PDA

View Full Version : In need of a firewall that can perform reverse proxy



DarrylR
01-02-08, 11:01 PM
A friend of mine purchased an entry-level Linksys firewall/router for her
small business and discovered that the port forwarding doesn't quite meet
her needs. The router allows you to forward requests made to a specific port
to a designated machine behind the firewall (e.g. you can forward requests
to port 80 to a Web server). The limitation is that it can only forward a
given port to a single IP address. She would ideally like to forward
requests by host header (e.g. mail.mydomain.com) to different machines in
order to host Web apps (including an SSL-enabled OWA site) on different
servers. From what I've read, this is commonly known as reverse proxy.

I know that Microsoft's ISA Server can do this, but I was hoping to find a
network applicance that could handle it so that she doesn't have to dedicate
a box to the job. I did some research and found the following candidates
(although it's not actually clear that all of them perform reverse proxy):

Blue Coat ProxySG

Cisco Content Engine (or "Content Switch", or "Local Director) -- really not
sure which one, and awaiting a call from Cisco technical sales

SonicWall TZ190 or Pro 2040 -- awaiting call from technical sales rep to
confirm features

Has anyone had experience with these firewalls or any others that you'd be
willing to recommend?

Thanks in advance,
Darryl R.

Anthony
06-03-08, 04:48 AM
Darryl,
You don't need reverse proxy for that. You just need a router with a
slightly more capable firewall.
A standard Cisco or netgear router will do this. You need Access Lists that
control what traffic is allowed in, on what port, to what address. You also
need NAT to translate the internal server address to the public IP.
You can use ISA server, but it is much more expensive and capable than you
need for this purpose.
Reverse Proxy is something else. It acts as an intermediary between the
external browser and the internal service so there is no direct connection.
The traffic is rewritten by the proxy. You don't need that here,
Anthony


"DarrylR" <darrylr@nospam.com> wrote in message
news:5bCdnd8994DQ8eHanZ2dnUVZ_hqdnZ2d@comcast.com...
>A friend of mine purchased an entry-level Linksys firewall/router for her
>small business and discovered that the port forwarding doesn't quite meet
>her needs. The router allows you to forward requests made to a specific
>port to a designated machine behind the firewall (e.g. you can forward
>requests to port 80 to a Web server). The limitation is that it can only
>forward a given port to a single IP address. She would ideally like to
>forward requests by host header (e.g. mail.mydomain.com) to different
>machines in order to host Web apps (including an SSL-enabled OWA site) on
>different servers. From what I've read, this is commonly known as reverse
>proxy.
>
> I know that Microsoft's ISA Server can do this, but I was hoping to find a
> network applicance that could handle it so that she doesn't have to
> dedicate a box to the job. I did some research and found the following
> candidates (although it's not actually clear that all of them perform
> reverse proxy):
>
> Blue Coat ProxySG
>
> Cisco Content Engine (or "Content Switch", or "Local Director) -- really
> not sure which one, and awaiting a call from Cisco technical sales
>
> SonicWall TZ190 or Pro 2040 -- awaiting call from technical sales rep to
> confirm features
>
> Has anyone had experience with these firewalls or any others that you'd be
> willing to recommend?
>
> Thanks in advance,
> Darryl R.
>