proxy.

The only real difference between not using an upstream proxy and using a transparent upstream proxy, is that with the latter the WSA will forward internal credentials upstream to the squid (if the squid is doing authentication).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: