Hi
You should use URI resources with rule and under policy/global props find
security server and look at http next proxy.
FW-1 is only 'virtual' proxy and forwarding traffics to Squid. You must use
transparent config in Squid, because FW-1 can't manipulated http headers in
this case. Look at manual, phoneboy etc more info.
http://www.deathstar.ch/security/fw1/Properties/FAQ0069.htm
-- Riku
----- Original Message -----
From: "Shane B. Milburn" <milburn@panix.com>
To: "Serg Belokamen" <sergb@tpg.com.au>
Cc: <firewalls@securityfocus.com>
Sent: Tuesday, January 18, 2005 11:25 PM
Subject: Re: Squid proxy and cCheckPoint port forwarding.
It depends on your firewall hardware but I do know that Cisco has a
protocol (not sure if it's proprietary) called Web Cache Communication
Protocol (WCCP) that does just that. It listens on the router for the
port/protocol you defined and when it sees the packet it redirects it
to the proxy you have defined.
If your firewall supports this feature you could do that or if you have
Cisco routers you could setup the proxy before it gets to the firewall
and then just write a rule on the firewall to only allow web traffic
from the squid box to get out.
cheers,
-shane
--
Shane B. Milburn Email: milburn@panix.com
Sr Security & Network Engineer GPG Key ID: 9DA907DA
On Tue, 18 Jan 2005, Serg Belokamen wrote:
Hi All,
At my work, we are looking at deploying a Squid caching proxy to act as
transperant proxy. To achieve this we thought to port forward all port
80
traffic from the firewall to the proxy and let it take care of it.
The problem here is that I couldn't find any references to CheckPoint
being
able to port forward traffic...
Any help would be great.
Cheers,
Serg
