[squid-users] Watchguard firewall behind SQUID and the internet

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Nov 13 07:20:33 UTC 2015

On 12.11.15 18:59, christian.bufacchi at kemone.com wrote:
>We have implemented a SQUID proxy between our clients and a Watchguard
>firewall, the which contains user access rules based on our MS Active
>So we currently have the following flow : Client => SQUID proxy =>
>Watchguard => Internet.

>At the moment, the Watchguard only receives (sees) the IP address of the
>SQUID server. No information from the client is forwarded. The clients are
>currently able to access the Internet thru the Firewall because we have
>the access to this IP adress.
>We would like the SQUID server to forward the client user ID (MS Windows
>profile) to the Watchguard in order to apply more specific and detailed
>access rules that have been defined in the Watchguard at user level.

I think it would be better to change the processing:
clients => watchguard => squid.

This should help in situations where access rules change so squid wouldn't
cache "denied" pages. I could also help setting up different rules for
different users and/or different times. 

Also, watchguard would see clients.

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

More information about the squid-users mailing list