[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Proxy and Intranet + FireWall

To: "'fw-1 listserv'" <[email protected]>
Subject: RE: [FW1] Proxy and Intranet + FireWall
From: Mike Glassman - Admin <[email protected]>
Date: Mon, 14 May 2001 13:41:01 +0200
Sender: [email protected]

Thanks to all those that answered.

Seems as tho the effect will be minimul and not as bad as I wanted.

My whole issue here being that I wanted to maintain the fact that the proxy
servers loggin retains the origionating Users info and not the Intranet
info, so we'll see how it goes.

One of the aspects I have worked out is that if we set it so that the
Intranet server only answers requests back to the users browser, there'll be
no problem, but if the Intranet server is set to origionate pages, as in
browse "for the user" then I'll have a problem. So I defined my needs to the
programers and we'll see what happens.

Thanks again all,

Mike

> -----Original Message-----
> From:	Newsgroups [SMTP:[email protected]]
> Sent:	� ��� 14 2001 13:05
> To:	'Mike Glassman - Admin'
> Subject:	RE: [FW1] Proxy and Intranet + FireWall
> 
> Mike,
> 
> You can add the Intranet server to the same network as the proxy you have
> now. With just ONE nic. Then you let the browsers of the clients point to
> the intranet server, which in return forwards an Internet request to the
> proxy and thus to the Internet. 
> 
> The trick here is the fact that the Intranet server has only one nic, so
> you
> get all the logging you have had before. 
> 
> If this is not what you want, you can also keep the layout you have now
> (browsers pointing to the proxy) and add an extra routing to the proxy
> server. That depends on the proxy server you are using whether or not that
> it is supported.
> 
> By using the correct routing you can achieve this all.
> 
> Regards,
> 
> Marco Schelling
> 
> > ----------
> > From: 	Mike Glassman - Admin[SMTP:[email protected]]
> > Sent: 	Thursday,May 10, 2001 3:31 PM
> > To: 	'fw-1 listserv'
> > Cc: 	Mike Glassman - Admin
> > Subject: 	[FW1] Proxy and Intranet + FireWall
> > 
> > 
> > All,
> > 
> > Currently I have a setup where 99% of the users access the Internet via
> an
> > internal proxy, and only the proxy is allowed out to the Internet. The
> > proxy
> > server is hard-coded into the browsers and the users can't change it.
> > 
> > So the setting is :
> > 
> > Local-Net -> Proxy -> FireWall -> Internet
> > 
> > The company wants to add an Intranet server, and force the users to
> place
> > their favourites as well as browse from this server.
> > 
> > So the home page for all users will be the Intranet server, and they
> will
> > then click on links on their personalized home page, to surf the net.
> > 
> > So in effect it now becomes :
> > 
> > Local-Net -> Intranet-Server -> Proxy -> FireWall -> Internet
> > 
> > The wonderfull issue with my current situation, is that I can take logs
> > off
> > of the proxy server as to what each user is doing or has done.
> > 
> > In the new scenario (as far as I can see), I will no longer be able to
> see
> > individuals, but only the Intranet server in the proxy logs, and will
> have
> > no way of getting the data as to what the users really did.
> > 
> > I do not want to use transparent proxy for various reasons.
> > 
> > Am I right in my way of thinking on this ? or will the users actions
> still
> > be logged on the proxy dur to the fact that the user is still browsing
> off
> > of his machine, or am I right to think that only the Intranet server
> will
> > be
> > logged ?
> > 
> > If I'm right, is there some way to still see what each individual does ?
> > 
> > All thoughts appreciated, and more info can be added if needed in order
> to
> > assist with this.
> > 
> > Thanks,
> > 
> > Mike Glassman
> > System & Security Admin
> > Israeli Airports Authority
> > Ben-Gurion Airport
> > http://www.ben-gurion-airport.co.il
> > 
> > Tel : 972-3-9710785
> > Fax : 972-3-9710939
> > Email : [email protected]
> > 
> > Usage of this email address or any email address at iaa.gov.il for the
> > purpose of sales pitches, SPAM or any other such unwanted garbage, is
> > illegal, and any person, whether corporate or alone doing so, will be
> > prosecuted to the fullest possible extent.
> > 
> > 
> > 
> > 
> > 
> > 
> >
> ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
> > 
> 
> 
> ***************************DISCLAIMER***********************************
> Deze e-mail is uitsluitend bestemd voor de geadresseerde(n). 
> Verstrekking aan en gebruik door anderen is niet toegestaan.
> Fortis sluit iedere aansprakelijkheid uit die voortvloeit uit
> electronische verzending.
> 
> This e-mail is intended exclusively for the addressee(s), and may
> not be passed on to, or made available for use by any person 
> other than the addressee(s).
> Fortis rules out any and every liability resulting from any
> electronic transmission.
> ************************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: [FW1] License Features
Next by Date: [FW1] Dr Watson error "WIN32/netsod.exe"
Prev by thread: [FW1] Proxy and Intranet + FireWall
Next by thread: [FW1] VPN on two external FW-1 interfaces
Index(es):
- Date
- Thread