I'm having issues getting squid to send traffic through a specific upstream gateway.
I need for a MS WSUS server and a Symantec Endpoint Protection Manager to get through a squid proxy to get out to Microsoft and Symantec respectively to get MS patches and Symantec DAT files.
The traffic needs to go through the squid proxy, through a firewall, and through an upstream McAfee gateway server. If it tries to take a path different than that upstream gateway to get out to the internet, it'll get dropped.
However, once the traffic goes through the proxy, it tries to go directly to the vendor website and not go through the McAfee gateway, and therefore is getting blocked by the firewall. The traffic never reaches the McAfee gateway.
If I configure a browser to use the proxy server and browse to some websites, it can get to http sites, but not https sites. Port 443 is what isn't getting through.
I thought this line in squid.conf was supposed to send the traffic to an upstream cache_peer parent gateway, but I could easily be misunderstanding what its supposed to do. (I'm pretty new with squid)
cache_peer <upstream gateway IP address> parent 8080 3130 proxy-only no-query no-netdb-exchange default login=<username>:<password>
The Safe_ports and SSL_ports is the squid.conf default settings, and include both port 443 and port 80 traffic
Thanks,
PG
I should have mentioned - this is squid 3.3 running on Centos 7 .....
On 10/29/2016 3:37 PM, paul.greene.va wrote:
I'm having issues getting squid to send traffic through a specific upstream gateway.
I need for a MS WSUS server and a Symantec Endpoint Protection Manager to get through a squid proxy to get out to Microsoft and Symantec respectively to get MS patches and Symantec DAT files.
The traffic needs to go through the squid proxy, through a firewall, and through an upstream McAfee gateway server. If it tries to take a path different than that upstream gateway to get out to the internet, it'll get dropped.
However, once the traffic goes through the proxy, it tries to go directly to the vendor website and not go through the McAfee gateway, and therefore is getting blocked by the firewall. The traffic never reaches the McAfee gateway.
If I configure a browser to use the proxy server and browse to some websites, it can get to http sites, but not https sites. Port 443 is what isn't getting through.
I thought this line in squid.conf was supposed to send the traffic to an upstream cache_peer parent gateway, but I could easily be misunderstanding what its supposed to do. (I'm pretty new with squid)
cache_peer <upstream gateway IP address> parent 8080 3130 proxy-only no-query no-netdb-exchange default login=<username>:<password>
The Safe_ports and SSL_ports is the squid.conf default settings, and include both port 443 and port 80 traffic
Thanks,
PG
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
for SSL inception, SSLBump is required: http://wiki.squid-cache.org/Features/SslBump
This a bit complex to setup. SSL inception is not really good idea to implement.. I think it will not work with upstream proxy also.
-- Eero
2016-10-29 22:37 GMT+03:00 paul.greene.va paul.greene.va@verizon.net:
I'm having issues getting squid to send traffic through a specific upstream gateway.
I need for a MS WSUS server and a Symantec Endpoint Protection Manager to get through a squid proxy to get out to Microsoft and Symantec respectively to get MS patches and Symantec DAT files.
The traffic needs to go through the squid proxy, through a firewall, and through an upstream McAfee gateway server. If it tries to take a path different than that upstream gateway to get out to the internet, it'll get dropped.
However, once the traffic goes through the proxy, it tries to go directly to the vendor website and not go through the McAfee gateway, and therefore is getting blocked by the firewall. The traffic never reaches the McAfee gateway.
If I configure a browser to use the proxy server and browse to some websites, it can get to http sites, but not https sites. Port 443 is what isn't getting through.
I thought this line in squid.conf was supposed to send the traffic to an upstream cache_peer parent gateway, but I could easily be misunderstanding what its supposed to do. (I'm pretty new with squid)
cache_peer <upstream gateway IP address> parent 8080 3130 proxy-only no-query no-netdb-exchange default login=<username>:<password>
The Safe_ports and SSL_ports is the squid.conf default settings, and include both port 443 and port 80 traffic
Thanks,
PG
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Eero Volotinen -
paul.greene.va