WCCP works on Cisco IOS routers, not firewalls (at least not PIX or
IPSO) so you would need a router before the firewall wall (or layer 3
switch device)
In a small network you can use the squid machine as a router and just
push all traffic through it. This will cause all port 80 traffic to go
through the squid service which will then run as a proxy, all other
traffic will be routed.
HTH
-----Original Message-----
From: Shane B. Milburn [mailto:milburn@panix.com]
Sent: 18 January 2005 21:26
To: Serg Belokamen
Cc: firewalls@securityfocus.com
Subject: Re: Squid proxy and cCheckPoint port forwarding.
It depends on your firewall hardware but I do know that Cisco has a
protocol (not sure if it's proprietary) called Web Cache Communication
Protocol (WCCP) that does just that. It listens on the router for the
port/protocol you defined and when it sees the packet it redirects it
to the proxy you have defined.
If your firewall supports this feature you could do that or if you have
Cisco routers you could setup the proxy before it gets to the firewall
and then just write a rule on the firewall to only allow web traffic
from the squid box to get out.
cheers,
-shane
--
Shane B. Milburn Email: milburn@panix.com
Sr Security & Network Engineer GPG Key ID: 9DA907DA
On Tue, 18 Jan 2005, Serg Belokamen wrote:
Hi All,
At my work, we are looking at deploying a Squid caching proxy to act
as
transperant proxy. To achieve this we thought to port forward all
port 80
traffic from the firewall to the proxy and let it take care of it.
The problem here is that I couldn't find any references to CheckPoint
being
able to port forward traffic...
Any help would be great.
Cheers,
Serg
