General discussion

Locked

MS Proxy 2.0 Deployment

By Kurt G ·
I have a WinNT 4.0 network that connects to the Internet via a T1 line. I have loaded MS Proxy 2.0 on a WinNT 4.0 Server and I want to use it to cache web pages and provide basic firewall protection. However, I am unsure of where to place this server. The T1 goes through the CSU/DSUs then into an unmanaged hub (and from there to a primary switch/router). Previously, I had a content-filtration server on this hub and it worked beautifully. In this case, my Proxy Server is multi-homed and I need to force all traffic through the Proxy. So, will it work simply connected to this hub? Or, do I have to bypass the hub and connect one NIC to the LAN and one to the WAN?

HELP!

Thanks,
Kurt G.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

MS Proxy 2.0 Deployment

by it In reply to MS Proxy 2.0 Deployment

This is not meant to be an authoritative response...

My preference is to use one NIC as the only point of contact to the outside world. So, I connect my external point (router, gateway, server, whatever) only to my external NIC on my proxy server. I do not permit a hub, switch, etc. to connect in between these points as it makes it that much easier to bypass this point on the network. I will then use the internal NIC and connect that to the hubs/switches that provide the access to the rest of the organization.

Collapse -

MS Proxy 2.0 Deployment

by Kurt G In reply to MS Proxy 2.0 Deployment

Thank you...

Collapse -

MS Proxy 2.0 Deployment

by jvohs In reply to MS Proxy 2.0 Deployment

Private<-->Proxy<-->Internet
The Proxy must be between the private and public networks. Anything that needs to be protected by Proxy should probably have private IP addresses, atleast they don't need to be real. Any machines connected to the samenetwork as the external NIC on the Proxy is live on the Internet. If your network is not already segmented, and that is why you are adding Proxy, don't plug it in until you split the private and public networks. Most machines will probably be private, so I would say plug into the hub with the external NIC, and put the default gateway there also. Only place the machines that you will leave unprotected plugged into that hub. The internal NIC would then be the entrypoint for the internal network. Don't use default gateway on the internal machines, Proxy will handle that. Any other internal networks will have to use specific routes added to the proxy machine's route table. There cannot be two default gateways or Proxy will drop connections occasionally. Hope this helps :).

Collapse -

MS Proxy 2.0 Deployment

by Kurt G In reply to MS Proxy 2.0 Deployment

Thank you very much!

Collapse -

MS Proxy 2.0 Deployment

by Kurt G In reply to MS Proxy 2.0 Deployment

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums