Re: Transparent proxying

[Luke Butcher <luke.butcher () alphawest com au>]

Hi jm,



On Thu, 2004-02-12 at 14:55, jm wrote:
> I'm trying to enable transparent proxying from a router or from a L3/4
> switch and after a day spent on Cisco, Extreme Networks and other Enterasys
> website I'm still completely clueless as to whether I need a $1,000 or a
> $15,000 box. Since obviously I would prefer the former, I'm relying on your
> advices.

You're going to need a L4+ type device, don't think you're going to be
able to do it in a Standard Cisco Router.

As for the type of device I know the old Alteon Ace Director 3's could
do it. I think the current line of Alteon/Nortel that does the job is
the Alteon Content Cache. I haven't personally tested this box, but
previous Alteon stuff I used was bulletproof.

In Cisco range you are looking at the content routers/engines. Smallest
one here is the Cisco 500 Content Engine. It should do the job for you
for basic proxying and small traffic loads.

The other box I'd recommend looking at is the f5 BigIP stuff. These can
do transparent proxying as well as much more. They tend to be more on
the pricey side however.

> In addition I need the router/switch to be remotely configurable from
my proxy server.

I am a little confused by this. When you say remotely configurable do
you mean just manage it from the proxy server? This should just be a
matter of allowing ssh or https through any firewalls/ACLs between the
"transparent proxy" and your proxy server. If you're talking about some
sort of automatic configuration by your proxy server this is a much
harder concept and would need further details.

Disclaimer: Alphawest is a reseller of all these devices however the
opinions expressed are my own experiences with the above devices.

Luke Butcher
Network/Security Consultant
www.alphawest.com.au


Alphawest Disclaimer

---------------------------------------------------------------------------
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster () alphawest com au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
---------------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards