Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Basic - Proxy Server/Router/Firewall
- Thread starter Murugs
- Start date
A proxy server is used to limit the amount of traffic that goes out over your WAN connection, so you should see speed improvements when using one, if users typically all access similar websites. It can also be used to limit what sites users are allowed to access - although this is not the main role of a proxy server, it's a feature that proxy servers tend to include.
Basically imagine you have 1000 users, and 500 of them want to go to to do a search. If you haven't got a proxy server, all 500 will request a download of the main yahoo page from yahoo.com, and so that page will be downloaded 500 times. If you have a proxy server, users request the proxy server downloads it once, and then keeps a cached copy, which it gives to the other 499 users who requested the page. So your WAN connection is only accessed once to download the page, the other users get the copy direct from the proxy server. As your WAN connection is typically your bottleneck, this means less traffic goes out to the WAN, which improves download speed for the traffic that does have to go out.
That's basically the role of a proxy server.
Basically imagine you have 1000 users, and 500 of them want to go to to do a search. If you haven't got a proxy server, all 500 will request a download of the main yahoo page from yahoo.com, and so that page will be downloaded 500 times. If you have a proxy server, users request the proxy server downloads it once, and then keeps a cached copy, which it gives to the other 499 users who requested the page. So your WAN connection is only accessed once to download the page, the other users get the copy direct from the proxy server. As your WAN connection is typically your bottleneck, this means less traffic goes out to the WAN, which improves download speed for the traffic that does have to go out.
That's basically the role of a proxy server.
- Thread starter
- #3
Thx for the answer.
Okay...I have windows 2000 server.
My setup is Internet T1 - router - firewall - W2K PDC - Windows Clients.
My earlier post in this forum was how do I setup firewall syslogging to monitor machines and gurus helped me with answer. As I get from your post that we can restrict access to websites using a proxy server. I guess I can use firewall with proxy server to achieve my objectives..gearing up for the fun already
My questions with proxy server
1)Do I have some proxy server which comes with win2k.
2)Is it possible to restrict websites access thru some keywords like porn etc..
3)Before accesing internet can users use enter a password so that certain people can only use the internet.
4)Also If I go and set some proxy server in my w2k machine,do I need to go to each and every user desktop and set the Proxy server settings in Internet Explorer Options.
Suggest some good proxy servers..
regards
Muru
Okay...I have windows 2000 server.
My setup is Internet T1 - router - firewall - W2K PDC - Windows Clients.
My earlier post in this forum was how do I setup firewall syslogging to monitor machines and gurus helped me with answer. As I get from your post that we can restrict access to websites using a proxy server. I guess I can use firewall with proxy server to achieve my objectives..gearing up for the fun already
My questions with proxy server
1)Do I have some proxy server which comes with win2k.
2)Is it possible to restrict websites access thru some keywords like porn etc..
3)Before accesing internet can users use enter a password so that certain people can only use the internet.
4)Also If I go and set some proxy server in my w2k machine,do I need to go to each and every user desktop and set the Proxy server settings in Internet Explorer Options.
Suggest some good proxy servers..
regards
Muru
1) No proxy server ships with win2k, unless you have 2kSBS, in which case ISA server comes with it, and will function as a proxy/caching server with some semblance of url filtering. It's also a software firewall. Personally speaking I'd not consider it as a firewall, as it's no substitute for a PIX, and if it's behind a PIX, it's redundant.
2) Some proxies will allow you to do filtering on keywords, or specific urls, or content in the page etc, some won't. Websense will, and will integrate well with a pix, as will N2H2's offering. Your PIX can be configured to forward all web requests to them for filtering.
3) This can be done by putting users into, or taking them out of the Back Office internet users security group in windows 2000. Basically when they log on they get rights or get denied the right to access the internet. You could also set up http authentication on the PIX, and install IAS to act as a RADIUS server, to prompt users for a password to access the internet, although I can't think how that would be much advantage in the situation you're describing ...
4) You can roll this out with logon scripts in user profiles, with a batch file. Assuming they are dhcp clients you also point their gateway towards the lan address of your multi-homed 2k server, and only allow traffic out the pix that originates from the "wan" address of the 2k server. ie,
Router - PIX - Server - Users
2) Some proxies will allow you to do filtering on keywords, or specific urls, or content in the page etc, some won't. Websense will, and will integrate well with a pix, as will N2H2's offering. Your PIX can be configured to forward all web requests to them for filtering.
3) This can be done by putting users into, or taking them out of the Back Office internet users security group in windows 2000. Basically when they log on they get rights or get denied the right to access the internet. You could also set up http authentication on the PIX, and install IAS to act as a RADIUS server, to prompt users for a password to access the internet, although I can't think how that would be much advantage in the situation you're describing ...
4) You can roll this out with logon scripts in user profiles, with a batch file. Assuming they are dhcp clients you also point their gateway towards the lan address of your multi-homed 2k server, and only allow traffic out the pix that originates from the "wan" address of the 2k server. ie,
Router - PIX - Server - Users
- Status
Similar threads
- Locked
- Question
- Locked
- Question