Security Basics mailing list archives
RE: Should proxy have one interface or two
From: Сергей Цапок <obilion () gmail com>
Date: Tue, 15 Jul 2008 09:38:12 +0300
In our enterprise we use Microsoft ISA 2006 as proxy only to grant users access to the Internet on Active Directory basis and do content-filtering and black/white URL filtering. It only has one network interface, access to the Internet itself is based upon Cisco ASA which does NAT to outside world only for ISA's IP address. It works fine except for different exotic cases such as allowing active FTP (as far as I understood after reading TechNet, you can do active outside FTP with two network interfaces). Sergey -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gleb Paharenko Sent: Friday, July 11, 2008 3:09 PM To: security-basics () securityfocus com Subject: Should proxy have one interface or two Hi, list. In many network designs web proxy server has two interfaces. One is for internal clients, second is outgoing interface for proxy. Why it is not use one interface both for incoming requests from users and for outgoing requests from proxy? Of course this interface should be in separate subnet with firewalled control on it and it should be SNATed as well. Hope I clearly describe my question, of why it is better to have two interfaces in different subnets for web-proxy. -- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com http://www.linkedin.com/in/gpaharenko
Current thread:
- Should proxy have one interface or two Gleb Paharenko (Jul 11)
- Re: Should proxy have one interface or two ॐ aditya mukadam ॐ (Jul 14)
- Message not available
- Re: Should proxy have one interface or two ॐ aditya mukadam ॐ (Jul 14)
- Message not available
- Re: Should proxy have one interface or two ॐ aditya mukadam ॐ (Jul 14)
- RE: Should proxy have one interface or two Сергей Цапок (Jul 15)
- Re: Should proxy have one interface or two Gleb Paharenko (Jul 15)