How to combinate SSG140 + Squid Proxy for access internet manage ???

  • Hello all,
    I have just configure squid proxy server and to combinate use PAC file, it’s work well together.
    Now i want to configure Firewall SSG 140 will redirect all HTTP,HTTPS to Squid proxy. May i know this configure ?? how to do ?? My network diagram as follow:

    Please kindly advice to me.
    Thanks and Best Regards.

  • Hv u solved this? We hv the same problem here.

  • Anyone may help me solve ??

  • Hi,
    Current on my SSG140 have 02 Policies
    1. From Trust to Untrust Any Any Permit
    2. From Untrust to Global <ip-public><ip-gateway>permit
    Now, i have just more created a policies as follows:
        3. From Trust to Untrust <ip-squid>any HTTP+HTTPS permit
    After that i’m start test that DISABLE the polices No 1.
    Result: –-> All local network cannot access internet, and squid also. Because IP’s squid is the same subnet with local network is 192.168.x.x
    So my question, how to control traffic in this case.
    Noted: Also, i need to check mail through POP3
    Please adv to me. thanks a lot.</ip-squid></ip-gateway></ip-public>

  • Global Moderator


    that’s any easy one. Since the squid is proxy it send out traffic with it’s own IP address. So this will work

    pol form trust to untrust <ip-squid>any HTTP+HTTPS permit
    pol from trust to intrust any any HTTP+HTTPS reject log

    Traffic from squid will hit rule one, any other rule two.
    Of course this must come before an permit all rule.</ip-squid>

  • Hi screenie,
    I had have this idea that mean will block all traffic HTTP,HTTPS except the squid proxy, but i don’t know how to do.
    May i know a few sample picture or steps
    thanks so much.

  • Global Moderator

    fastest way: block http from every source except the squid. users have to use the proxy this way. Otherwise (didn’t try) use policy based routing and route every http packet to the squid, except comming from there of course. Don’t know if the squid handles trafiic send to it this way ok. It’s worth a try though.

  • Anybody can help me ???
    I mean,  i want to deploy Squid proxy to manage access internet of staff in the company.
    Current all client access internet through firewall, so i want to all client must through Squid proxy. Any idea help me ??? anyway ???