Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: pix and transparent proxy

from [Andrew Shore] Network Security [Permanent Link]
Subject: RE: pix and transparent proxy
Date: Mon, 3 Apr 2006 13:12:11 +0100 
Firstly for the sake of argument( in this case) the PIX=ASA so that's
not an issue.

The PIX or ASA version 5/6/7 will not do what you want.

The best way to do this is to use WCCP which is a protocol for
redirecting web traffic to transparent proxies, you would need to sit a
router in front of the firewall before the client to do this. Another
way is to use a linux based proxy as a router between the client and
firewall and use IPTABLE to readdress the packets into a local process
such as squid (this only really works for smallish networks thought <50
users)

WCCP is supported by most of Cisco's layer 3 switches so you may be able
to do it that way too.

-----Original Message-----
From: Meidinger Chris [mailto:chris.meidinger@badenIT.de] 
Sent: 03 April 2006 11:21
To: Andrew Shore; A@B.COM; firewalls@securityfocus.com
Subject: RE: pix and transparent proxy

Hi Andrew,

as far as I can tell, you're right. That config has nothing to do with
transparent caching.

Also it's for an ASA and not a PIX :(

Imran: I know of no way that you can use a 501 for transparent caching.
It's got 16 megs of ram, about 11-12 of which is taken when it's on
load. Where should the cached files be stored??

If you are thinking of a setup like:

Client
  |
  |
  |
PIX---Proxy Server
  |
  |
  |
Internet

Where web requests are sent transparently to the proxy server, you can't
do it on a 501. The PIX v. 6.x will *not* turn a packet around on one
interface and route it back out. With only two interfaces on a 501 (one
of which is the 4-port switch) you are out of luck on that one.

Cheers,

Chris 


-----Original Message-----
From: Andrew Shore [mailto:andrew.shore@holistic.it] 
Sent: Friday, March 31, 2006 4:51 PM
To: A@B.COM; firewalls@securityfocus.com
Subject: RE: pix and transparent proxy

This just enables the web interface for all internal users. Whats this
got to do with transpatent proxy? Or have I missed part of 
this thread!

-----Original Message-----
From: A@B.COM [mailto:A@B.COM] 
Sent: 25 March 2006 17:32
To: firewalls@securityfocus.com
Subject: Re: pix and transparent proxy

READ THE MANUAL... :-)
interface Ethernet1 
      nameif inside 
      security-level 100 
      ip address 192.168.1.1 255.255.255.0 
http server enable 
http 0.0.0.0 0.0.0.0 inside
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: pix and transparent proxy, Meidinger Chris
Next by Date:  Re: pix501 (6.3) question, dabance
Previous by Thread:  Re: pix and transparent proxy, Imran Imtiaz
Next by Thread:  Re: pix and transparent proxy, Imran Imtiaz
Indexes:  [Date] [Thread] [Top] [All Lists]