Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
4
Replies

How to make PIX to redirect incoming http traffic to a proxy server?

lehpoh
Level 1
Level 1

‎08-27-2003 09:24 AM - edited ‎02-20-2020 10:57 PM

How to configure PIX such that it redirect incoming http traffic to a internal proxy server?

Thanks.

0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎08-27-2003 09:56 AM

Hi -

Q. Are you filtering ALL internet browsing via the proxy server, Is the proxy server a MS ISA?

Can you please post your PIX config here or if you like to me at noc1@vodafone.net (Please change passwords + inside IP's)

Also, which PIX IOS are you running.

Thanks - Jay

0 Helpful

bdube
Level 2
Level 2

‎08-27-2003 12:19 PM

Since you are asking the question, i suppose your proxy isn't MS-ISA which the redirection is done on each station.

What you call, incoming HTTP traffic is, in term of PIX, outgoing HTTP connection. PIX supports Websense & Bess's N2H2 filter products, in those case redirection is done with url-server + filter url commands.

The question, is those commands are compatible with other proxy boxes ? I don't know. Hope someone else will respond to this one.

Otherwise, you will be obliged to redirect traffic with a layer 7 switch.

Regards,

Ben

0 Helpful

ovt
Level 4
Level 4
In response to bdube

‎08-28-2003 07:50 AM

This is not possible.

Also, "filter url" doesn't do HTTP redirection, it sends an URL to the URL-filtering server (Websense/N2H2). The original HTTP request is sent to the Internet in parallel to this filtering request.

Oleg Tipisov,

REDCENTER,

Moscow

0 Helpful

plemieux72
Level 1
Level 1
In response to ovt

‎08-29-2003 01:49 AM

In this month's Windows & .NET magazine, there was an MS publication called something like "Security Advertising/Special Report". Unfortunately, I did not keep it. However, there was a few design examples where you would only have one host in the DMZ which would be a MS ISA 2000 proxy server. It did not specify that the firewalls were Cisco (or any other).

If I remember correctly, ALL traffic was directed to the proxy server for layer 7 filtering. In turn, the packets were sent to the appropriate HTTP server which resided in the inside subnet. This way, it was easy for the internal HTTP servers to access other internal RDBMS servers since all were together. I think an IPSec tunnel was also an option to secure traffic from the DMZ proxy server to any server inside.

The benefits of this were that you only have one bastion host to configure and the solution took care of filtering all the way up to the application layer.

This may be what the initial question was???

Regardless, did any of you keep this special report? What do you think about this design?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card