By default, a firewall will block all ports; each needs to be configured to pass traffic for that service/protocol.
Move the web server to a DMZ and configure the firewall for access ... usually a static NAT is a minimum config.
Internet providers usually don't use proxies. They provide the pipe and (usually by contract) security is the responsibility of the end-user organization.
Given the setup you provide in point 11, the router should be set to filter/drop/ignore all inbound traffic to the LAN interface (by ACL on the LAN interface), unless it comes from the proxy (including pings). Make sure your clients are set to use the proxy.
The proxy probably also needs configuration that establishes what protcols to pass or filter (and log).
Start at the top and work your way back;
configure the router with a course filter to block the basic bad stuff (private IPs on the WAN, ping, etc), configure the firewall for the acceptable traffic to pass, setup the DMZ, move your webserver to the DMZ.
Then move to the proxy and configure acceptable traffic and logging policies.
Configure the DHCP server to provide the correct configuration to the clients for default gateway, proxy, DNS, etc.
I solved the problem. For now i bypassed the proxy and firewall by putting up a switch in between the router and firewall. My firewall has been assigned a private IP and i Think, for my server to have Public IP and at the same time to be behind the firwall also. MY firewall should have public IP too. Please confirm this.
The design is okay but better way to put web server is on private ip address. and putting firewall device at front on public ip address provides you better security. By default firewall block all ports you just need to allow your required ports. Additionally to implement server on private ip address range you can go for translation as well for internet browsing too.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...