Proxy Server & Firewall

[rcasta]

Hello,

Not that I am becoming paranoid or so, but could anyone advise me on what would be the best way of interconnecting these devices (Proxy Server, Firewall)?

I mean, when using a Proxy Server network hosts access Web services through it. Would it be sound putting the Proxy Server on the DMZ side? Or just being behind the Firewall will do?

Scheme a.
LAN-------FW------Internet
|
|
Proxy Server

Schem b.
LAN-------FW------Internet
|
|
Proxy Server

Best regards,

 

[rn4it]

I would put the proxy in the DMZ, this way you have better control as to what accesses the Internet. For example, if you have a subnet that doesn't need to access the internet, just do the following. have a rule where anyone talking directly to the FW drop, except FWadmin. Then have a rule where the subnet that is allowed to access the internet is allowed to talked to the proxy. Finally a rule that allows the proxy to talk to the internet using specified ports.

 

[rcasta]

Thank you !

best regards,