need help with branch proxy config

B

Bill

We have 4 facilities each with a cable ISP connection to the outside
world. Hardware firewall at each branch. Currently, we have a proxy
server located at each branch. We would like to consolidate. One proxy
for all. Questions: 1. What is a good config or arrangement (VPN,
tunnel, IP forwarding) to make this happen network wise? 2. Would
there be a performance lag with the workstations going outside to proxy
versus the current setup? 3. We are not a bank but would like to
be reasonably secure; any suggestions here? thanks in advance - Bill
 
T

Tomasz Plebanski

Uzytkownik "Bill said:
We have 4 facilities each with a cable ISP connection to the outside
world. Hardware firewall at each branch. Currently, we have a proxy
server located at each branch. We would like to consolidate. One proxy
for all. Questions: 1. What is a good config or arrangement (VPN,
tunnel, IP forwarding) to make this happen network wise? 2. Additional intWould
there be a performance lag with the workstations going outside to proxy
versus the current setup? 3. We are not a bank but would like to
be reasonably secure; any suggestions here? thanks in advance - Bill
Click to expand...

Bill,
On the very beginning sorry for my engliash, I'm from Poland :)
Does Your company has the same ISP in every branch? if not, interconections
beetwen ISPs can be the bottleneck. If this is the case, You may encounter
lags.
But what seems to be the worst, is using the same "Internet Link" in HQ to
accept VPN connections AND provide internet connection for all branches -
the link will accept the request, put it into proxy, and send it to the net.
The data will mcome via this link into proxy, and back through this link to
the branch office. No sense to me.
IMHO there are 2 ways You can go :
1) Separated connections between branches (leased lines) , AND additional
Internet connection in HQ. Like 1Mb/s from branch to HG (each!) and 2Mb/s
Internet Link, or so (don't know the needs for bandwidth). COSTS LIKE A
HELL.
2) Let the branches have separate Internet connections with proxies, but
keep the security\configuration consolidated all over the company. - less
costly.

Send us the comment on what You think :)

Tomasz Plebanski
 
B

Bill

Thanks Tomasz - We do have the same ISP at all branches; but due to
some higher level application needs - I discovered we would have to
keep the local proxy to keep the application running. Therefore, we
will not consolidate here. Thanks for your suggestions - Bill
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Residential ISP VPN Provider 0
vbscript to change IE Proxy 7
Command line argument to disable the proxy/auto config script in I 1
DNS problems on W2K server with MS Proxy installed 5
Sites and services help 2
I need help with a logon script 3
Network Security / Virtual Private Networks 3
Network Security For 2009 2

Top