Lets say , I have a DMZ located between Firewall number one facing the Internet and the Firewall number 2 facing the Intranet. I want to add a proxy server (if possible to evaluate two different scenarios of forward proxy and reverse proxy) to this configuration, where should the proxy server be added?
-
Proxy Server
-
As always, context determines the location of the proxy server in the environment you've presented:
- for example, If you're wanting to insure that web-servers residing in your DMZ are protected from internet clients connecting to the web-servers, then the proxy is in the DMZ. This would also be a reverse proxy.
- in another example, if you're needing to protect internal LAN clients connecting to internet by passing only through proxy, then you can put it on the internal side of the number 2 firewall. This will insure that the proxy server is the only traffic through to the internet. If a client tries to connect, for instance, over port 22 to a device, the firewall 2 would stop it.
- if you wanted to proxy all internet traffic as it comes into the LAN, then you could place it in front of firewall 1. This would become the only path into the LAN, firewall burns all other traffic attempting another connection. Another way to reverse proxy. I'm not sure of the real world application for this one...but it is possible.
So again, it is dependent upon the cause as to where you would place the proxy server and not so much just a set topology.
