Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

firewall connections for internet

Hi all, when allowing internet connections from my work proxy server, would I just allow outbound, port 80, 443, and dns queries from anywhere ?

3 REPLIES
New Member

Re: firewall connections for internet

Carl,

Best practices when running your LAN on proxy

are:

CLIENT portion:

1. All clients IE configured with Proxy IP

and allowed to reach Proxy only for

HTTP/S, FTP and possible other protocols

that can be supported by proxy

2. All DNS clients query local DNS server

only to get external names resolved

Firewall:

1. Only Proxy allowed out for HTTP/S, FTP

and other protocols used by clients

against proxy

2. Only DNS server allowed out for name

queries and zone transfers (TCP/UDP:53)

Having setup above implemented will allow

you to have you clients to go to the Internet through the Proxy only and at the same time Proxy will have connectivity to

serve the clients.

HTH,

OW

*Please rate all usefull posts

New Member

Re: firewall connections for internet

is it best to place the proxy in the dmz or the lan ?

New Member

Re: firewall connections for internet

It is best to have proxy on the same

subnet of internal interface of the

firewall (LAN), this way you need to cross firewall only once on a way out.

HTH,

OW

* Plz rate all useful posts

129
Views
0
Helpful
3
Replies
CreatePlease to create content