Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations sizbut on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best position for Caching Server (Proxy)

Status
Not open for further replies.
DrGreen26

DrGreen26

MIS
Feb 23, 2000
430
US
I have a question and would like som input from you folks.

Where is the best place to put a Caching server? Hang it off the DMZ? Put it between the physical private network and the firewall? Put it on the other side of the firewall (on the publick network)?

If anyone can shed some light on this, i would appreciate it.

Thanks Mark C. Greenwood, CNE
m_jgreenwood@yahoo.com

With more than 10 years experience to share.
 
Sort by date Sort by votes
Is there a "best" place? I always thought it was a personal preference thing... We currently have out Stratacache box on the other side of the firewall (public side). But we're planning on moving it into the DMZ. I'd be interested in hearing some other views on this as well...
 
Upvote 0 Downvote
All of my installs of BM have it on the inside of the firewall (in most cases, it IS the firewall).

How you install it depends on your configuration prefrences.

In side firewall pros:
The server gets intergrated into your tree. This allows you to use proxy authentication to prevent unauthorized web usage. Allows you to create a log of who went were by NDS user ID.

In side firewall cons:
It's part of your tree, and will need a replica for proxy authentication.


Outside firewall pros:
You would have to place the server in it's own tree, so your typical configuration can be install and forget.

Outside firwall cons:
It would be, well, stupid to span your tree through the firewall, so the BM server would be in it's own tree. If you want to use proxy authentication, you have to enter user ID's for people authorized to use the net. Logging will be IP address based only, and if you use NAT, the log can be deamed useless. You would be better off getting a Volera cache server for this (it's a novell product).



In both cases, you want to use two NICs if you have a heavy web traffic. A single nic will get saturated.

Brent Schmidt CNE,Network + [atom]
Senior Network Engineer
Keep IT Simple [rofl]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Ailuin
  • Locked
  • Question
Best Residential proxy provider.
Replies
1
Views
701
AvivBes
AvivBes
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
640
Johnkite
Johnkite
jim_bmx
  • Locked
  • Question
sh proxy command
Replies
0
Views
639
jim_bmx
jim_bmx
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
577
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
785
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top