need help with branch proxy config

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

We have 4 facilities each with a cable ISP connection to the outside
world. Hardware firewall at each branch. Currently, we have a proxy
server located at each branch. We would like to consolidate. One proxy
for all. Questions: 1. What is a good config or arrangement (VPN,
tunnel, IP forwarding) to make this happen network wise? 2. Would
there be a performance lag with the workstations going outside to proxy
versus the current setup? 3. We are not a bank but would like to
be reasonably secure; any suggestions here? thanks in advance - Bill
 
Uzytkownik "Bill said:
We have 4 facilities each with a cable ISP connection to the outside
world. Hardware firewall at each branch. Currently, we have a proxy
server located at each branch. We would like to consolidate. One proxy
for all. Questions: 1. What is a good config or arrangement (VPN,
tunnel, IP forwarding) to make this happen network wise? 2. Additional intWould
there be a performance lag with the workstations going outside to proxy
versus the current setup? 3. We are not a bank but would like to
be reasonably secure; any suggestions here? thanks in advance - Bill

Bill,
On the very beginning sorry for my engliash, I'm from Poland :)
Does Your company has the same ISP in every branch? if not, interconections
beetwen ISPs can be the bottleneck. If this is the case, You may encounter
lags.
But what seems to be the worst, is using the same "Internet Link" in HQ to
accept VPN connections AND provide internet connection for all branches -
the link will accept the request, put it into proxy, and send it to the net.
The data will mcome via this link into proxy, and back through this link to
the branch office. No sense to me.
IMHO there are 2 ways You can go :
1) Separated connections between branches (leased lines) , AND additional
Internet connection in HQ. Like 1Mb/s from branch to HG (each!) and 2Mb/s
Internet Link, or so (don't know the needs for bandwidth). COSTS LIKE A
HELL.
2) Let the branches have separate Internet connections with proxies, but
keep the security\configuration consolidated all over the company. - less
costly.

Send us the comment on what You think :)

Tomasz Plebanski
 
Thanks Tomasz - We do have the same ISP at all branches; but due to
some higher level application needs - I discovered we would have to
keep the local proxy to keep the application running. Therefore, we
will not consolidate here. Thanks for your suggestions - Bill
 
Back
Top