Dear Rene & all,
I would like to know what is the best practice to place the proxy server in the network. I am having difficulties to decide where to place the proxy server (Kerio Control).
My current design is as attached. I want the traffics from Vlan 10 & 20 to go through proxy server where I am going to implement the content blocking & ACLs.
I am placing proxy server in between the firewall and internal switch. The proxy server will have two NIC cards, outside (Network A) & inside (Network B). So, the vlan 10 & 20 (internal) will be routed on proxy server inside and their gateway will be on proxy server. Network B will be natted with Network A and again Network A will be natted with wan ip address on firewall if the traffics is destined for internet. Is it normal practice ? Please suggest me.
Option 2 _1
I am placing proxy server in DMZ zone. So, the proxy server is only having one NIC, I am not sure how does it work in this case. I believe my proxy (Kerio Control) can’t achieve this design. I must have two NICs if I want to use Kerio proxy.
This might be silly design having two NICs on proxy server which is located in DMZ zone. I believe I could connect back to the outside zone on ASA instead of having a additional switch in outside zone. The logic is still the same so, please bare with me on this.
Please suggest me which option is the best and also feel free to recommend me if you have other options. Thank you so much to you all.