Proxy Server
In a basic network or any network i guess, where would a web proxy sit in relation to the default gateway, firewall?
If a client made a WWW request on the network, does this get directed straight to the web proxy defined in internet settings, or does go to the default gateway first then through a proxy?
If a client made a WWW request on the network, does this get directed straight to the web proxy defined in internet settings, or does go to the default gateway first then through a proxy?
Comments
-
SephStorm Member Posts: 1,731 ■■■■■■■□□□My understanding is that a proxy is generally within the network boundry, i.e behind the firewall. So your request goes to the proxy first, then the default gateway.
-
apr911 Member Posts: 380 ■■■■□□□□□□It depends on your network topology.
Your proxy will almost certainly sit behind the firewall for a number of reasons:
1. The firewall will provide some protection to the proxy.
2. Most proxies now days act as web accelerators and cache content. The cached content and connections to the web proxy will be inspected repeatedly and/or take up entries in the state table wasting CPU cycles if the proxy is placed in front of the firewall
3. Most networks use their firewall device to perform NAT so you would also be using a Translation slot for traffic that never needs to leave the network
Now more to your point about how traffic would be sent to the proxy, well even if the proxy is behind the firewall, it would still depend on the topology of the network. Many larger corporate offices use multiple subnets to ease the administration of the network and to ensure the correct access is granted or denied for specific users/groups.
To facilitate this they generally use some layer 3 switch or a router before passing traffic to the firewall so take the following network:
Lets assume you have two networks 10.0.0.0/24 and 192.168.0.0/24. You have a router that bridges the two networks.
If your firewall and proxy both exist in the 10.0.0.0/24 network segment, then hosts in the 192.168.0.0/24 segment would first go to their gateway (the router), forward on to the proxy, then on to the firewall and out to the internet.
On the other hand hosts in the 10.0.0.0/24 segment would be sent to the proxy, then on to the firewall and out to the internet.
So it all depends on the topology. The gateway and firewall are both just a part of that topology and their use or non-use is entirely dependent on where the request originated from and where it is going to.Currently Working On: Openstack
2020 Goals: AWS/Azure/GCP Certifications, F5 CSE Cloud, SCRUM, CISSP-ISSMP -
CodeBlox Member Posts: 1,363 ■■■■□□□□□□On our network it's right before the firewall (Internal). We actually have two(In geographically different locations) and one sits inline with all traffic while the other has traffic that is specifically directed to it (web traffic). So for the inline one the proxy setting doesn't need to be configured in IE because all network traffic goes through it while in the other case, we configure IE with the proxy server address.Currently reading: Network Warrior, Unix Network Programming by Richard Stevens