'Re: 1. HTTP-GW or SQUID 2. BUG IN GAUNTLET FW MANAGER INTERFACE? (fwd)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gauntlet-user
Subject:    Re: 1. HTTP-GW or SQUID 2. BUG IN GAUNTLET FW MANAGER INTERFACE? (fwd)
From:       muthu () wipsys ! soft ! net (G Muthukumar Wipro Systems 10964)
Date:       1997-11-08 3:29:44
[Download RAW message or body]

> > 	1. Restricting WWW access based on time of the day.
> 
> I think Squid can do this but its been a while.  You'd have to modify
> http-gw otherwise.  Time-based rules for proxy usage would be a useful
> feature in some situations.

	But I guess the http-gw does not support time based rules.

> > 	2. The Firewall should be able to distinguish the Intranet
> > WWW requests from the WWW requests for Internet sites (ie) it should
> > directly contact the intranet servers (in our backbone) and at the
> > same time, it should forward all the other requests to the site's
> > proxy server.
> 
> Clarification: is your Intranet backbone inside or outside of the
> firewall system?  I'm assuming it is inside... and that this is a
> company-wide firewall.

	The intranet backbone is OUTSIDE this Gauntlet firewall.

> You're running a proxy server _outside_ of the firewall?  Is it just a
> proxy server, or is it a caching proxy server?  If it is just a proxy,
> then why have two (Gauntlet and the external one)?  If it is a caching
> server (such as Squid/Harvest), you may want it inside the firewall.

	As I wrote, a certain department wants to protect itself further 
from the our intranet backbone (Probably a Gauntlet intranet firewall will
do, but we purchased Gauntlet internet firewall for this department). There is 
a proxy server (caching) outside this gauntlet firewall which is to be
used for internet access. This particular proxy server does not cache the 
contents of the intranet servers.

	Users inside the Gauntlet firewall should be able to access
both the intranet servers as well as the internet servers (for internet
servers via the proxy server)

> To your question... have you looked at the "No proxy for..."  settings
> on each _browser_?  Both Netscape and IE support disabling use of the
> proxy server for specific sites, including some wildcards.  This
> should do what you want, or you can try hacking up the http-gw code.

	I considered that option but it cannot be used because of the
following reason: Users inside this gauntlet firewall can access the
intranet as well as internet ONLY through this firewall. That is
why the requirement for differentiating the internet requests (which should
be forwarded to the proxy server) from the intranet requests (which can be
handled directly) 

	Hope I managed to explain my setup.

Thanks,
Muthu

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic