https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968274#M941582 <HTML><HEAD></HEAD><BODY><P>May I ask what type of proxy you have in your</P><P>environment? </P><P></P><P>Most enterprise environment uses either:</P><P></P><P>1- MS ISA with load-balancer such as F5 BigIP</P><P>in front to load balance http/https traffics,</P><P></P><P>2- BlueCoat,</P><P></P><P>3- Squid Proxy (Most MSSPs will use this</P><P>because it's free),</P><P></P><P>Microsoft ISA and Bluecoat work with URL </P><P>filtering such as websense or N2H2 quite well.</P><P>To my knowledge, ISA and Bluecoat support</P><P>WPAD.</P><P></P><P>CCIE Security</P></BODY></HTML> Sun, 02 Mar 2008 23:58:47 GMT cisco24x7 2008-03-02T23:58:47Z https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968271#M941577 <P>Hi All,</P><P></P><P>Is there such a thing as redirecting certain ports (for example, port 80) from ASA to a certain IP address that is a proxy server? What I am trying to do is to implement a transparent proxy server in our internal network. The flow is in a such a way that nothing internally change until outbound TCP 80 hits the firewall, then got redirected to the proxy server and go out. Not sure if ASA can do that? If not, how do one go about to implement a transparent proxy server while the firewall is ASA? (hardcode proxy server info on users browsers is not something I want to do for lots of other reasons).</P><P>Any help/advice is appreciated.</P><P></P> Mon, 11 Mar 2019 12:11:15 GMT https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968271#M941577 ewong0088 2019-03-11T12:11:15Z https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968272#M941578 <HTML><HEAD></HEAD><BODY><P>I've been trying to get this scenario to </P><P>work with Pix and squid proxy server since</P><P>Pix OS version 6.2. To my knowledge, it is</P><P>NOT possible. </P><P></P><P>Other firewall vendors such as checkpoint </P><P>supports transparent proxy. If your firewall</P><P>is a freeware, linux iptables is perfectly</P><P>suitable for this.</P><P></P><P>The other alternative solution is that you</P><P>do NOT have to hardcode proxy server info</P><P>into users browsers. If you use Microsft</P><P>ISA proxy server, you can use Web Proxy </P><P>Auto Discovery (WPAD) that will make ALL </P><P>web traffics to hit the ISA server. There</P><P>is nothing to configure on the users </P><P>browsers. </P><P></P><P>Squid (proxy server on linux) also supports</P><P>WPAD as well, if I am not mistaken.</P><P></P><P>CCIE Security</P></BODY></HTML> Sun, 02 Mar 2008 18:29:07 GMT https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968272#M941578 cisco24x7 2008-03-02T18:29:07Z https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968273#M941580 <HTML><HEAD></HEAD><BODY><P>Thank you. It never comes across my mind that PIX/ASA can't do that while I am doing that each and everyday via ipchains and iptables. In the past, in a PIX/ ASA environment using Websense or N2H2 (cisco supports these two vendors for redirection) I don't have to worry about it. ANd now, changing vendor (I am having a proxy not because I want one, the proxy is doing filtering) and I am stuck. WPAD won't work with the new proxy server. Hmmm...the last thing I can try is bridging. </P></BODY></HTML> Sun, 02 Mar 2008 23:20:29 GMT https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968273#M941580 ewong0088 2008-03-02T23:20:29Z https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968274#M941582 <HTML><HEAD></HEAD><BODY><P>May I ask what type of proxy you have in your</P><P>environment? </P><P></P><P>Most enterprise environment uses either:</P><P></P><P>1- MS ISA with load-balancer such as F5 BigIP</P><P>in front to load balance http/https traffics,</P><P></P><P>2- BlueCoat,</P><P></P><P>3- Squid Proxy (Most MSSPs will use this</P><P>because it's free),</P><P></P><P>Microsoft ISA and Bluecoat work with URL </P><P>filtering such as websense or N2H2 quite well.</P><P>To my knowledge, ISA and Bluecoat support</P><P>WPAD.</P><P></P><P>CCIE Security</P></BODY></HTML> Sun, 02 Mar 2008 23:58:47 GMT https://community.cisco.com/t5/network-security/asa5520-and-proxy-server/m-p/968274#M941582 cisco24x7 2008-03-02T23:58:47Z