Proxy and Firewall : What a relationship of rules between them.

Matheus Paz

New Member
Hello everyone.
Next, in my corporate environment, I have a Squid proxy and a PfSense firewall.
My Squid is running perfectly and my PfSense is also in separate HOST. Each one with its respective IP.
The doubt is as follows, I have rules that release and deny certain sites.
I had the need to create a rule that blocks full access to a group called "noaccess". In Squid the rule is at the top of everything:
#ACL
acl noaccess external noaccess
...
#RULES
1. http_access deny noaccess
....

When accessing in the browser, setting proxy, because it is non-transparent, everything is virtually blocked, except the GMAIL and Banking Sites.

In my PFsense there are rules that grant access from any Source to the Aliases Destination that has several banking IPs and GMAIL sites.

I would like someone to explain to me the relationship between SQUID PROXY and a PFSENSE Firewall.

If I block a site in SQUID for everyone, and that same site is released in Firewall, which rule will be validated for the user?

Is there a priority type of rule enforcement?

I believe that maybe that's why even blocking in Squid, it gets to traffic, due to permission in Pfsense.Logo, is it necessary a "union" between Firewall and Proxy?

I hope you give me a light. LOL



Thanks in advance.
 


wizardfromoz

Super Moderator
Staff member
Gold Supporter
G'day @Matheus Paz and welcome to linux.org :)

I am moving this Thread to Security, where you may get the answers you seek.

Good luck

Chris Turner
wizardfromoz
 


Members online



Top