If i have PIX 515 i need MS PRoxy in my LAN?

[DSOFT]

Hi:

I have the following configuration:

INTERNET<--->CISCO PIX 515<--->MS PROXY SERVER 2.0<--> PC WITH PROXY CLIENT

I use in the Proxy 2.0 Server the WinSock and Web Proxy services, and in the PIX i have ALL the services to the outbound (internt) open, its this config right? is secure? anny ideas?

Thanks!!


Desa

 

[webnetwiz]

I got rid of my Proxy server. It's no longer needed, in my view.

 

[scothaniel]

It depends, are you looking to authenticate users? Since the PIX does not have any proxy capabilities, you will need a proxy or radius server to authenticate. Then you can set your access list to only allow web requests from the proxy to access the internet, making all users login and get logged.

 

[yizhar]

HI.

It depends on your needs and future planning.

Using the proxy with the pix can provide higher security, but I recommend using the proxy as a HTTP proxy only,
i.e. removing the MSP client from workstations, and using only proxy configuration on the browser settings.
Then, in the PIX, allow outbound access to the proxy and other servers only, and add to this direct access to interet only from workstations that need it.

This is, however, one of many options, each with advantages and disadv.

If you want to remove the proxy to reduce load from the server, or reduce management overhead, that's ok also.

In any case, remember that it is important to backup data, patch all servers with latest fixes, use an updated anti virus, block dangerous email attachments, use strong passwords, etc...
in addition to firewall protection.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar